Alright, I'll give you guys a problem and see what sorts of solutions you can come up with.
We have a php script that will be downloading PKGBUILD tarballs from users (the users will be uploading to the script).
One of the things we want to do is parse the PKGBUILD scripts and store the information like sources and depends in a database, much the same as the current archlinux.org website works.
There's one big difference between what we do on the archlinux.org site and this other site (in case you haven't guessed it's for the AUR site): we trust the developers and don't trust Joe Anonymous on the internet.
On archlinux.org we just run the script through bash and output all the variables that are set, after they've been evaluated. We can't just trust any old script from any old person to be safe enough to just run and get variables out of.
Know of any good ways to get those variables out without the risk of a malicious script running amuck? Would something like sash or that other restricted shell work in the majority of cases?
Other ideas I haven't thought of?