Skip to content

sjinks/php-disable-eval

BranchesTags

Repository files navigation

php-disable-eval

Build and Test Quality Gate Status

A PHP extension to disable eval() and create_function().

Installation

phpize
./configure
make
sudo make install

Then add

extension=disableeval.so

to your php.ini.

Configuration Options (php.ini)

  • disableeval.enabled (boolean, default On): whether to enable the extension.
  • disableeval.intercept_compile_string (boolean, default On): whether to use the zend_compile_string hook to detect the usage of eval().
  • disableeval.aggressive (boolean, default Off): whether to react to all evaluated code (even the one generated by extensions or SAPIs). Works together with disableeval.intercept_compile_string.
  • disableeval.mode (integer, default 1): what to do on a policy violation:
    • 1 (DISABLEEVAL_MODE_THROW): throw an ErrorException exception;
    • 2 (DISABLEEVAL_MODE_WARN): display a warning;
    • 3 (DISABLEEVAL_MODE_SCREAM): display a warning that cannot be suppressed with the @ operator;
    • 4 (DISABLEEVAL_MODE_BAILOUT): emit a fatal error and abort the script.

For security reasons, all options are PHP_INI_SYSTEM: that is, they can only be set in php.ini or httpd.conf.

About

Disable eval() and create_function() in PHP

Topics

php security php-extension eval

Resources

Readme
Activity

Stars

4 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Sponsor this project

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages