如何测试是否允许PHP system()函数?并出于安全原因未关闭 [英] how to test if PHP system() function is allowed? and not turned off for security reasons

问题描述

我想知道如何测试服务器上是否允许system()或exec().我不断收到此错误警告:出于安全原因在exec()已被禁用..."

I would like to know how to test if system() or exec() is allowed on a server. I keep getting this error "Warning: exec() has been disabled for security reasons in ..."

我了解在我的提供程序运行的php版本中，safe_mode函数已贬值(5.3.3)，因此我无法使用get_ini('safe_mode')检查.

I understand that the safe_mode function is depreciated in the php version my provider runs (5.3.3) so i cant use a get_ini('safe_mode') check.

还有什么要做?

我将其用作备份脚本.如果提供者允许系统，则脚本会创建一个tar文件，并在用户登录时将其邮寄给我.

I use this for a backup script. if the provider allows system, the script makes a tar file and mails it to me whenever a user logs in.

谢谢.

推荐答案

好，只有两种方法可以禁用它:

Well, there's only two ways it can be disabled: safe_mode or disable_functions.

所以您可以像这样进行检查:

So you can do a check like:

function isAvailable($func) {
    if (ini_get('safe_mode')) return false;
    $disabled = ini_get('disable_functions');
    if ($disabled) {
        $disabled = explode(',', $disabled);
        $disabled = array_map('trim', $disabled);
        return !in_array($func, $disabled);
    }
    return true;
}

哦，function_exists应该返回true，因为它是一个核心函数(否则您可能会伪造一个核心函数并在主机上造成一些真正的破坏)...因此，is_callable也应该返回true(因为该函数确实存在).因此，唯一的方法就是检查ini设置或实际调用它.

Oh, and function_exists should return true, since it's a core function (otherwise you could forge a core function and cause some real havoc on a host)... Therefore is_callable should also return true (since the function does exist). So the only ways to tell, are to check the ini settings, or to actually call it...

要注意的另一件事是，有几种执行Shell命令的方法.检出:

One other thing to note, there are several of ways to execute shell commands. Check out:

• 程序执行功能
• 反引号运算符

• Program Execution Functions
• Backtick Operator

这篇关于如何测试是否允许PHP system()函数?并出于安全原因未关闭的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！