I adapted Fran Rogers’s Lua MediaWiki extension into a library named Looah. It runs Lua code in a sandbox from PHP, which allows you to execute Lua code provided by users. Right now it supports limits on recursion depth, the number of executed lines, and the execution time. However, Looah doesn’t support a memory usage limit, so you still need to be careful in that regard.
There is a PHP extension to run Lua code, but it doesn’t handle sandboxing, so Looah is able to augment that extension (although I have not tested that). Looah can use the Lua binary instead.
The limits on the number of lines executed and recursion depth are enforced by a wrapper written in Lua. Functions are blacklisted according to this list. The time limit is enforced in both the Lua wrapper and outside in PHP, provided that you are not using the Lua extension for PHP. If you use the Lua extension, then only the Lua wrapper is enforcing a time limit, which leaves the risk of a C function called in the Lua script locking up.
Using Looah is very simple:
$result = $lua->execute("print(1234 + 5)");
Note that the Lua script cannot call functions in PHP, and the PHP script cannot call functions in Lua. Everything that is returned is also a string.
I'm on Twitter!
Really great script! Exactly what I’m looking for.
I’m trying to use it inside a forum system (phpBB3), inside the posts messages.
But I have a question: How I can inject variable from PHP inside LUA? Which are the best way?
I have a list of variables inside PHP that I want the user can see inside LUA.
The only way at present is to inject the variables into the Lua script directly, but that’s not a great solution.
There is a fork what enable you to use your php variables in lua:)
http://phplua.3uu.de/
Works with linux, and i hope it works for w32 too soon…
The sandbox neither supports metatables, so you cannot use safe modules that use this feature.