On 05/03/07, Robert Dodier <robert.dodier at gmail.com> wrote:
>
> Terrific. I have put a link on the Maxima web site. See:
> http://maxima.sourceforge.net/relatedprojects.shtml
>
Hello Robert,
Thank you for a link to MaximaPHP interface. It is more valuable than
the interface itself.. :)
>
> You might consider disallowing any symbol which begins with ?
> since that allows access to Lisp symbols, e.g. ?load = Lisp LOAD function.
> But, again, I think running in a sandbox is better. Let us know if you
> make some progress on that, I'm pretty sure others would be interested.
>
Currently I have disabled these two patterns..
'/\?\b/' # Lisp access
'/tex *\(.*,.*\)/' # file access
and these 42 functions..
# system access (1)
'system'
# Lisp access (6)
':lisp', 'to_lisp', 'to-maxima', ':lisp-quiet', 'compile', 'translate'
# arbitrary commands (1)
'eval_string',
# file access (28)
'setup_autoload', 'demo', 'compfile', 'translate_file',
'compile_file', 'read_matrix', 'read_lisp_array', 'read_maxima_array',
'read_hashed_array', 'read_nested_list', 'read_list', 'write_data',
'opena', 'openr', 'openw', 'appendfile', 'batch', 'batchload',
'closefile', 'filename_merge', 'file_search', 'file_type', 'load',
'loadfile', 'save', 'stringout', 'with_stdout', 'writefile',
# system info (5)
'run_testsuite', 'bug_report', 'build_info', 'room', 'status'
# interactive commands (1)
'entermatrix'
Best regards,
bowo