[PHP] disable_functions per vhost on apache
Hi folks, according to this old message [http://www.mail-archive.com/php-general@lists.php.net/msg87293.html] it's not possible to use php_value disable_functions on Apache's vhost. Since this message is two years old I would like to know if it's still being true. I have to allow system() for my control center script but I don't want my users to use it. How can I do it? -- Best regards, Eduardo M. Bragatto. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] disable_functions per vhost on apache
On Wednesday 22 December 2004 02:42, Eduardo M. Bragatto wrote: according to this old message [http://www.mail-archive.com/php-general@lists.php.net/msg87293.html] it's not possible to use php_value disable_functions on Apache's vhost. Since this message is two years old I would like to know if it's still being true. I have to allow system() for my control center script but I don't want my users to use it. How can I do it? For what can be set and where, outside of php.ini, look at the manual entry for ini_set(). -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* It's amazing how nice people are to you when they know you're going away. -- Michael Arlen */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] disable_functions per vhost on apache
Eduardo M. Bragatto wrote: Hi folks, according to this old message [http://www.mail-archive.com/php-general@lists.php.net/msg87293.html] it's not possible to use php_value disable_functions on Apache's vhost. Since this message is two years old I would like to know if it's still being true. Yes, it's still true, as this value can only be set in the php.ini file. http://us4.php.net/manual/en/features.safe-mode.php#ini.disable-functions I have to allow system() for my control center script but I don't want my users to use it. How can I do it? You'd have to run two instances of Apache, with a seperate php.ini for each version. One for the vhosts with the functions disabled, and the other for your control center. Unless someone knows of a way to use different ini's per vhost. Sucks, but it's about the best you could do. -- John C. Nichel ÜberGeek KegWorks.com 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] disable_functions problems
Hello, im testing the php_admin_value disable_functions froma Vhost in my Apache, and not works, is are set from Master (php.ini) works, but set via Apache vhost not works, any are using from apache php_admin_value disable_functions bla,bla,bla ? -- -- Alberto Ferrer [EMAIL PROTECTED] http://www.barrahome.org JID: [EMAIL PROTECTED] -- SNMP = Security? Not My Problem! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] disable_functions on virtual hosts?
I'd like to disable certain functions for a particular virtual host, and leave them as is for all the rest. The usual way to do this would be to include something like: php_admin_value disable_functions system,exec in the virtual host's configuration block. However, this doesn't work, and scripts are still able to use the disabled functions. phpinfo() shows system,exec under local value for disable_functions, which would seem to indicate that the configuration is correct, even though it doesn't work. I made a little experiment and added those functions to php.ini's disable_function directive, and in this case it works perfectly, and the specified functions are disabled. I'm wondering if I'm missing something here, or is this a known problem with PHP? This is PHP 4.0.6 running on OpenBSD 2.9 with Apache 1.3.19. I guess I can live without disabling those functions on one particular virtualhost, but I'd sleep better knowing they are disabled. Thanks in advance! - Daniel Manrique -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] disable_functions... Was: about your mail on php list
Hello, disable_functions still works ONLY via setting in php.ini. I think this is a bug. ini_set(disable_functions, phpinfo); has no effect, php_value_admin disable_functions phpinfo shows the correct output from phpinfo with one line for disable_functions phpinfo... At least this is a bug. prune wrote: Hi, I'm having the same problem as you mentionned. I can't find any answer on the list archives... is the problem still happening with php 4.1 ? is this a bug, or a feature ? Thanks, Cheers, Prune -- List: php-general Subject: [PHP] Problem with disable_functions From: Berthold Tenhumberg [EMAIL PROTECTED] Date: 2001-09-20 9:29:53 [Download message RAW] Hi all! Did I find a bug? Disabling the function 'system' per php.ini works well. OK. Disabling the same function per Apache-directive does not. Why? php_admin_value disable_functions system --=20 =20 (live long and prosper...) -- Berthold -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] disable_functions not working in httpd.conf
Hey All, Was just trying the following and disable_functions is not working? Although safe mode and open_basedir are! What is really strange that when phpinfo is called the disable_functions value is phpinfo, can't seem to disable echo either, I don't want to put these in php.ini as I still want to be able to have a fully fledged php running from the main document root. VirtualHost * ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/test/public_html ServerName test.foo.bar.com.au ErrorLog logs/test.foo.bar.com.au-error_log CustomLog logs/test.foo.bar.com.au-access_log common Directory /home/test/public_html AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps php_admin_value open_basedir /home/test/public_html php_admin_value user_dir /home/test/public_html php_admin_value disable_functions phpinfo php_admin_flag safe_mode On php_admin_value safe_mode_allowed_env_vars PHP_ php_admin_value safe_mode_protected_env_vars LD_LIBRARY_PATH php_admin_value sendmail_from [EMAIL PROTECTED] /Directory /VirtualHost What am I doing wrong, any suggestions welcome on the above conf too :) Thanks in advance, Joseph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] disable_functions not working in httpd.conf
On Thursday 25 October 2001 09:47, Joseph Blythe wrote: Hi, bad news disable_functions doesn't work for me either in apache's config file I tried it with php_value, and php_admin_value, also in .htaccess with php_value without any luck php4.0.5, Apache/1.3.14 bye, Arpi Hey All, Was just trying the following and disable_functions is not working? Although safe mode and open_basedir are! What is really strange that when phpinfo is called the disable_functions value is phpinfo, can't seem to disable echo either, I don't want to put these in php.ini as I still want to be able to have a fully fledged php running from the main document root. VirtualHost * ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/test/public_html ServerName test.foo.bar.com.au ErrorLog logs/test.foo.bar.com.au-error_log CustomLog logs/test.foo.bar.com.au-access_log common Directory /home/test/public_html AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps php_admin_value open_basedir /home/test/public_html php_admin_value user_dir /home/test/public_html php_admin_value disable_functions phpinfo php_admin_flag safe_mode On php_admin_value safe_mode_allowed_env_vars PHP_ php_admin_value safe_mode_protected_env_vars LD_LIBRARY_PATH php_admin_value sendmail_from [EMAIL PROTECTED] /Directory /VirtualHost What am I doing wrong, any suggestions welcome on the above conf too :) Thanks in advance, Joseph -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] disable_functions....
Thanks.. D'you think you'd be able to give me an example? (Sorry, I am _quite_ new to all of this...) -Andy Rasmus Lerdorf [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Any php.ini directive can be used in your httpd.conf on a per-dir basis. See the manual.. -Rasmus On Sat, 25 Aug 2001, Andy Ladouceur wrote: Does anyone know if its possible to use disable_functions on only specified directories, and not all? Hopefully its possible.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] disable_functions....
Does anyone know if its possible to use disable_functions on only specified directories, and not all? Hopefully its possible.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] disable_functions....
Any php.ini directive can be used in your httpd.conf on a per-dir basis. See the manual.. -Rasmus On Sat, 25 Aug 2001, Andy Ladouceur wrote: Does anyone know if its possible to use disable_functions on only specified directories, and not all? Hopefully its possible.. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] disable_functions and httpd.conf
Is disable_functions supposed to work from httpd.conf? I tried the following: php_value disable_functions "phpinfo" php_value max_execution_time 300 The time is changed from 30 to 300 as expected, however phpinfo is _not_ disabled. I tried also php_value disable_functions phpinfo php_value disable_functions "phpinfo()" php_value disable_functions phpinfo() without effect... How to make it work? Maciek -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] disable_functions and httpd.conf
Sorry to answer myself, but here goes another question: php_admin_value disable_functions phpinfo() or php_admin_value disable_functions phpinfo change the value displayed by phpinfo() but... if I can see the result of phpinfo() it means it's not disabled... What goes on here? Maciek -Original Message- From: Maciek Uhlig [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 18, 2001 9:34 PM To: [EMAIL PROTECTED] Subject: [PHP] disable_functions and httpd.conf Is disable_functions supposed to work from httpd.conf? I tried the following: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
