php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77687 failed disable function ini_get() using php.ini
Submitted: 2019-03-01 10:06 UTC Modified: 2019-03-07 23:56 UTC
From: ena dot melia dot ymail at gmail dot com Assigned:
Status: Verified Package: PHP options/info functions
PHP Version: 7.3.2 OS: linux
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2019-03-01 10:06 UTC] ena dot melia dot ymail at gmail dot com
Description:
------------
i want to disable function ini_get() using php.ini but it doesnt work
nb: i can successfully disable other function like phpinfo()

php.ini

disable_functions = ini_get //not work

disable_functions = phpinfo() //work


PHP 7.3.2-3 (cli) (built: Feb  8 2019 15:05:54) ( NTS )

Test script:
---------------
<?php
die(ini_get('disable_functions'));
?>

Expected result:
----------------
Warning: ini_get() has been disabled for security reasons 


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-03-01 10:12 UTC] spam2 at rhsoft dot net
that's simply not true and i doubt that this is even possible given how such code works, what about show your php.ini line and make sure you edit the correct config file?

[harry@srv-rhsoft:~]$ php -a
Interactive mode enabled

php > die(ini_get('disable_functions'));

Warning: ini_get() has been disabled for security reasons in php shell code on line 1
 [2019-03-01 16:48 UTC] requinix@php.net
-Status: Open +Status: Feedback
 [2019-03-01 16:48 UTC] requinix@php.net
Works for me too.
 [2019-03-05 21:47 UTC] ena dot melia dot ymail at gmail dot com
-Status: Feedback +Status: Open
 [2019-03-05 21:47 UTC] ena dot melia dot ymail at gmail dot com
yeah. its work now

I am sorry. maybe that was my mistake.
I disabled opcache via php.ini and waited for 1 day. then I tried to see the results and ini_get was successfully disabled.

so my conclusion is that the failure to disable the "ini_get" function because the results from the "echo ini_get()" command are still cached by Opcache.

thank you for all the responses ^_^
 [2019-03-05 21:48 UTC] ena dot melia dot ymail at gmail dot com
-Status: Open +Status: Closed
 [2019-03-05 21:48 UTC] ena dot melia dot ymail at gmail dot com
thanks...
 [2019-03-05 21:49 UTC] spam2 at rhsoft dot net
there is nothing relevant to opcache, you simply didn't reload your config
 [2019-03-07 00:08 UTC] ena dot melia dot ymail at gmail dot com
No. php has been restarted repeatedly and I have disabled cache in the browser

#opcache disabled
1. opcache.enable=0 in /etc/php/7.3/fpm/php.ini
2. service php7.3-fpm restart
3. open webpage
<?php
	echo ini_get('disable_functions');
	echo disk_total_space("/");
	echo getcwd();
	//etc
?>
refresh page repeatedly
all is well
disable ini_get and others is working

#opcache enable
1. opcache.enable=1 in /etc/php/7.3/fpm/php.ini
2. service php7.3-fpm restart
3. open webpage
<?php
	echo ini_get('disable_functions');
	echo disk_total_space("/");
	echo getcwd();
	//etc
?>
refresh page repeatedly
disable ini_get does not work but other functions like getcwd, is_dir, etc. are working

I disabled almost all functions on php.ini
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,.....and more........
i try put about one thousand function in there
disable all functions is work except ini_get

my php.ini

[PHP]
engine = On
short_open_tag = Off
precision = 14
output_buffering = 4096
zlib.output_compression = Off
implicit_flush = Off
unserialize_callback_func =
serialize_precision = -1
disable_functions = ini_get,ini_get_all,ini_set
disable_classes =
zend.enable_gc = On
expose_php = Off
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
error_reporting = E_ALL
display_errors = On
display_startup_errors = On
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
html_errors = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 8M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 2M
max_file_uploads = 20
allow_url_fopen = Off
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On

[Date]

[filter]

[iconv]

[imap]

[intl]

[sqlite3]

[Pcre]

[Pdo]

[Pdo_mysql]
pdo_mysql.default_socket=

[Phar]

[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = Off

[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1

[Interbase]
ibase.allow_persistent = 1
ibase.max_persistent = -1
ibase.max_links = -1
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
ibase.dateformat = "%Y-%m-%d"
ibase.timeformat = "%H:%M:%S"

[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off

[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off

[OCI8]

[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0

[bcmath]
bcmath.scale = 0

[browscap]

[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = sesi_user
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.cookie_samesite =
session.serialize_handler = php
session.gc_probability = 0
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.sid_length = 26
session.trans_sid_tags = "a=href,area=href,frame=src,form="
session.sid_bits_per_character = 5

[Assertion]
zend.assertions = -1

[COM]

[mbstring]

[gd]

[exif]

[Tidy]
tidy.clean_output = Off

[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5

[sysvshm]

[ldap]
ldap.max_links = -1

[dba]

[opcache]
opcache.enable=1

[curl]

[openssl]
 [2019-03-07 00:21 UTC] requinix@php.net
-Status: Closed +Status: Feedback
 [2019-03-07 00:21 UTC] requinix@php.net
What about disabling: chr, count, trim, array_keys? With and without opcache enabled?
 [2019-03-07 00:43 UTC] ena dot melia dot ymail at gmail dot com
-Status: Feedback +Status: Open
 [2019-03-07 00:43 UTC] ena dot melia dot ymail at gmail dot com
opcache disabled
chr, count, trim, array_keys //working

opcache enabled
chr, count, trim, array_keys //only chr is not working
 [2019-03-07 08:39 UTC] nikic@php.net
-Status: Open +Status: Verified
 [2019-03-07 08:39 UTC] nikic@php.net
We'll have to add opcache checks to not optimize disabled functions.
 [2019-03-07 23:56 UTC] ena dot melia dot ymail at gmail dot com
thanks you
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Tue Jun 25 06:01:25 2019 UTC