{"id":23209,"date":"2020-12-09T10:07:21","date_gmt":"2020-12-09T02:07:21","guid":{"rendered":"https:\/\/web.mwwsb.com.my\/pjci\/?post_type=kb&p=23209"},"modified":"2022-09-08T20:00:22","modified_gmt":"2022-09-08T12:00:22","slug":"security-update-disabled-php-functions","status":"publish","type":"kb","link":"https:\/\/www.casbay.com\/guide\/kb\/security-update-disabled-php-functions","title":{"rendered":"Disabled PHP Functions"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t

Disabled PHP Functions<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

We have disabled PHP features to improve safety on our shared hosting<\/a> servers:<\/p>

\u2013 exec
\u2013 passthru
\u2013 shell_exec
\u2013 system
\u2013 proc_open
\u2013 popen
\u2013 curl_exec
\u2013 curl_multi_exec
\u2013 parse_ini_file
\u2013 show_source<\/p>

Please create a php.ini file in your public_html directory if you want to use the above PHP features on your website and add below line:<\/p>

\u201cdisable_functions =\u201d (without double quotes)<\/p>

You can generate a blank text file with the name of \u201cphp.ini\u201d in your public html if you do not understand how to generate php.ini (php custom file setup). This settings file will override your website\u2019s present PHP settings.<\/p>

This enables the default in a single domain setting.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t

Why are PHP Functions dangerous?<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t

Seriously, almost any PHP function can be dangerous given the right context. The function- strlen<\/code> and like are probably safe, but any function that talks to the outside world can bring surprises if the rest of the code is not safe. You can check the list of dangerous PHP functions here: http:\/\/php.net\/manual<\/a>\u00a0.<\/p>