From: h dot reindl at thelounge dot net Operating system: All PHP version: 5.2.12 PHP Bug Type: Feature/Change Request Bug description: Allow "disable_functions" in httpd.conf
Description: ------------ http://de2.php.net/manual/en/ini.core.php#ini.disable-functions > This directive must be set in php.ini For example, > you cannot set this in httpd.conf This is a very bad behavior in shared-hosting-environments You can not enable any function for specific hosts while they must not be executed in other ones. If you have many vhosts with very straight security-settings and need a function like "popen" in only one virtaul host that is fully crontrolled by the admin you have no way to configure this What makes this really critical is that "phpinfo();" shows the local-value from vhost-configuration instead of the effective, it should always show the working configuration instead of ignored settings. Reproduce code: --------------- <Directory "/docroot"> php_admin_value open_basedir "/docroot" php_admin_value disable_functions "popen, pclose, exec, passthru, shell_exec, system, proc_open, proc_close, mail, symlink" </Directory> Expected result: ---------------- Disallow the listed functions for the virtual host Actual result: -------------- phpinfo(); shows them as disabled but they are working -- Edit bug report at http://bugs.php.net/?id=50802&edit=1 -- Try a snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=50802&r=trysnapshot52 Try a snapshot (PHP 5.3): http://bugs.php.net/fix.php?id=50802&r=trysnapshot53 Try a snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=50802&r=trysnapshot60 Fixed in SVN: http://bugs.php.net/fix.php?id=50802&r=fixed Fixed in SVN and need be documented: http://bugs.php.net/fix.php?id=50802&r=needdocs Fixed in release: http://bugs.php.net/fix.php?id=50802&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=50802&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=50802&r=needscript Try newer version: http://bugs.php.net/fix.php?id=50802&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=50802&r=support Expected behavior: http://bugs.php.net/fix.php?id=50802&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=50802&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=50802&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=50802&r=globals PHP 4 support discontinued: http://bugs.php.net/fix.php?id=50802&r=php4 Daylight Savings: http://bugs.php.net/fix.php?id=50802&r=dst IIS Stability: http://bugs.php.net/fix.php?id=50802&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=50802&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=50802&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=50802&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=50802&r=mysqlcfg
