Do you know the dangerous functions in PHP?

Sometimes we need to disable some dangerous functions in PHP for safety. This article has compiled some dangerous functions in PHP for your reference.

##phpinfoOutput PHP environment information and related module, WEB environment and other information. Disabling has little impact中passthruAllows the execution of an external program and echoes the outputDisable has little impactHighexecAllows the execution of an external program (such as UNIX Shell or CMD command, etc.)Disabling has little impactHighsystemAllows the execution of an external program and echoes the outputDisabling has little impact HighchrootCan change the working root directory of the current PHP process, only if the system supports CLI modeDisable the impact Not bigHighscandirList the files and directories in the specified path. It may be affected chgrpChange the user group to which the file or directory belongs. Disabling has little impactHighchownChange the owner of a file or directoryDisable Little impactHighshell_execExecute the command through the Shell and return the execution result as a string. Disabling has little effectHighproc_openExecute a command and open the file pointer for reading and writing . Disabling it may not be possible to execute scheduled tasksHighproc_get_statusGet information about the process opened using proc_open () . If disabled, it may not be possible to perform scheduled tasks Highini_alter, ini_set can be used to modify and set the PHP environment configuration parameter. Disabling has little impactHighini_restoreCan be used to restore PHP environment configuration parameters to their initial values. Disabling has little impactHighdlLoad one while PHP is running (not at startup) PHP external moduleDisabling has little impactHighpfsockopenEstablish a persistent socket connection to the Internet or UNIX domainDisabling may affect RPC, Socket communication, etc.HighsyslogThe system layer syslog () of the UNIX system can be called FunctionDisabling has little impact中readlinkReturns the content of the target file pointed to by the symbolic linkDisabling has little impact中symlinkCreate soft linkDisabling has little impact中popenYou can pass a command through the parameters of popen () and execute it on the file opened by popen ()Disable the effect Not bigHigh##stream_socket_server

Function	Function	Recommendation	Level
Establishing an Internet or UNIX server connection	Disabling may affect RPC, Socket communication, etc.	高

Note: The above results are not the final results. Finally, it is necessary to combine the business and analyze its impact on the business. Here's how to disable it.

Open php.ini, search for disable_functions, and add it.

disable_functions = 
passthru,exec,system,chroot,chgrp,chown,proc_open,proc_get_status,popen,ini_alter,ini_restore,dl,openlog,
syslog,readlink,popepassthru,stream_socket_server

Recommended tutorial: "

PHP Tutorial

"

The above is the detailed content of Do you know the dangerous functions in PHP?. For more information, please follow other related articles on the PHP Chinese website!