How to show disabled functions in PHP
PHP allows specific functions to be disabled to avoid misuse and for security reason.
This is especially true in multi-tenancy setup such as in a shared hosting environment so that a particular user or PHP application would not be able to cause harm to others with the use of functions such as exec() whether or not it's malicious.
[Thu Jun 04 23:31:51.806024 2020] [php7:warn] [pid 18054] [client 192.168.111.1:54421] PHP Warning: date() has been disabled for security reasons in /var/www/html/index.php on line 3
You can list disabled PHP functions from your PHP applications or from the command line.
Steps to list disabled PHP functions:
- Show disabled functions using ini_get.
<?php echo ini_get('disable_functions'); #sample output: date,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ?>
- List disabled PHP functions from configuration file.
$ grep disable_functions /etc/php/7.4/apache2/php.ini disable_functions = date,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
Author: Mohd Shakir Zakaria
Cloud architect by profession but always consider himself as a developer, entrepreneur and an opensource enthusiast.
Cloud architect by profession but always consider himself as a developer, entrepreneur and an opensource enthusiast.
Discuss the article:
Comment anonymously. Login not required.
