PHP allows specific functions to be disabled to avoid misuse and for security reason.

This is especially true in multi-tenancy setup such as in a shared hosting environment so that a particular user or PHP application would not be able to cause harm to others with the use of functions such as exec() whether or not it's malicious. 

[Thu Jun 04 23:31:51.806024 2020] [php7:warn] [pid 18054] [client 192.168.111.1:54421] PHP Warning:  date() has been disabled for security reasons in /var/www/html/index.php on line 3

You can list disabled PHP functions from your PHP applications or from the command line.

Steps to list disabled PHP functions:

  1. Show disabled functions using ini_get. 
    <?php
        echo ini_get('disable_functions');
        #sample output: date,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
?>
  2. List disabled PHP functions from configuration file. 
    $ grep disable_functions /etc/php/7.4/apache2/php.ini
disable_functions = date,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,

    PHP configuration files

Discuss the article:

Comment anonymously. Login not required.

author: shakir
Share!