PHP allows specific functions to be disabled to avoid misuse and for security reasons. It is used to harden a PHP deployment, especially in a shared hosting environment.

Related: How to disable functions in PHP

exec() is one of the functions that are usually disabled. PHP will throw a warning when a disabled function is called. 

[Thu Jun 04 23:31:51.806024 2020] [php7:warn] [pid 18054] [client 192.168.111.1:54421] PHP Warning:  date() has been disabled for security reasons in /var/www/html/index.php on line 3

You can list disabled PHP functions by using ini_get() in your PHP script or looking for disable_functions in your PHP configuration file.

Steps to list disabled PHP functions:

  1. Show disabled functions using ini_get. 
    <?php
        echo ini_get('disable_functions');
        #sample output: date,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
?>
  2. List disabled PHP functions from configuration file. 
    $ grep disable_functions /etc/php/7.4/apache2/php.ini
disable_functions = date,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,

    Related: PHP configuration files

Discuss the article:

Comment anonymously. Login not required.

Share!