I am writing a very simple timer-extension in PHP, and I'm wondering how to:
Hook into the runtime / get a function of my extension to be called when script execution starts/ends
Hook into specific functions, e.g., Pdo::query() at start and end.
The purpose is to time given functions or scripts, so that we may easily calculate the execution time etc. I am aware that I can achieve this in pure PHP with:
auto_prepend_file / auto_append_file
Using an extension that lets me hook into the (beginning of) functions.
But I am mostly interested in C/C++ solutions (in the PHP/Zend API). Perhaps there is even a better way of doing what I want?
I'm pretty sure that php doesn't have hooks for functions in extensions!
the only hooks you can set in an extension are when the extension is loaded for the first time in apache (MINIT) and everytime a request is recieved by the server (RINIT).
It might somehow be possible to replace a function with your own (i have read somewhere a while ago that you can replace zend engine's functions for parsing,compiling etc).
ps: you might also want to take a look at xdebug, i'm pretty sure that extension does some timing/profiling, you can look how it's done there!
Related
I'm trying to write a website in PHP that allows the user to enter PHP code, and then be able to run it on my server. However, I want to be able to disable certain features (file access, database access, etc.). Basically, I want the code to run without any risk to my server, and if the code does attempt to do something dangerous, I just want the code to stop running (I don't mind if it just stops, produces an error, or carries on while ignoring the dangerous code).
Is this possible, and if so, how could I achieve this?
Thanks :)
It is possible using libraries that do some simple checking or limiting.
Take a look at a PECL (PHP Extensions) extension called RunKit_Sandbox http://php.net/manual/en/runkit.sandbox.php or PHPSandbox.
The key to look for on Google is PHP Sandbox, it will find you similar libraries.
vi php.ini
and then find disable_functions,
disable the functions as you want! like this :
disable_functions = exec,passthru,popen,proc_open,shell_exec,system,phpinfo,assert,chroot,getcwd,scandir,delete,rmdir,rename,chgrp,chmod,chown,copy,mkdir,file,file_get_contents,fputs,fwrite,dir
I actually developed a package specifically for these kinds of use cases. It can be fully configured and even used to override dangerous functions and globals.
https://github.com/fieryprophet/php-sandbox
I am trying to build an extension for PHP. After following Sara Golemon's book I have a basic extension which I can compile as a shared module and, in addition, I can compile it statically along PHP itself.
Now I want to modify the PHP interpreter in order to intercept particular internal function invocations and communicate these calls to my extension. I want to do this only when my extension is statically compiled with PHP---the interpreter build process should otherwise generate an unmodified PHP binary. My understanding is that I should use the C preprocessor. However, to achieve my goal I need a preprocessor flag that will only be raised when PHP is configured to compile with my extension (i.e. ./configure --enable-myextension). Unfortunately, I cannot find such a flag nor one seems to be set by the configure script.
I should say here that I have tried setting preprossessor flags within my extension's code but this will not work. My extension is first touched late in the build process (i.e. roughly after the core of the interpreter) and the flags I set there are not active when the bulk of interpreter code is being compiled.
Any thoughts? Do the above sound reasonable?
My understanding is that I should use the C preprocessor.
Nope, you don't need that.
I need a preprocessor flag that will only be raised when PHP is configured to compile with my extension
Why would you want that? It would basically limit the functionality of your extension artificially, although it's possible to hook function calls no matter how your extension is compiled.
Do the above sound reasonable?
In my opinion, it's not reasonable. Please have a look at how AOP hooks function calls: https://github.com/AOP-PHP/AOP
If you need to hook more than just function calls, you need to reach down at the lowest level, the opcodes, by using zend_set_user_opcode_handler(). Please use lxr.php.net or similar tools (fgrep, etc) to find out where and how such handlers are used. I know laruence was working hard on an interesting extension last year here: http://svn.php.net/viewvc/pecl/taint/trunk/taint.c?view=markup so I would take that as the most "up to date" way of doing things as a reference, if anything has changed in the meanwhile.
I'd like to know who calls spl_autoload_register() in my application. Specifically, I'm using CakePHP, so a simple combination of find and grep in the source files should suffice, but I'm wondering if there is a way to set a breakpoint in Eclipse via XDebug, so the PHP interpreter will stop when the Cake scripts invoke that function and will show me the file and line number where this happens.
You know, I'm not able to manually set the breakpoint because the function is not defined in any PHP file, so effectively I'm asking if there is a way to trace calls to functions defined in PHP extensions (possibly in native code), even if I obviously won't have any way to step into machine code.
You might be able to do something sneaky with a creative use of override_function and/or rename_function, although it's likely to be a lot easier to do something with a grep -r of the source code (or, even better, ack)
I would like to add a function to PHP so I can use it in any script that runs on my server. Is it possible to register a function like if it was native from PHP? Does PHP has some kind of configuration file where I can register new global / native functions?
There is no intentions to use it in production, I'm just curious on how to achieve this.
You could use a "Global include" (defined in php.ini)
Read this (php.net manual)
auto-append-file and auto-prepend-file
You can write extensions in C or C++, in particular write or use library bindings with SWIG or FFI. But that's a bit effort, and only advisable if you meant compiled "native" functions.
The lazy option to add new core functions to PHP via config is the auto_prepend_file= php.ini setting. That allows to register a script that gets executed before everything else. (I use that for fixing magic quotes on some servers, or always having phpquery available for CLI testing.)
There is a full chapter in the manual http://www.php.net/manual/en/internals2.php devoted to writing extensions to php, with examples.
The easiest way is to write them in PHP and include them before your scripts is executed using
auto_prepend_file = /path/to/file.php
http://php.net/manual/en/ini.core.php
else you need to learn C and write a extension
I'm curious about how some built in functions are implemented,but it's very time consuming to look it up directly in the source,is there a tool that can automate this?
EDIT
Or is there a tool that can debug into the c code that's actually executed?
Most (all?) of the functions that can be accessed from PHP are defined under the ext/ directory in the PHP source code. If you have a recursive search tool, search for PHP_FUNCTION - if you saved the results of that search into a text file, it would be a pretty good "index" for figuring out where a PHP builtin is defined.
The really core stuff is in ext/standard.
Some rare "functions" are implemented directly as opcodes in the Zend virtual machine that PHP compiles to, so there isn't a well defined C function as such. I think strlen is such a function, for instance.
About the debugging the C code that's executed, I suppose it's possible to use something like dbg ; you'll first have to recompile PHP with the --enable-debug mode, though.
For more informations, you can take a look at :
Building PHP for extension development
Generating a gdb backtrace
I've never used this to debug PHP itself, but I've used those two pages to generate some backtraces of a crash I had with an extension, and it worked OK, from what I remember.
As a sidenote : using a PHP compiled with --enable-debug, you might have to recompile some of the extensions you're using and change the way they're loaded (it's the case for Xdebug, for instance) ; and some other might just not work at all anymore.
I believe that you should take a look at this.
Facebook has developed a tool to convert PHP code into c++.
So I guess it can handle C as well to some extent.