I got a little problem trying to disable some function in my php. First of all, i`m not the owner of the server so I can't change the master php.ini configuration. But I tried to change it with the directive the server owner give me.
Here is the line I put in the php.ini file I created
disable_functions=eval,exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
in my phpinfo()
I can see in the local value and the master value that those function are disabled.
But my problem start here.
In the same file in witch i run the phpinfo()
and I can confirm that the function are supposed to be disabled, I run an eval()
and a shell_exec()
and the eval()
still work but the shel_exec()
is disabled.
Why can't I disable eval()
?
NoEval extension disables window. eval() function on all webpages. It also disables similar approached to eval() when the input argument's type is String: 1. eval('sample code') 2.
Under Actions, click on the Manage php. ini link.Just after 'disable_functions = ', write out the functions you want to disable (example: exec,passthru,popen). Here is a list of functions that are commonly disabled as a means to improve security: exec. passthru.
INI settings Disable exec, shell_exec, system, popen and Other Functions To Improve Security.
eval
is a language construct, not a function, so it can't be disabled. See http://www.php.net/eval for more info.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With