How to disable a certain method in php

Steps to disable a certain method in php: 1. Open the php.ini configuration file and look for the configuration item that disables functions, that is, the "disable_functions" item; 2. Add the function that needs to be disabled to the configuration item ( method), multiple functions are separated by English commas, and the syntax is "disable_functions = "symlink,system""; 3. Save the changes and restart the service.

The operating environment of this tutorial: windows7 system, PHP8 version, DELL G3 computer

How to disable a certain method in php

If you want to disable methods (functions) in php, you need to operate in the php.ini configuration file.

Specific steps:

1. Open the php.ini configuration file and look for the "disable_functions" item

The "disable_functions" item is for PHP to disable functions Configuration item

#2. Add the functions that need to be disabled in this configuration item. Multiple functions should be separated by commas;

3. Save the changes and restart the service

View PHP disabled functions

In PHP, you can use the ini_get() function to view PHP disabled functions.

<?php
header(&#39;content-type:text/html;charset=utf-8&#39;);   
var_dump(ini_get(&#39;disable_functions&#39;));
?>

Description:

The role of the ini_get() function: to get the value of a configuration option is to get the value in php.ini The value of the environment variable.

Return value: Success is a string that returns the configuration option value, and null value returns an empty string. If the configuration option does not exist, false will be returned.

Extended knowledge: Some dangerous PHP functions that need to be disabled

• phpinfo()

  Function Description: Output PHP environment information and related module, WEB environment and other information.

  Danger level: Medium

• passthru()

  Function description: Allows the execution of an external program and echoes the output, similar to exec().

  Danger level: High

• exec()

  Function description: Allows the execution of an external program (such as UNIX Shell or CMD command, etc.).

  Danger level: High

• system()

  Function description: Allows executing an external program and echoing the output, similar to passthru().

  Danger level: High

• ##chroot()
  Function description: Can change the working root directory of the current PHP process, only if the system supports CLI mode
  It can only work with PHP, and this function is not applicable to Windows systems.
  Danger level: High

• scandir()
  Function description: List the files and directories in the specified path.
  Danger level: Medium

• chgrp()
  Function description: Change the user group to which a file or directory belongs.
  Danger level: High

• chown()
  Function description: Change the owner of the file or directory.
  Danger level: High

• shell_exec()
  Function description: Execute the command through the Shell and return the execution result as a string.
  Danger level: High

• proc_open()
  Function description: Execute a command and open the file pointer for reading and writing.
  Danger level: High

• proc_get_status()
  Function description: Get information about the process opened using proc_open().
  Danger level: High

##error_log()

• Function description: Send error information to the specified location (file).

  Safety Note: In some versions of PHP, error_log() can be used to bypass PHP safe mode and execute arbitrary commands.

  Danger level: low

  ##ini_alter()
• Function description: It is an alias function of ini_set() function, the function is the same as ini_set() .
  Danger level: High
  ini_set()
• Function description: Can be used to modify and set PHP environment configuration parameters.
  Danger level: High

  ##ini_restore()

Function description: Can be used to restore PHP environment configuration parameters to their initial values.

• Danger level: High

  ##dl()
  Function description: Load a PHP external while PHP is running (not when starting) module.
• Danger level: High

  ##pfsockopen()

  Function description: Establish a socket persistent connection in the Internet or UNIX domain.

Danger level: High

• ##syslog()
  Function description: The system layer syslog() function of the UNIX system can be called.
  Danger level: Medium

• readlink()
  Function description: Returns the contents of the target file pointed to by the symbolic link.
  Danger level: Medium

• symlink()
  Function description: Create a symbolic link in a UNIX system.
  Danger level: High

• ##popen()

  Function description: A command can be passed through the parameters of popen() and the popen() The opened file is executed.

  Danger Level: High

• stream_socket_server()

  Function description: Establish an Internet or UNIX server connection.

  Danger level: Medium

• putenv()

  Function description: Used to change the system character set environment when PHP is running. In PHP versions earlier than 5.2.6, you can use this function to modify the system character set environment, and then use the sendmail command to send special parameters to execute the system SHELL command.

  Danger level: High

Recommended study: "PHP Video Tutorial"

The above is the detailed content of How to disable a certain method in php. For more information, please follow other related articles on the PHP Chinese website!