ID: 50802 Updated by: [email protected] Reported By: h dot reindl at thelounge dot net -Status: Open +Status: Wont fix Bug Type: Feature/Change Request Operating System: All PHP Version: 5.2.12 New Comment:
It is not technically feasible to support per-request changing of the function table, sorry. The performance hit would be way too high to be useful. This can only be set at startup which is why it is php.ini only. Previous Comments: ------------------------------------------------------------------------ [2010-01-19 20:20:20] h dot reindl at thelounge dot net Description: ------------ http://de2.php.net/manual/en/ini.core.php#ini.disable-functions > This directive must be set in php.ini For example, > you cannot set this in httpd.conf This is a very bad behavior in shared-hosting-environments You can not enable any function for specific hosts while they must not be executed in other ones. If you have many vhosts with very straight security-settings and need a function like "popen" in only one virtaul host that is fully crontrolled by the admin you have no way to configure this What makes this really critical is that "phpinfo();" shows the local-value from vhost-configuration instead of the effective, it should always show the working configuration instead of ignored settings. Reproduce code: --------------- <Directory "/docroot"> php_admin_value open_basedir "/docroot" php_admin_value disable_functions "popen, pclose, exec, passthru, shell_exec, system, proc_open, proc_close, mail, symlink" </Directory> Expected result: ---------------- Disallow the listed functions for the virtual host Actual result: -------------- phpinfo(); shows them as disabled but they are working ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=50802&edit=1
