- Addressed issue #18 where arrays may potentially allow for compromi…

…sing the sandbox by encapsulating unsandboxed callables

CHANGELOG.md

@@ -1,5 +1,8 @@
 #CHANGELOG
 
+##02/27/2015
+- Addressed issue #18 where arrays may potentially allow for compromising the sandbox by encapsulating unsandboxed callables
+
 ##07/24/2014
 - Fixed bug with prepare_vars()
 

src/Error.php

@@ -11,7 +11,7 @@
      * @namespace PHPSandbox
      *
      * @author  Elijah Horton <[email protected]>
-     * @version 1.3.9
+     * @version 1.3.10
      */
     class Error extends \Exception {
         /* START ERROR CODES */

src/PHPSandbox.php

@@ -14,7 +14,7 @@
      * @namespace PHPSandbox
      *
      * @author  Elijah Horton <[email protected]>
-     * @version 1.3.9
+     * @version 1.3.10
      */
     class PHPSandbox implements \IteratorAggregate {
         /**

src/SandboxWhitelistVisitor.php

@@ -13,7 +13,7 @@
      * @namespace PHPSandbox
      *
      * @author  Elijah Horton <[email protected]>
-     * @version 1.3.9
+     * @version 1.3.10
      */
     class SandboxWhitelistVisitor extends \PHPParser_NodeVisitorAbstract {
         /** The PHPSandbox instance to check against

src/SandboxedString.php

@@ -11,7 +11,7 @@
      * @namespace PHPSandbox
      *
      * @author  Elijah Horton <[email protected]>
-     * @version 1.3.9
+     * @version 1.3.10
      */
     class SandboxedString implements \ArrayAccess, \IteratorAggregate {
         /**

src/ValidatorVisitor.php

@@ -13,7 +13,7 @@
      * @namespace PHPSandbox
      *
      * @author  Elijah Horton <[email protected]>
-     * @version 1.3.9
+     * @version 1.3.10
      */
     class ValidatorVisitor extends \PHPParser_NodeVisitorAbstract {
         /** The PHPSandbox instance to check against

src/WhitelistVisitor.php

@@ -13,7 +13,7 @@
      * @namespace PHPSandbox
      *
      * @author  Elijah Horton <[email protected]>
-     * @version 1.3.9
+     * @version 1.3.10
      */
     class WhitelistVisitor extends \PHPParser_NodeVisitorAbstract {
         /** The PHPSandbox instance to check against

src/functions.php

@@ -12,6 +12,19 @@ function wrap($value, $sandbox){
         if(!($value instanceof SandboxedString) && is_object($value) && method_exists($value, '__toString')){
             $strval = $value->__toString();
             return is_callable($strval) ? new SandboxedString($strval, $sandbox) : $value;
+        } else if(is_array($value) && count($value)){
+            //save current array pointer
+            $current_key = key($value);
+            foreach($value as $key => &$_value) {
+                $value[$key] = wrap($_value, $sandbox);
+            }
+            //rewind array pointer
+            reset($value);
+            //advance array to previous array key
+            while(key($value) !== $current_key){
+                next($value);
+            }
+            return $value;
         } else if(is_string($value) && is_callable($value)){
             return new SandboxedString($value, $sandbox);
         }
@@ -29,6 +42,19 @@ function &wrapByRef(&$value, $sandbox){
         if(!($value instanceof SandboxedString) && is_object($value) && method_exists($value, '__toString')){
             $strval = $value->__toString();
             return is_callable($strval) ? new SandboxedString($strval, $sandbox) : $value;
+        } else if(is_array($value) && count($value)){
+            //save current array pointer
+            $current_key = key($value);
+            foreach($value as $key => &$_value) {
+                $value[$key] = wrap($_value, $sandbox);
+            }
+            //rewind array pointer
+            reset($value);
+            //advance array to saved array pointer
+            while(key($value) !== $current_key){
+                next($value);
+            }
+            return $value;
         } else if(is_string($value) && is_callable($value)){
             return new SandboxedString($value, $sandbox);
         }