The following PHP functions are considered dangrous and should be disabled on any web server, this may cause some scripts to stop functioning but you can enable the required funciton as needed by removing the function from the list of disabled funcitons.
PHP functions are disabled by adding the function name to the server php.ini file disable_functions directive as follow:
disable_functions = chgrp, show_source, phpinfo, allow_url_fopen, exec, popen, pclose, php_eval, safe_dir, root, ftok, posix_access, egy_perl, symlink, set_time_limit, ini_restore, shell_exec, passthru, ini_alter, openlog, syslog, readlink, link, leak, escapeshellcmd, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, pcntl_exec, wscript, apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, exec, fp, highlight_file, ini_get_all, inject_code, mysql_pconnect, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_terminate, system, xmlrpc_entity_decode, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, dl, curl_exec, curl_init, ini_restore
- Common location for server php.ini
/usr/local/lib/php.ini (cPanel server)
/etc/php.ini (non-cPanel server)