PHP eval的限制 [英] Restrictions for PHP eval

问题描述

我有一些逻辑表达式需要评估.在将参数模板参数化后，这些表达式可能看起来像这样:

I have logical expressions that I need to evaluate. After some expresison template parametrized with its parameters, these expressions could look like this:

$expr1 = '1 or 0 and not(0 or 0)';
$expr2 = "'editor' == 'editor' and not(0 = 1) and 10 > 5";

因此，我需要处理数字，字符串文字以及逻辑和代数运算符以及它们之间的圆括号.

So, I need to handle numbers, string literals, as well as logical and algebraical operators and round brackets between them.

当使用PHP eval时，我还会得到一些不安全的不安全功能，例如系统函数调用等.

When using PHP eval I also get undesirable unsecured abilities, like system function call, and so on.

那么，有什么方法可以限制PHP评估，或者可能有更好的解决方案?

So, is there any way to restrict PHP eval, or may be there is some better solution?

谢谢！

推荐答案

好，我得到了另一个解决方案.我已经意识到我可以使用PHP DOMXPath :: evaluate来评估我的逻辑表达式.因此，我得到了一个有效的解决方案，该解决方案没有安全问题.我认为我的问题已经解决了:)

Ok, I got another solution. I've dawned that I can use PHP DOMXPath::evaluate to evaluate my logical expression. So, I got a working solution, which has no security issues. I think my problem is solved :)

这篇关于PHP eval的限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！