Protecting variables from "include pollution" in PHP

Question

tl;dr: Is there a way to prevent alteration to (essentially lock) variables declared/defined prior to an include() call, by the file being included? Also, somewhat related question.

---

I'm wondering about what measures can be taken, to avoid variable pollution from included files. For example, given this fancy little function:

/**
 * Recursively loads values by include returns into
 * arguments of a callback
 * 
 * If $path is a file, only that file will be included.
 * If $path is a directory, all files in that directory
 * and all sub-directories will be included.
 * 
 * When a file is included, $callback is invoked passing
 * the returned value as an argument.
 *
 * @param string $path
 * @param callable $callback
 */
function load_values_recursive($path, $callback){
    $paths[] = path($path);
    while(!empty($paths)){
        $path = array_pop($paths);
        if(is_file($path)){
            if(true === $callback(include($path))){
                break;
            }
        }
        if(is_dir($path)){
            foreach(glob($path . '*') as $path){
                $paths[] = path($path);
            }
        }
    }
}

_{I know it's missing some type-checking and other explanations, let's ignore those.}

Anyways, this function basically sifts through a bunch of "data" files that merely return values (typically configuration arrays, or routing tables, but whatever) and then invokes the passed callback so that the value can be filtered or sorted or used somehow. For instance:

$values = array();
load_values_recursive('path/to/dir/', function($value) use(&$values){
    $values[] = $value;
});

And path/to/dir/ may have several files that follow this template:

return array(
    // yay, data!
);

My problem comes when these "configuration" files (or whatever, trying to keep this portable and cross-functional) start to contain even rudimentary logic. There's always the possibility of polluting the variables local to the function. For instance, a configuration file, that for the sake of cleverness does:

return array(
    'path_1' => $path = 'some/long/complicated/path/',
    'path_2' => $path . 'foo/',
    'path_3' => $path . 'bar/',
);

Now, given $path happens to be a visible directory relative to the current, the function is gonna go wonky:

// ...
if(is_file($path)){
    if(true === $callback(include($path))){ // path gets reset to 
        break;                              // some/long/complicated/path/
    }
}
if(is_dir($path)){                          // and gets added into the
    foreach(glob($path . '*') as $path){    // search tree
        $paths[] = path($path);
    }
}
// ...

This would likely have bad-at-best results. The only¹ solution I can think of, is wrapping the include() call in yet another anonymous function to change scope:

// ...
if(true === call_user_func(function() use($callback, $path){
    return $callback($path);
})){
    break;
}
// ...

Thus protecting $path (and more importantly, $callback) from causing side effects with each iteration.

I'm wondering if there exists a simpler way to "lock" variables in PHP under such circumstances.

1. I just wanna go on the record here; I know I could use, for instance, an elseif to alleviate one of the issues specific to this function, however my question is more interested in circumstance-agnostic solutions, a catch-all if you will.

Answer 1

take a look at Giving PHP include()'d files parent variable scope it has a rather unique approach to the problem that can be used here.

it amounts to unsetting all defined vars before the include and then resetting them after.

it certainly isn't elegant, but it'll work.

Answer 2

I've gone with the following solution to include pollution:

$value = call_user_func(function(){
    return include(func_get_arg(0));
}, $path);

$path is nowhere to be seen at inclusion, and it seems most elegant. Surely, calling func_get_arg($i) from the included file will yield passed values, but, well...