PHP Classes

PHP Sandbox: Execute external PHP scripts in a separate process

Recommend this page to a friend!
  Info   View files View files (12)   DownloadInstall with Composer Download .zip   Reputation   Support forum   Blog    
Ratings Unique User Downloads Download Rankings
StarStarStarStar 61%Total: 786 All time: 4,334 This week: 660Up
Version License PHP version Categories
php-sandbox 1GNU Lesser Genera...5.2PHP 5, Language


This class can execute external PHP scripts in a separate process.

It uses PHP CLI version to execute a given external scripts as a separate process, so if it fails the calling script does not fail too.

The class provides options to change the root file system path before executing, pass GET, POST, COOKIE and SESSION variables, as well other PHP options like display_errors, memory_limit, max_execution_time, disable_functions, etc..

Innovation Award
PHP Programming Innovation award nominee
July 2011
Number 2

Prize: One subscription to the PDF edition of the PHP Architect magazine
Sometimes you may need to execute PHP scripts from third parties that you may not be able to trust, as such scripts can do something harmful.

This class provides a clever solution to execute untrusted PHP scripts by running them with the PHP cli program as a separate process.

It passes a separate set of values to request variables and changes the root of the file system, so the untrusted scripts do not have access to privileged information.

Clever approach to execute untrusted PHP scripts securely.

Manuel Lemos
Picture of Paul Fryer
Name: Paul Fryer <contact>
Classes: 1 package by
Country: United Kingdom
Age: ???
All time rank: 2682124 in United Kingdom
Week rank: 264 Up9 in United Kingdom Up
Innovation award
Innovation award
Nominee: 1x


PHPSandbox A way to run external scripts from your core PHP files. Allows for running non-trusted PHP from with in your main PHP application. Allows the main script to continue should a fatal error occour in your incuded code. Supports: Function restrictions Enviroment obscurification Sessions Passing GET and POST param's INI settings protection Run's as a seperate process to protect the parent PHP script from crashs Prevent's interaction with the parent PHP Requirements: PHP 5.2+ (Only tested in PHP 5.3 currently) PHP CLI Notes: Only currently tested under Linux and OSX

  Files folder image Files  
File Role Description
Files folder imagesamples (6 files)
Accessible without login Plain text file COPYING Lic. Copyright Information LGPL
Accessible without login Plain text file COPYING.LESSER Lic. LGPL
Accessible without login Plain text file example.php Example Example usage files
Accessible without login Plain text file phpsandbox-prepend.php Aux. An auto prepend file to configure the enviroment
Plain text file phpsandbox.php Class The main class
Accessible without login Plain text file README Doc. README file

  Files folder image Files  /  samples  
File Role Description
  Accessible without login Plain text file invalid.php Data Invalid PHP file to fail lint test
  Accessible without login Plain text file malicious.php Data A sample malicious PHP file
  Accessible without login Plain text file recon.php Data An enviroment based PHP reconisence script
  Accessible without login Plain text file slow.php Data A sample script that runs longer than the time limit
  Accessible without login Plain text file trusted.php Data A trusted PHP script
  Accessible without login Plain text file valid.php Data A sample valid PHP file

 Version Control Unique User Downloads Download Rankings  
This week:0
All time:4,334
This week:660Up
 User Ratings  
 All time