_open_basedir[] = $dir; } /** * Applies the memory limit setting. * * @return void */ private function _apply_memory_limit():void { if (!isset($this->memory_limit)) { throw new MDJailSecurityOptionNotSetException("It has not been specified, which memory limit the script should hold. Set MD_JAIL->memory_limit = string."); } if (ini_set("memory_limit", $this->memory_limit) === false) { throw new Exception('Failed to change memory_limit to ' . $this->memory_limit); } } /** * Applies the maximum execution time setting. * * @return void */ private function _apply_time_limit():void { if (!isset($this->max_execution_time)) { throw new MDJailSecurityOptionNotSetException("It has not been specified, which maximum execution time the script should hold. Set MD_JAIL->max_execution_time = integer."); } if (set_time_limit($this->max_execution_time) === false) { throw new Exception('Failed to change max_execution_time to ' . $this->max_execution_time); } } /** * Applies basedir restrictions. * * @return void private function _apply_basedir_restriction():void { if (empty($this->_open_basedir)) { throw new MDJailSecurityOptionNotSetException("It has not been specified, which memory limit the script should hold. Set MD_JAIL->open_basedir = string."); } if (ini_set("open_basedir", implode(':', $this->_open_basedir)) === false) { throw new Exception('Failed to set open_basedir restrictions'); } } */ /** * Enforces security options previously set. * * @return void */ public function enforce():void { // Special instructions on CLI, so as to not disturb PHPUnit if (PHP_SAPI === 'cli') { if (!isset($this->memory_limit)) { throw new MDJailSecurityOptionNotSetException("It has not been specified, which memory limit the script should hold. Set MD_JAIL->memory_limit = string."); } if (!isset($this->max_execution_time)) { throw new MDJailSecurityOptionNotSetException("It has not been specified, which maximum execution time the script should hold. Set MD_JAIL->max_execution_time = integer."); } $this->_status = self::STATUS_SPECIFIED; $this->__destruct(); } $this->_apply_memory_limit(); $this->_apply_time_limit(); // Set accessible file paths // $this->_apply_basedir_restriction(); $this->_status = self::STATUS_SPECIFIED; $this->__destruct(); } /** * Setup function. Registers a shutdown function that throws an error * if the security specifications have not been made. * * @return void */ public function __construct() { $this->_status = self::STATUS_STARTED; } public function __destruct() { if ($this->_status !== self::STATUS_SPECIFIED) { echo "Security specifications need to be set."; if (!isset($this->memory_limit)) { echo "Set memory limit"; } if (!isset($this->max_execution_time)) { echo "Set max_execution_time"; } if (empty($this->_open_basedir)) { echo "Set open_basedir"; } throw new MDJailSecurityOptionNotSetException("Security specifications need to be set."); } } }