I am trying to build an extension for PHP. After following Sara Golemon's book I have a basic extension which I can compile as a shared module and, in addition, I can compile it statically along PHP itself.
Now I want to modify the PHP interpreter in order to intercept particular internal function invocations and communicate these calls to my extension. I want to do this only when my extension is statically compiled with PHP---the interpreter build process should otherwise generate an unmodified PHP binary. My understanding is that I should use the C preprocessor. However, to achieve my goal I need a preprocessor flag that will only be raised when PHP is configured to compile with my extension (i.e. ./configure --enable-myextension). Unfortunately, I cannot find such a flag nor one seems to be set by the configure script.
I should say here that I have tried setting preprossessor flags within my extension's code but this will not work. My extension is first touched late in the build process (i.e. roughly after the core of the interpreter) and the flags I set there are not active when the bulk of interpreter code is being compiled.
Any thoughts? Do the above sound reasonable?
My understanding is that I should use the C preprocessor.
Nope, you don't need that.
I need a preprocessor flag that will only be raised when PHP is configured to compile with my extension
Why would you want that? It would basically limit the functionality of your extension artificially, although it's possible to hook function calls no matter how your extension is compiled.
Do the above sound reasonable?
In my opinion, it's not reasonable. Please have a look at how AOP hooks function calls: https://github.com/AOP-PHP/AOP
If you need to hook more than just function calls, you need to reach down at the lowest level, the opcodes, by using zend_set_user_opcode_handler(). Please use lxr.php.net or similar tools (fgrep, etc) to find out where and how such handlers are used. I know laruence was working hard on an interesting extension last year here: http://svn.php.net/viewvc/pecl/taint/trunk/taint.c?view=markup so I would take that as the most "up to date" way of doing things as a reference, if anything has changed in the meanwhile.
Related
I'm trying to write a website in PHP that allows the user to enter PHP code, and then be able to run it on my server. However, I want to be able to disable certain features (file access, database access, etc.). Basically, I want the code to run without any risk to my server, and if the code does attempt to do something dangerous, I just want the code to stop running (I don't mind if it just stops, produces an error, or carries on while ignoring the dangerous code).
Is this possible, and if so, how could I achieve this?
Thanks :)
It is possible using libraries that do some simple checking or limiting.
Take a look at a PECL (PHP Extensions) extension called RunKit_Sandbox http://php.net/manual/en/runkit.sandbox.php or PHPSandbox.
The key to look for on Google is PHP Sandbox, it will find you similar libraries.
vi php.ini
and then find disable_functions,
disable the functions as you want! like this :
disable_functions = exec,passthru,popen,proc_open,shell_exec,system,phpinfo,assert,chroot,getcwd,scandir,delete,rmdir,rename,chgrp,chmod,chown,copy,mkdir,file,file_get_contents,fputs,fwrite,dir
I actually developed a package specifically for these kinds of use cases. It can be fully configured and even used to override dangerous functions and globals.
https://github.com/fieryprophet/php-sandbox
I am writing a very simple timer-extension in PHP, and I'm wondering how to:
Hook into the runtime / get a function of my extension to be called when script execution starts/ends
Hook into specific functions, e.g., Pdo::query() at start and end.
The purpose is to time given functions or scripts, so that we may easily calculate the execution time etc. I am aware that I can achieve this in pure PHP with:
auto_prepend_file / auto_append_file
Using an extension that lets me hook into the (beginning of) functions.
But I am mostly interested in C/C++ solutions (in the PHP/Zend API). Perhaps there is even a better way of doing what I want?
I'm pretty sure that php doesn't have hooks for functions in extensions!
the only hooks you can set in an extension are when the extension is loaded for the first time in apache (MINIT) and everytime a request is recieved by the server (RINIT).
It might somehow be possible to replace a function with your own (i have read somewhere a while ago that you can replace zend engine's functions for parsing,compiling etc).
ps: you might also want to take a look at xdebug, i'm pretty sure that extension does some timing/profiling, you can look how it's done there!
1) Is a PHP library (as in the GD Library) a compiled DLL (or other appropriate name if that is not used outside of Windows) written in a language such as C, compiled, and then "loaded" and made available to PHP code?
2) If this is the case, where can I find documentation on libraries which, among other things, includes calling, argument passing, and value return standards and protocals, and other information which I can use to get started writing PHP "libraries"? I am not looking for documentation on how to program in C or another language, I am looking only for specific, and detailed, information on creating "libraries" for PHP.
Bob
In the php world I believe it's called an extension and it's behave similar to a windows dll and maybe has something similar when you want to create one.
theserverpages.com/php/manual/en/zend.php. I think its part of the php documentation, the url www.php net may work also.
I searched over the Internet several documentation about how to create PHP extensions, but unfortunately, there is nothing about linking to another extensions (and making a requirement for having that extension loaded prior to the new it is being created).
I guess I could simply #include necessary header files into my source code, but not sure about linking.
As an example, and to play with extension creation, the first I want to create is a solution I implemented to allow namespaces in memcached github but wanted to know how to use other extensions' code from my custom extension one for other usages as well.
I'm not sure how to reply to the thread with StormByte, but it sounds like you need to do some load balancing or caching, not extending PHP.
If you really want to do this at the code level, you could use exec() to call a Python script, which gets compiled into byte code automatically.
I'm curious about how some built in functions are implemented,but it's very time consuming to look it up directly in the source,is there a tool that can automate this?
EDIT
Or is there a tool that can debug into the c code that's actually executed?
Most (all?) of the functions that can be accessed from PHP are defined under the ext/ directory in the PHP source code. If you have a recursive search tool, search for PHP_FUNCTION - if you saved the results of that search into a text file, it would be a pretty good "index" for figuring out where a PHP builtin is defined.
The really core stuff is in ext/standard.
Some rare "functions" are implemented directly as opcodes in the Zend virtual machine that PHP compiles to, so there isn't a well defined C function as such. I think strlen is such a function, for instance.
About the debugging the C code that's executed, I suppose it's possible to use something like dbg ; you'll first have to recompile PHP with the --enable-debug mode, though.
For more informations, you can take a look at :
Building PHP for extension development
Generating a gdb backtrace
I've never used this to debug PHP itself, but I've used those two pages to generate some backtraces of a crash I had with an extension, and it worked OK, from what I remember.
As a sidenote : using a PHP compiled with --enable-debug, you might have to recompile some of the extensions you're using and change the way they're loaded (it's the case for Xdebug, for instance) ; and some other might just not work at all anymore.
I believe that you should take a look at this.
Facebook has developed a tool to convert PHP code into c++.
So I guess it can handle C as well to some extent.