Does anyone have a prepared whitelist of as many as possible secure / unexploitable PHP functions?
I am building a web application where user enters the Smarty template (Smarty version 3). Application runs this template through Smarty (with proper Smarty_Security in place) and then cleans the resulting HTML with HTMLPurifier.
Everything seems safe to me, but the users need functions so they can be used as Smarty modifiers. I can whitelist them one by one, but it would take a lot of effort and would be error-prone. I have only found a blacklist - Exploitable PHP functions.
This is a somewhat similar question, but there are no suitable answers (for my case).