|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* \AppserverIo\Doppelgaenger\Utils\PhpLint |
|
5
|
|
|
* |
|
6
|
|
|
* NOTICE OF LICENSE |
|
7
|
|
|
* |
|
8
|
|
|
* This source file is subject to the Open Software License (OSL 3.0) |
|
9
|
|
|
* that is available through the world-wide-web at this URL: |
|
10
|
|
|
* http://opensource.org/licenses/osl-3.0.php |
|
11
|
|
|
* |
|
12
|
|
|
* PHP version 5 |
|
13
|
|
|
* |
|
14
|
|
|
* @author Bernhard Wick <[email protected]> |
|
15
|
|
|
* @copyright 2015 TechDivision GmbH - <[email protected]> |
|
16
|
|
|
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) |
|
17
|
|
|
* @link https://github.com/appserver-io/doppelgaenger |
|
18
|
|
|
* @link http://www.appserver.io/ |
|
19
|
|
|
*/ |
|
20
|
|
|
|
|
21
|
|
|
namespace AppserverIo\Doppelgaenger\Utils; |
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* Will provide a basic linting function for php code |
|
25
|
|
|
* |
|
26
|
|
|
* @author Bernhard Wick <[email protected]> |
|
27
|
|
|
* @copyright 2015 TechDivision GmbH - <[email protected]> |
|
28
|
|
|
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) |
|
29
|
|
|
* @link https://github.com/appserver-io/doppelgaenger |
|
30
|
|
|
* @link http://www.appserver.io/ |
|
31
|
|
|
*/ |
|
32
|
|
|
class PhpLint |
|
33
|
|
|
{ |
|
34
|
|
|
|
|
35
|
|
|
/** |
|
36
|
|
|
* Will remove any PHP start or end tags from the code. |
|
37
|
|
|
* |
|
38
|
|
|
* @param string $code The to strip from the tags |
|
39
|
|
|
* |
|
40
|
|
|
* @return mixed |
|
41
|
|
|
*/ |
|
42
|
|
|
protected function removePhpTags($code) |
|
43
|
|
|
{ |
|
44
|
|
|
return str_replace(array('<?php', '?>', '<?', '<?='), '', $code); |
|
45
|
|
|
} |
|
46
|
|
|
|
|
47
|
|
|
/** |
|
48
|
|
|
* Will check if code is PHP syntax conform. |
|
49
|
|
|
* |
|
50
|
|
|
* @param string $code The code to check for syntax errors |
|
51
|
|
|
* |
|
52
|
|
|
* @throws \Exception |
|
53
|
|
|
* |
|
54
|
|
|
* @return boolean |
|
55
|
|
|
*/ |
|
56
|
|
|
public function check($code) |
|
57
|
|
|
{ |
|
58
|
|
|
// Save the current error reporting level and set level to 0. |
|
59
|
|
|
// We would get errors shown to the use if we did not do that. |
|
60
|
|
|
$level = error_reporting(); |
|
61
|
|
|
error_reporting(0); |
|
62
|
|
|
|
|
63
|
|
|
try { |
|
64
|
|
|
// Eval the passed code inside a never entered if clause. |
|
65
|
|
|
// That way we can make sure to not execute any bogus code |
|
66
|
|
|
$result = eval('if (false){' . $this->removePhpTags($code) . '}'); |
|
|
|
|
|
|
67
|
|
|
|
|
68
|
|
|
// eval does not return true if there was no error, but we want to |
|
69
|
|
|
if ($result === null) { |
|
70
|
|
|
$result = true; |
|
71
|
|
|
} |
|
72
|
|
|
|
|
|
|
|
|
|
73
|
|
|
} catch (\Exception $e) { |
|
74
|
|
|
// Set the error reporting to the intended level and fail |
|
75
|
|
|
error_reporting($level); |
|
76
|
|
|
throw $e; |
|
77
|
|
|
} |
|
78
|
|
|
|
|
79
|
|
|
// Reset the error reporting level to the original value |
|
80
|
|
|
error_reporting($level); |
|
81
|
|
|
|
|
82
|
|
|
// Return our result |
|
83
|
|
|
return $result; |
|
84
|
|
|
} |
|
85
|
|
|
} |
|
86
|
|
|
|
appserver-io /
doppelgaenger
Loading history...
On one hand,
evalmight be exploited by malicious users if they somehow manage to inject dynamic content. On the other hand, with the emergence of faster PHP runtimes like the HHVM,evalprevents some optimization that they perform.