locked
A few rapid questions! - PHP disable_functions in php.ini - On windows servers RRS feed

  • Question

  • User-1182299804 posted

    A hopefully quick answer to a quick question:

    Since may functions of the "disable_functions" is for Linux and Apache and not for Windows I'm having a hard-time figuring out which functions that actually work and should be disabled in my php.ini file on my web server which I'm running WordPress on.

    Example list - (i found it here: http://www.cyberciti.biz/faq/linux-unix-apache-lighttpd-phpini-disable-functions/ ) :

    disable_functions =exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

    Here is another list of functions:

    posix_mkfifo, pg_lo_import, dbmopen, dbase_open, popen, chgrp, chown, chmod, symlink, pcntl_exec,define_syslog_variables,posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid,
    posix_setuid, posix_uname, proc_close, pclose, proc_nice, proc_terminate

    1. What function is Linux/apache and should be removed?
    2. Or a maybe more relevant question: What functions do actually work on windows and should be disabled?
    3. Is there anymore dangerous function not included in the list that need to be disabled?

    Thanks you in advance for helping me! :-)

    Regards

    Daniel

    Wednesday, March 20, 2013 8:26 PM

Answers

  • User-1499466209 posted

    Ok, it should be reviewed if you've installed some plugins in Wordpress, but a good start will be:

    disable_functions="popen,exec,system,passthru,proc_open,shell_exec,show_source,phpinfo"



    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Thursday, March 21, 2013 6:41 AM

All replies

  • User-1499466209 posted

    Hi,

    many of them are used by Linux and Windows.

    Because all depends on what functions your web application uses, the best way to proceed I think is to disable the whole list and then check your error log to see if one (or more) of the disabled functions has been called.

    Thursday, March 21, 2013 5:56 AM
  • User-1182299804 posted

    Hi again, nice too meet you!  :-)

    Well its just wordpress installed which the MS webinstaller so =

    FastCGI 1.5

    PHP 5.XX

    Wincache

    WordPress

    MySQL connector

    MySQL

    win32 php mail function in php.ini

    Thats it!

    Considering the setup, which is pretty straight forward - what functions do you think should I use/disable?

     

    Thursday, March 21, 2013 6:27 AM
  • User-1499466209 posted

    Ok, it should be reviewed if you've installed some plugins in Wordpress, but a good start will be:

    disable_functions="popen,exec,system,passthru,proc_open,shell_exec,show_source,phpinfo"



    • Marked as answer by Anonymous Tuesday, September 28, 2021 12:00 AM
    Thursday, March 21, 2013 6:41 AM
  • User-1182299804 posted

    Thank you so much Fabrice, you rock!

    I really appreciate your help, have super day :-)

    All the best Daniel

    Thursday, March 21, 2013 7:01 AM