其他语言

本类阅读TOP10

·基于Solaris 开发环境的整体构思
·使用AutoMake轻松生成Makefile
·BCB数据库图像保存技术
·GNU中的Makefile
·射频芯片nRF401天线设计的分析
·iframe 的自适应高度
·BCB之Socket通信
·软件企业如何实施CMM
·入门系列--OpenGL最简单的入门
·WIN95中日志钩子(JournalRecord Hook)的使用

分类导航
VC语言Delphi
VB语言ASP
PerlJava
Script数据库
其他语言游戏开发
文件格式网站制作
软件工程.NET开发
Restricting PHP Function Calls from XSLT

作者:未知 来源:月光软件站 加入时间:2005-5-13 月光软件站

 

A quick post from Christian Stocker shows you how to only allow certain PHP functions to be called from within PHP

I just committed a patch to the xsl-extension of PHP, which makes it possible to only allow certain PHP functions to be called from within PHP. While registerPHPFunctions is (IMHO) a cool and useful feature, it can be pretty dangerous if your XSLT stylesheets do not come from a totally trusted source. But now in PHP 5.1 you will be able to define, which functions are allowed, for example 

$xsl->registerPHPFunctions(array("date","time"));

would allow only the date and time function. You can also define static methods like "MyClass::MyMethod". Calling the method multiple times will add those functions to the allowed list, not remove the old ones. And calling it without parameter just allows everything like in PHP 5.0. You can also give a string instead of an array, if you just want to add one function to the list.

And here's the patch against PHP_5_0, if you want to use it on the 5.0 branch.

For more information visit: http://blog.bitflux.ch/




相关文章

相关软件