2007. 09. 14, péntek keltezéssel 08.31-kor Instruct ICC ezt írta: > > Instruct ICC schrieb: > > > I was going to mention > > > http://php.he.net/manual/en/features.safe-mode.functions.php and ask > > > you if you need any of those functions, but I prefer Nathan's answer. > > > You may be able to set the error reporting in conjunction with > > > disable_functions and be done. > > > Date: Thu, 13 Sep 2007 20:30:52 +0200 > > From: [EMAIL PROTECTED] > > Hey, > > > > Thanks for the replies! > > safe-mode is not an option unfortunately! > > But changing the Error reporting, is the first thing I wanted to do, but > > when I asked if this was possible on this list, somebody replied, that > > it this is not possible! > > > > Could you point me to a way, how I can achieve, that the "this function > > is disabled" error, without suppressing other error messages? > > > > Regards, > > Samy > > I just tested what I had in mind. And it worked. When I added phpinfo to > disable_functions in php.ini and attempted to use it in a script, it was > displayed as a warning. So I modifed error_reporting in php.ini to not show > warnings and I believe I achieved the results you want. However, in a > production environment, I think you should disable all error reporting to not > tip your hand to a hacker. I haven't verified this today, but I remember a > situation where the PHP script would not display errors (or notices or > warnings or ... whatever messages) in the web page, yet the message would > still appeared in the Apache logs. > > I just changed php.ini to: > disable_functions = "phpinfo" > ... > error_reporting = E_ALL & ~E_WARNING
a better solution would be error_reporting = E_ALL display_errors = off log_errors = on this sends all error messages to the apache log, as you mentioned above. see: http://hu2.php.net/manual/en/ref.errorfunc.php http://hu2.php.net/manual/en/ref.errorfunc.php#ini.display-errors greets Zoltán Németh > > http://php.net/manual/en/features.safe-mode.php > http://php.net/manual/en/function.error-reporting.php > http://php.net/manual/en/features.safe-mode.functions.php > > Ahh, read this in php.ini: > ; Print out errors (as a part of the output). For production web sites, > ; you're strongly encouraged to turn this feature off, and use error logging > ; instead (see below). Keeping display_errors enabled on a production web > site > ; may reveal security information to end users, such as file paths on your Web > ; server, your database schema or other information. > > > Also Samy, > I saw something like this in someone's signature line on this list: > > > Because it destroys the context or flow of the discussion. > > >Why should I not "TOP-POST"? > > _________________________________________________________________ > Can you find the hidden words? Take a break and play Seekadoo! > http://club.live.com/seekadoo.aspx?icid=seek_wlmailtextlink -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
