Dangerous PHP Functions

The following PHP functions are considered dangrous and should be disabled on any web server, this may cause some scripts to stop functioning but you can enable the required funciton as needed by removing the function from the list of disabled funcitons.

PHP functions are disabled by adding the function name to the server php.ini file disable_functions directive as follow:

disable_functions = chgrp, show_source, phpinfo, allow_url_fopen, exec, popen, pclose, php_eval, safe_dir, root, ftok, posix_access, egy_perl, symlink, set_time_limit, ini_restore, shell_exec, passthru, ini_alter, openlog, syslog, readlink, link, leak, escapeshellcmd, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, pcntl_exec, wscript, apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, exec, fp, highlight_file, ini_get_all, inject_code, mysql_pconnect, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_terminate, system, xmlrpc_entity_decode, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, dl, curl_exec, curl_init, ini_restore

- Common location for server php.ini

/usr/local/lib/php.ini (cPanel server)
/etc/php.ini (non-cPanel server)

  • 148 Users Found This Useful
Was this answer helpful?

Related Articles

Backup & Restore MySQL Database from Shell

- Backup a database mysqldump -u Username -p dbname > anyname.sql - Restore a database...

cPanel Installation

cPanel installatin is very easy, all you need is a new minimal installation of a supported linux...

Delete shell history

Delete the .bash_history file: # rm -rf ~/.bash_history Clear the current history stored in...

Dangerous Linux Binaries

It's recommended to chmod the following linux binaries to 750 to prevent non-privileged users...