Hi Robert!
> * the code is my second program in PHP and Perl, so it is not efficient and
> hard to read and I am ashamed to publish it in the current state. But I have
> already sent the sources to some people who asked me and we may try some
> joint work with developers of WMI project, http://matek.hu
Fine.
> Concerning security issues:
> * the maxima session is killed after 5 or 10 seconds
> * the input is checked against unsecure commands (this part is stolen from
> maximaPHP project, thanks)
That's rather ineffective as most maxima commands are potentially
insecure, but ...
> * I remove names of allowed functions and variables, numbers, parentheses,
> operators etc from user input and check, that nothing remains. This will
> catch chars like ";" or "?" and functions which are not allowed, like erf
> function (the calculators are designed and supposed to solve simple
> problems).
that's a better idea. Since you reject almost the entire alphabet,
I couldn't inject a list via args(foo*bar*bax) because r is not
allowed.
> Do you think that this is enough?
It might be, but by chance there might exist a function, which
passes your tests. I can't tell for sure without studying your code
(and the maxima manual) in detail.
BTW while playing with your program I found a bug:
take the derivative of x^3*exp(aa*x^2) - there seems to be some
recursion problem. Probably because you use aa internally for something
(pattern matching?).
Other multichar symbols (like aba) work just fine.
HTH,
Harald