protected function check_security($code)
{
$tokens = token_get_all($code);
$errors = array();
foreach ($tokens as $index => $toc) {
if (is_array($toc) && isset($toc[0])) {
//var_dump($toc[0]);
switch ($toc[0]) {
case T_STRING:
if (!in_array(strtolower($toc[1]), $this->allowed_calls)) {
$prevtoc = $tokens[$index - 1];
if (!isset($prevtoc[1]) || isset($prevtoc[1]) && $prevtoc[1] != '->') {
$errors[] = $toc[1];
}
}
break;
case T_REQUIRE_ONCE:
case T_REQUIRE:
case T_NEW:
case T_RETURN:
case T_BREAK:
case T_CATCH:
case T_CLONE:
case T_EXIT:
case T_PRINT:
case T_GLOBAL:
case T_INCLUDE_ONCE:
case T_INCLUDE:
case T_EVAL:
case T_FUNCTION:
if (!in_array(strtolower($toc[1]), $this->allowed_calls)) {
$errors[] = 'illegal call: ' . $toc[1];
}
break;
}
}
}
return count($errors) ? $errors : false;
}