php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #26707 warning for disable functions is incorrect
Submitted: 2003-12-23 16:00 UTC Modified: 2003-12-24 11:39 UTC
From: waazup at hotmail dot com Assigned: iliaa (profile)
Status: Closed Package: Unknown/Other Function
PHP Version: 4.3.3 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: waazup at hotmail dot com
New email:
PHP Version: OS:

 

 [2003-12-23 16:00 UTC] waazup at hotmail dot com
Description:
------------
if you disable functions using the php.ini variable
disable_functions and you seperate the functions using commas when you get a warning for attempting to use those functions it incorrectly displays multiple function names.

I have disable_functions set as:
disable_functions = system, exec, passthru, proc_open, shell_exec, popen

If i create a test script:
<?
system("ls");
exec("ls");
?>

I get the following output:
Warning: system, exec, passthru, proc_open, shell_exec, popen() has been disabled for security reasons in /pathtoscript/test.php on line 2

Warning: exec, passthru, proc_open, shell_exec, popen() has been disabled for security reasons in /pathtoscript/test.php on line 3

The expected output should just show the single function name which you are trying to use.

Expected result:
----------------
Warning: system() has been disabled for security reasons in /pathtoscript/test.php on line 2

Warning: exec() has been disabled for security reasons in /pathtoscript/test.php on line 3

Actual result:
--------------
Warning: system, exec, passthru, proc_open, shell_exec, popen() has been disabled for security reasons in /pathtoscript/test.php on line 2

Warning: exec, passthru, proc_open, shell_exec, popen() has been disabled for security reasons in /pathtoscript/test.php on line 3

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-12-24 11:39 UTC] iliaa@php.net
This bug has been fixed in CVS.

In case this was a PHP problem, snapshots of the sources are packaged
every three hours; this change will be in the next snapshot. You can
grab the snapshot at http://snaps.php.net/.
 
In case this was a documentation problem, the fix will show up soon at
http://www.php.net/manual/.

In case this was a PHP.net website problem, the change will show
up on the PHP.net site and on the mirror sites in short time.
 
Thank you for the report, and for helping us make PHP better.


 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 13:01:29 2024 UTC