Article 8117 at 06/12/07 08:12:24 From: kenmarcus (at mark) precisionweb.net Subject: [coba-e:08117] Re: disable

Index: [Article Count Order] [Thread]
Date:  Wed, 6 Dec 2006 14:58:07 -0800
From:  "Ken Marcus - Precision Web Hosting, Inc." <kenmarcus (at mark) precisionweb.net>
Subject:  [coba-e:08117] Re: disable_functions   directive in the php.ini
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <06e201c71989$ff126cc0$6700a8c0@OfficeKen>
References:  <1164905019.10167.8.camel (at mark) newton-isn> <079c01c7156b$fafbd300$6700a8c0 (at mark) OfficeKen> <45773D40.3050509 (at mark) dogsbody.org>
X-Mail-Count: 08117


From: "Dogsbody" <dan (at mark) dogsbody.org>


>
>> In reading at  http://se2.php.net/features.safe-mode
>> I noticed the disable_functions option in the php.ini
>>
>> The example given was:
>> disable_functions  =  shell_exec,exec,system,dbmopen, 
>> suexec,escapeshellcmd,show_source,escapeshellarg
>>
>> Anyone have any ideas on this?
>> Would it be a good idea to add these or other directives to the php.ini 
>> (not the one used for the GUI but the php.ini used for the sites) ?
>
>
> Sounds like a good idea to me!
>
> Dan

I actually checked a little more and the escapeshellcmd and escapeshellarg 
actually are (as far as I can tell) just used for escaping control type 
characters from user input. So, those 2 should probably not be disabled.

Also,  dbmopen is used for accessing dbm files which has legitimate uses.
http://us2.php.net/dbmopen



----
Ken Marcus
Precision Web Hosting, Inc.
http://www.precisionweb.net