|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #10354 disable_functions doe not work when set from httpd.conf
Submitted: 2001-04-16 19:30 UTC Modified: 2004-08-06 01:05 UTC
Avg. Score:4.8 ± 0.4
Reproduced:5 of 5 (100.0%)
Same Version:2 (40.0%)
Same OS:3 (60.0%)
From: valerio at wnet dot it Assigned:
Status: Not a bug Package: PHP options/info functions
PHP Version: 4.0 Latest CVS ( OS: Linux 2.4.2 i386
Private report: No CVE-ID: None
 [2001-04-16 19:30 UTC] valerio at wnet dot it
I think that disable_functions is not working properly when called from httpd.conf with:

php_admin_value disable_functions phpinfo

while it works nice when called from php.ini.
If i run a script with just 


obviously in a dir which is affected by the directive,
the function works ignoring the directive, and gives this results (cut down to just the line of interest):

			 local value        master value
disable_functions        phpinfo             system

I have disabled "system" from php.ini, just to didn't work also not setting anything in php.ini.
I tried also with safe mode on but no results.
The only functions thatare correctly disabled are the ones set from php.ini.
The same behaviour in php 4.0.6-dev i downloaded today from the CVS...
Am I missing something or this is a bug?
Thanks in advance.

Valerio Morettini


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2002-02-26 21:29 UTC]
The version of PHP that this bug was reported in is too old. Please
try to reproduce this bug in the latest version of PHP (available

If you are still able to reproduce the bug with one of the latest
versions of PHP, please change the PHP version on this bug report
to the version you tested and change the status back to "Open".

 [2004-08-05 23:25 UTC] majkls at tiscali dot cz
It not working with php version 4.3.6 too. I have Apache 2.0.49/worker on Linux 2.4.26.
The problem:
local value     master value
leak ini_set    exec popen ini_set
fsockopen ..    leak fsockopen...
there is part of configuration httpd.conf:

<Directory ~ "/home/(www|admin|192|212|_|158|168|99)/web/stats">
<IfModule mod_php4.c>
 php_admin_flag safe_mode off
 php_admin_value disable_functions "passthru set_time_limit error_log ini_alter ini_set dl pfsockopen openlog syslog readlink symlink link leak fsockopen"

but if I run my script, I get this:
<font color=ff0000><br />
<b>Warning</b>:  exec() has been disabled for security reasons in <b>/home/admin/web/stats/ping.php</b> on line <b>19</b><br />

Please reopen this bug.


 [2004-08-06 01:05 UTC]
The documentation states very clearly:

  "This directive must be set in php.ini For example, you cannot set this in httpd.conf."

This is not a bug.
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Jun 12 18:01:34 2024 UTC