php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #65351 enable_functions directive
Submitted: 2013-07-28 19:18 UTC Modified: 2013-07-28 23:39 UTC
Votes:2
Avg. Score:3.5 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:2 (100.0%)
From: az9901 at gmail dot com Assigned:
Status: Open Package: PHP options/info functions
PHP Version: 5.4.17 OS:
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2013-07-28 19:18 UTC] az9901 at gmail dot com
Description:
------------

Hello,

I tried all the WE to implement enable_functions directive, but without 
success...

Goal is to re-enable some functions in a specific Apache virtualhost which would 
have been disabled globally.
We would then be able to be very restrictive in the global php.ini configuration 
file and allow some specific functions in some of the virtualhosts using 
"php_admin_value enable_functions ...".

Could you please implement it ?

Thank you very much !

Best regards,

Ben



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-07-28 19:31 UTC] az9901 at gmail dot com
What I tried to do :

Keep a global (CG) array of pointers to the original functions
for the ones which have been disabled
(in the zend_API.c file, zend_disable_function function) ;

Move functions' pointer to their original version for re-enabled ones
(in the mod_php5.c file, send_php function).

But I did not manage to get it working.
And I don't know if it's the right way to implement it.

Thank you !
 [2013-07-28 23:39 UTC] yohgaki@php.net
Rather than mixing white and black list, redefine black list for certain virtual 
hosts.

Users may use multiple php_admin_flag/value for the same setting to override 
previous definitions in server contexts.
 [2013-07-29 06:14 UTC] az9901 at gmail dot com
According to the tests I did, "php_admin_value disable_functions"
does not overwrite / redefine the global list, but complete it.

I think that having the ability to declare white lists
would make functions management easier.

For example, let's assume we have excluded 40 functions globally !
We need the exec function in one of our virtualhosts.
Instead of having to re-declare 39 functions in the virtualhost
(which does not seem to work), we would simply have to make declare :
"php_admin_value enable_functions exec"

Easier to manage, especially for envs with several / many virualhosts.
And so it would make the functions' management more secure.

Thank you very much !
 [2013-07-29 09:57 UTC] az9901 at gmail dot com
In addition to the fact that "disable_functions" in a virtualhost
context does not semm to overwrite global setting but to complete it,
functions which have been disabled in a virtualhost context still work.

For example, phpinfo() shows that syslog function is disabled
(according to specific virtualhost setting
"php_admin_value disable_functions syslog"),
but syslog can still be used in PHP code.
 [2013-08-03 15:56 UTC] ben dot rubson at gmail dot com
See summary bug #65386
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Jan 22 16:01:28 2019 UTC