Merge pull request #2 from mrjoelkemp/forkable

Forkable

README.md

@@ -8,23 +8,39 @@ Created by: [@mrjoelkemp](http://www.twitter.com/mrjoelkemp)
 ### Purpose
 
 I simply wanted an online repl that allowed me to
-play with multiline scripts that explored various PHP apis. 
-There's already a console-based repl `php -a`, but it and many other 
+play with *multiline* scripts that explored various PHP apis.
+There's already a console-based repl `php -a`, but it and many other
 console-based repls are not great for multiline snippets.
 
 I've used this quick hack a ton since building it. I hope you get some use out of it as well.
 
-### Sandboxing
+### Running it locally
 
-The exposed `eval` is sandboxed at the server configuration layer 
+The online version of PHPepl is sandboxed. The exposed `eval` is sandboxed at the server configuration layer
 plus some blacklisting of methods at the application level via [PHP-Sandbox](https://github.com/fieryprophet/php-sandbox).
 
-Close to 100 people use this REPL every day; don't ruin it for them. Please play nice.
+This has, of course, crippled the tool and makes it not as useful – as whitelisting methods is a pain.
+I recommend serving this app locally.
+
+To serve this application locally, you'll need a web server and PHP:
+
+* Mac: [MAMP](http://www.mamp.info/en/index.html)
+* Windows: [WAMP](http://www.wampserver.com/en/)
+
+You can then point your apache server to serve files from the `/phpepl` root folder
+
+* Namely, you should be able to visit the app (`/phpepl/index.html`) from `http://localhost` (include a custom port if necessary)
+
+The app will automatically disable the sandbox and give you free reign over the REPL to
+execute any commands.
 
 ### Contact Me
 
 If you hit any errors or if someone hacked the repl and it goes down, give
 me a shout on Twitter: [@mrjoelkemp](https://twitter.com/mrjoelkemp)
 
+Close to 100 people use this REPL every day; don't ruin it for them. Please play nice.
+
+### License
 
-License: MIT
+MIT

css/styles.scss

@@ -55,7 +55,7 @@ body {
     .codebox-cont {
       width: 80%;
       margin: 0 auto;
-      #editor { 
+      #editor {
         font-size: 17px;
         border: 1px solid black;
         margin-bottom: 10px;
@@ -92,7 +92,7 @@ body {
             -webkit-animation: fade 1s linear infinite;
             -webkit-border-radius: 50px;
             -webkit-box-shadow: 0 0 3px rgba(0,0,0,0.2);
-            &.bar1 {-webkit-transform:rotate(0deg) translate(0, -142%); -webkit-animation-delay: 0s;}    
+            &.bar1 {-webkit-transform:rotate(0deg) translate(0, -142%); -webkit-animation-delay: 0s;}
             &.bar2 {-webkit-transform:rotate(30deg) translate(0, -142%); -webkit-animation-delay: -0.9167s;}
             &.bar3 {-webkit-transform:rotate(60deg) translate(0, -142%); -webkit-animation-delay: -0.833s;}
             &.bar4 {-webkit-transform:rotate(90deg) translate(0, -142%); -webkit-animation-delay: -0.75s;}
@@ -108,7 +108,7 @@ body {
         }
         .output-container{
           margin: 5px 10px;
-          span {       
+          span {
             font-family: "Lucida Console", Monaco, monospace;
             color: black;
             font-size: 16px;
@@ -141,6 +141,7 @@ body {
     position: relative;
     float: left;
     text-align: center;
+    margin-bottom: 3px;
     span {
       display: block;
       font-family: Courier;
@@ -157,7 +158,14 @@ body {
   }
 }
 
-
+.fork-info {
+  width: 100%;
+  text-align: center;
+  span {
+    font-style: italic;
+    font-size: 12px;
+  }
+}
 
 .credits {
   width: 100%;

eval/unsafe.php

@@ -0,0 +1,38 @@
+<?php
+        // Turn off errors since eval will throw them on invalid syntax
+        $inString       = @ini_set('log_errors', false);
+        $token          = @ini_set('display_errors', true);
+
+        // CORS support
+        header("Access-Control-Allow-Origin: *");
+        header("Content-type: application/json");
+
+        $code = $_POST['code'];
+
+        // Remove error prone snippets
+        $toRemove = array("<?php", "?>", "<?");
+
+        $code = str_replace($toRemove, "", $code);
+
+        // Simple output buffering to capture
+        // error messages and send them to the user
+        ob_start();
+
+        eval($code);
+        $result = ob_get_clean();
+        $error = error_get_last();
+
+        echo getJsonOutput(array(
+                'result' => $result,
+                'error' => $error
+        ));
+
+        @ini_set('display_errors', $token);
+        @ini_set('log_errors', $inString);
+
+        function getJsonOutput($options) {
+                $result = $options['result'];
+                $error         = $options['error'];
+                return json_encode(array("result" => $result, "error" => $error));
+        }
+?>

index.haml

@@ -8,7 +8,7 @@
     %title PHPepl: The PHP REPL
     %link{:rel => "stylesheet", :href => "lib/codemirror/lib/codemirror.css?ver=3.18"}
     %link{:rel => "stylesheet", :href => "css/styles.css?ver=1.2"}
-    :javascript 
+    :javascript
       var _gaq = _gaq || [];
       _gaq.push(['_setAccount', 'UA-36055599-1']);
       _gaq.push(['_trackPageview']);
@@ -18,13 +18,13 @@
         ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
         var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
       })();
-    
+
       (function(e,b){if(!b.__SV){var a,f,i,g;window.mixpanel=b;a=e.createElement("script");a.type="text/javascript";a.async=!0;a.src=("https:"===e.location.protocol?"https:":"http:")+'//cdn.mxpnl.com/libs/mixpanel-2.2.min.js';f=e.getElementsByTagName("script")[0];f.parentNode.insertBefore(a,f);b._i=[];b.init=function(a,e,d){function f(b,h){var a=h.split(".");2==a.length&&(b=b[a[0]],h=a[1]);b[h]=function(){b.push([h].concat(Array.prototype.slice.call(arguments,0)))}}var c=b;"undefined"!==typeof d?c=b[d]=[]:d="mixpanel";c.people=c.people||[];c.toString=function(b){var a="mixpanel";"mixpanel"!==d&&(a+="."+d);b||(a+=" (stub)");return a};c.people.toString=function(){return c.toString(1)+".people (stub)"};i="disable track track_pageview track_links track_forms register register_once alias unregister identify name_tag set_config people.set people.increment people.append people.track_charge".split(" ");for(g=0;g<i.length;g++)f(c,i[g]);b._i.push([a,e,d])};b.__SV=1.2}})(document,window.mixpanel||[]);
       mixpanel.init("89e9d9cd5a49c0529bec222da9b37385");
       mixpanel.track("Landing Page");
   %body
     /Built by Mr. Joel Kemp, @mrjoelkemp, www.mrjoelkemp.com
-    /Yes, there's php -a, but it stinks. I really wanted a repl to play with particular parts of PHP. 
+    /Yes, there's php -a, but it stinks. I really wanted a repl to play with particular parts of PHP.
     .container
       .header
         .title
@@ -53,8 +53,10 @@
           .timestamp
             %span
       .submit
-        %span.code ⌘ + Enter or Ctrl + Enter 
+        %span.code ⌘ + Enter or Ctrl + Enter
         %button RUN
+      .fork-info
+        %span Fork the project and serve locally for an unsandboxed experience
       .credits
         %a{:href=>"https://twitter.com/mrjoelkemp", :class=>"twitter-follow-button" } Follow @mrjoelkemp
         :javascript
@@ -66,17 +68,16 @@
   %script{:src => "lib/jquery-1.8.2.min.js"}
   %script{:src => "lib/codemirror/lib/codemirror.js?ver=3.18"}
   %script{:src => "lib/codemirror/addon/edit/closebrackets.js"}
-  
+
   %script{:src => "lib/codemirror/addon/edit/matchbrackets.js"}
   %script{:src => "lib/codemirror/mode/htmlmixed/htmlmixed.js"}
   %script{:src => "lib/codemirror/mode/xml/xml.js"}
   %script{:src => "lib/codemirror/mode/javascript/javascript.js"}
   %script{:src => "lib/codemirror/mode/css/css.js"}
   %script{:src => "lib/codemirror/mode/clike/clike.js"}
   %script{:src => "lib/codemirror/mode/php/php.js"}
-  
+
   %script{:src => "lib/moment/moment.min.js"}
   / %script{:src => "scripts/phpepl.js"}
   %script{:src => "scripts/phpepl.min.js?ver=1.3"}
 
-

index.html

@@ -67,6 +67,9 @@
         <span class='code'>⌘ + Enter or Ctrl + Enter</span>
         <button>RUN</button>
       </div>
+      <div class='fork-info'>
+        <span>Fork the project and serve locally for an unsandboxed experience</span>
+      </div>
       <div class='credits'>
         <a class='twitter-follow-button' href='https://twitter.com/mrjoelkemp'>Follow @mrjoelkemp</a>
         <script>

scripts/phpepl.js

@@ -1,14 +1,22 @@
 (function (window, document, $, moment) {
   'use strict';
 
-  // COMMON
-  var dev  = 'http://localhost/eval/index.php',
-      live = 'http://phpepl.cloudcontrolled.com/eval/index.php',
-
-      // Switch this to devURL if you want to code locally
-      evalURL = live,
-
-      mixpanel= window.mixpanel || {},
+  var
+      // Detect the port that localhost is running on
+      port        = window.location.host.split(':')[1] || '80',
+      // No sandbox on your local server
+      devUnsafe   = 'http://localhost:' + port + '/eval/unsafe.php',
+      // Sanboxed on your local server (really only for testing live locally)
+      dev         = 'http://localhost:' + port + '/eval/index.php',
+      // Sandboxed on the remote (online) server
+      live        = 'http://phpepl.cloudcontrolled.com/eval/index.php',
+
+      // Safeguard to always use the live eval on the remote server
+      // and the unsafe dev version otherwise.
+      isLiveEnv   = window.location.host === 'phpepl.cloudcontrolled.com',
+      evalURL     = isLiveEnv ? live : devUnsafe,
+
+      mixpanel    = window.mixpanel || {},
       editor;
 
   // HELPERS