Edit report at https://bugs.php.net/bug.php?id=65351&edit=1
ID: 65351 Comment by: ben dot rubson at gmail dot com Reported by: az9901 at gmail dot com Summary: enable_functions directive Status: Open Type: Feature/Change Request Package: PHP options/info functions PHP Version: 5.4.17 Block user comment: N Private report: N New Comment: See summary bug #65386 Previous Comments: ------------------------------------------------------------------------ [2013-07-29 09:57:55] az9901 at gmail dot com In addition to the fact that "disable_functions" in a virtualhost context does not semm to overwrite global setting but to complete it, functions which have been disabled in a virtualhost context still work. For example, phpinfo() shows that syslog function is disabled (according to specific virtualhost setting "php_admin_value disable_functions syslog"), but syslog can still be used in PHP code. ------------------------------------------------------------------------ [2013-07-29 06:14:44] az9901 at gmail dot com According to the tests I did, "php_admin_value disable_functions" does not overwrite / redefine the global list, but complete it. I think that having the ability to declare white lists would make functions management easier. For example, let's assume we have excluded 40 functions globally ! We need the exec function in one of our virtualhosts. Instead of having to re-declare 39 functions in the virtualhost (which does not seem to work), we would simply have to make declare : "php_admin_value enable_functions exec" Easier to manage, especially for envs with several / many virualhosts. And so it would make the functions' management more secure. Thank you very much ! ------------------------------------------------------------------------ [2013-07-28 23:39:46] yohg...@php.net Rather than mixing white and black list, redefine black list for certain virtual hosts. Users may use multiple php_admin_flag/value for the same setting to override previous definitions in server contexts. ------------------------------------------------------------------------ [2013-07-28 19:31:19] az9901 at gmail dot com What I tried to do : Keep a global (CG) array of pointers to the original functions for the ones which have been disabled (in the zend_API.c file, zend_disable_function function) ; Move functions' pointer to their original version for re-enabled ones (in the mod_php5.c file, send_php function). But I did not manage to get it working. And I don't know if it's the right way to implement it. Thank you ! ------------------------------------------------------------------------ [2013-07-28 19:18:34] az9901 at gmail dot com Description: ------------ Hello, I tried all the WE to implement enable_functions directive, but without success... Goal is to re-enable some functions in a specific Apache virtualhost which would have been disabled globally. We would then be able to be very restrictive in the global php.ini configuration file and allow some specific functions in some of the virtualhosts using "php_admin_value enable_functions ...". Could you please implement it ? Thank you very much ! Best regards, Ben ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=65351&edit=1
