php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74635 when call a disabled function,php not throw a fatal error
Submitted: 2017-05-23 05:03 UTC Modified: 2017-05-23 07:04 UTC
From: shengbin_xu at 163 dot com Assigned:
Status: Duplicate Package: Scripting Engine problem
PHP Version: 7.1.5 OS: ubuntu
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: shengbin_xu at 163 dot com
New email:
PHP Version: OS:

 

 [2017-05-23 05:03 UTC] shengbin_xu at 163 dot com
Description:
------------
in php.ini,popen function is in disable functions:
disable_functions => passthru,system,popen,chroot,escapeshellcmd,proc_get_status => passthru,system,popen,chroot,escapeshellcmd,proc_get_status

function_exists('popen') return false,but when call popen, php only give a notice,but not throw a fatal error。

Test script:
---------------
<?php
error_reporting(E_ALL);
ini_set('display_errors','on');
var_dump(function_exists('popen'));//false
$handle = popen("/bin/ls", "r");//null Warning: popen() has been disabled for security reasons in
var_dump($handle);
echo gettype($handle);

Expected result:
----------------
when popen function is called,php should throw a fatal error。


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-05-23 07:04 UTC] requinix@php.net
-Status: Open +Status: Duplicate -Package: PHP Language Specification +Package: Scripting Engine problem
 [2017-05-23 07:04 UTC] requinix@php.net
See bug #73921
 [2017-05-23 08:07 UTC] spam2 at rhsoft dot net
And this is pretty serious since the following code runs with completely undefined behavior - i reported that months ago and it was argued that the disabled functions are still listed in defined functions 

in a normal code flow I don't give a damn if a function don't exist at all, is disabled or the extension is not loaded when I just can't call it

Since php7 is throwing exceptions everywhere but here and in the soap extension both are just plain bugs and a horrible inconsistency
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Nov 09 19:01:28 2024 UTC