当PHP [路径]部分配置忽略disable_functions选项局部值 [英] disable_functions local value ignored when configured with PHP [PATH] section

问题描述

我在用PHP disable_functions选项有问题。在Apache服务器上运行suPHP FastCGI的PHP> 5.3.0我想设置每个虚拟主机disable_functions选项值。要做到我这样做什么suPHP配置是禁止使用的suPHP_ConfigPath从使用自己的php.ini文件禁止用户。然后在全球php.ini文件我用的是PHP部分[路径]指令，在一个特定的虚拟主机配置自定义disable_functions选项。是这样的：

I'm having a problem with PHP disable_functions. In a Apache Server running suPHP FastCGI PHP > 5.3.0 I'm trying to set the disable_functions value per virtualhost. To do so what I'm doing is disabling in suPHP configuration the use of suPHP_ConfigPath to disallow users from using their own php.ini file. Then in the global php.ini file I use the php sections [PATH] directive to configure a custom disable_functions on a specific virtualhost. Something like:

php.ini文件

...
disable_functions = shell_exec, exec

[PATH=/home/someuser/public_html]
disable_functions =
...

如果我用的phpinfo文件的虚拟主机检查PHP的配置，我得到了正确的预期值。 disable_functions选项有局部值=无值和主值=了shell_exec，EXEC。但是，如果我运行使用了shell_exec服务器阻止它显示出，表明了shell_exec已因安全原因关闭了错误的测试脚本。这意味着PHP忽略disable_functions选项本地值和使用主值，而不是。

If I check php configuration in that virtualhost with a phpinfo file I get the correct expected values. Disable_functions directive has a local value = no value and a master value = shell_exec, exec. But if I run a test script that uses shell_exec the server blocks it showing an error that indicates that shell_exec has been disabled for security reasons. This means PHP is ignoring disable_functions local value and using the master value instead.

我无法弄清楚为什么像预期的那样在[路径] [主持人] PHP部分文件应该能够就这些板块配置禁用功能不起作用。只有延伸和的zend_extension指令不应节作为文档中使用。

I'm not able to figure out why that doesn't work as expected as for the [PATH] [HOST] PHP sections documentation should be possible to configure disable function on those sections. Only extension and zend_extension directives should not be used in sections as for the documentation.

我已经与其他指令PHP_INI_SYSTEM甚至一个php.ini只指令（expose_php）测试，并都已经按预期工作。所以我完全失去了，我不明白是怎么回事。

I have already tested with other directives PHP_INI_SYSTEM and even a php.ini only directive (expose_php) and all have worked as expected. So I'm totally lost and I can't understand what's going on.

只是为了完整性我曾经在一个Apache服务器上运行的FastCGI + PHP的SuExec> 5.3.0（类似的配置比suPHP，但不完全一样），并同样的事情发生经过测试，disable_functions选项本地值被忽略。

Just for completeness I have tested in a Apache Server running FastCGI + SuExec PHP > 5.3.0 (similar configuration than suPHP but not exactly the same) and same thing happen, disable_functions local value is ignored.

任何人都知道这是为什么不工作的好理由？它是一个PHP错误？有什么事，我没有考虑到？

Anyone knows a good reason why this is not working? Is it a PHP bug? Is there something I'm not taking into account?

推荐答案

这是的明明PHP手册的 disable_functions选项只能在主站设置的的php.ini 的。本地值可以设置，并与phpinfo（）函数可见，但似乎没有（至少在PHP 5.5）有任何影响。

It's clearly stated in PHP Manual that disable_functions can only be set in the master php.ini. Local values can be set and are visible with phpinfo(), but don't seem have any effect (at least on PHP 5.5).

要围绕这个工作，我每个虚拟主机使用的 AUTO_ prepend_file 的（或一个全局每个的虚拟主机子包括）。该脚本调用包括 uopz_delete（）。如果 uopz PECL扩展不适用于你的PHP版本或OS等你可以尝试其他的扩展如 APD 或的 runkit ，因为他们有相似的功能进行删除/披风其他PHP函数。

To work this around, I use per-vhost auto_prepend_file (or one global with per-vhost sub-includes). The script included calls uopz_delete(). If uopz PECL extension isn't available for your PHP version or OS, etc. you can try other extensions like APD or runkit, as they have similar functions to delete/cloak other PHP functions.

与uopz该解决方案已经在运行Ubuntu用PHP 5.5.9几个生产服务器进行测试。它似乎并没有严重影响性能，也不会造成任何不稳定。

The solution with uopz has been tested on a few production servers running Ubuntu with PHP 5.5.9. It doesn't seem to affect performance heavily, nor to cause any instability.

这篇关于当PHP [路径]部分配置忽略disable_functions选项局部值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！