Disabled PHP functions

As an increased security measure it’s a good idea to have the following functions disabled in your php.ini file:

show_source – Prints out or returns a syntax highlighted version of the code contained in filename using the colors defined in the built-in syntax highlighter for PHP.

system – Execute an external program and display the output

shell_exec – Execute command via shell and return the complete output as a string

passthru – Execute an external program and display raw output

exec – Execute an external program

popen – Opens process file pointer

proc_open – Execute a command and open file pointers for input/output

These are potentially unsafe functions that malicious scripts can take advantage of. More information about PHP functions can be found here.

Here’s an easy-to-paste string for your php.in file: show_source,system,shell_exec,passthru,exec,popen,proc_open

Comments

comments