在htaccess的禁用PHP函数 [英] Disable php functions within htaccess
问题描述
我想创建一个受欢迎的网站,该网站提供了写PHP code在线作为个人锻炼的可能性私人克隆。
I'm trying to create a private clone of a popular website which gives the possibility to "write php code online" as a personal exercise.
- 在我写的一些code在文本区域
- code执行某种方式的服务器端
- 在输出返回
我要的输出是完全因为这将是,如果服务由Apache实例,所有的错误和警告我的code产生的。
I want the output to be exactly as it would be if served by an apache instance, with all the errors and warning my code generated.
有一个现有的框架,它提供的网站网页(前端控制器,一个ORM等等),所以我不能使用禁用的PHP INI功能。或者一切都不会在所有可用的。
There's an existing framework which serves the site webpages (a front controller, an orm and so on) so I CANT USE DISABLE FUNCTIONS IN PHP INI. Or everything wouldn't be usable at all.
我想保存在一个文件的输入,然后用类似下面的一个exec运行:
I tried to save the input in a file and then run it with an exec like the following:
exec("php -c mycustomphpinifile input.php 2>&1 > output.txt");
但是所输出的错误将不会是相同的apache的那些
But the errors outputted won't be the same as the apache ones.
最终的解决方案我试图通过是使用的httpd.conf或的.htaccess中php_value或php_admin_value以禁用危险的功能的完整列表(你能想象)。
The final solution I'm trying to adopt is to use the php_value or php_admin_value within the httpd.conf or the .htaccess in order to disable a whole list (as you can imagine) of dangerous functions.
不过...
php_value disable_functions "my,functions,comma,separated"
不带这么大名单的工作,因为它似乎。 我必须禁用类似2K功能:有没有缓冲区的大小麻烦htaccess的内php_value?任何人都可以猜到解决这个问题呢?
doesn't work with such a big list as it seems. I have to disable something like 2k functions: is there any buffer size trouble with the php_value within the htaccess? Anyone can guess a solution to this problem?
推荐答案
根据该的 PHP文档,则不能使用 disable_functions选项设置其他任何地方比在的php.ini 的文件,所以我很惊讶,这是工作的。
According to the PHP documentation, you can't use the disable_functions setting anywhere other than in a php.ini file, so I'm very surprised this is working at all.
如果你需要每个虚拟主机或不同目录的限制功能,我建议使用 PHP-FPM <的不同实例/一>,每一种都可以有自己的的php.ini 。它还提供了额外的安全优势,如每个守护进程的实例完整的沙箱。
If you need per-vhost or per-directory restrictions on functions, I would suggest using separate instances of PHP-FPM, each of which can have its own php.ini. It also provides additional security benefits, such as complete sandboxing per daemon instance.
这篇关于在htaccess的禁用PHP函数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
