如何测试是否允许PHP system()函数?并出于安全原因未关闭 [英] how to test if PHP system() function is allowed? and not turned off for security reasons
问题描述
我想知道如何测试服务器上是否允许system()或exec().我不断收到此错误警告:出于安全原因在exec()已被禁用..."
I would like to know how to test if system() or exec() is allowed on a server. I keep getting this error "Warning: exec() has been disabled for security reasons in ..."
我了解在我的提供程序运行的php版本中,safe_mode函数已贬值(5.3.3),因此我无法使用get_ini('safe_mode')检查.
I understand that the safe_mode function is depreciated in the php version my provider runs (5.3.3) so i cant use a get_ini('safe_mode') check.
还有什么要做?
我将其用作备份脚本.如果提供者允许系统,则脚本会创建一个tar文件,并在用户登录时将其邮寄给我.
I use this for a backup script. if the provider allows system, the script makes a tar file and mails it to me whenever a user logs in.
谢谢.
推荐答案
好,只有两种方法可以禁用它: disable_functions
.
Well, there's only two ways it can be disabled: safe_mode
or disable_functions
.
所以您可以像这样进行检查:
So you can do a check like:
function isAvailable($func) {
if (ini_get('safe_mode')) return false;
$disabled = ini_get('disable_functions');
if ($disabled) {
$disabled = explode(',', $disabled);
$disabled = array_map('trim', $disabled);
return !in_array($func, $disabled);
}
return true;
}
哦,function_exists
应该返回true,因为它是一个核心函数(否则您可能会伪造一个核心函数并在主机上造成一些真正的破坏)...因此,is_callable
也应该返回true(因为该函数确实存在).因此,唯一的方法就是检查ini设置或实际调用它.
Oh, and function_exists
should return true, since it's a core function (otherwise you could forge a core function and cause some real havoc on a host)... Therefore is_callable
should also return true (since the function does exist). So the only ways to tell, are to check the ini settings, or to actually call it...
要注意的另一件事是,有几种执行Shell命令的方法.检出:
One other thing to note, there are several of ways to execute shell commands. Check out:
- Program Execution Functions
- Backtick Operator
这篇关于如何测试是否允许PHP system()函数?并出于安全原因未关闭的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!