prevent users from allowing disabled function in custom php.ini files

Portal Home > Knowledgebase > Articles Database > prevent users from allowing disabled function in custom php.ini files

Posted by 2Mhost, 09-20-2010, 10:35 AM
Hi, I run PHP as CGI in all servers and by default I disable all shell functions, and allow users to have their own php.ini files to fine tune their environment. problem is some clients upload their custom php.ini files and allow this functions which lead to troubles. Is there any workaround to allow custom php.ini and force disallow shell functions in the main php.ini? or remove this functions from PHP itself // any idea?
Posted by 24nt7linux, 09-22-2010, 10:58 AM
I don't think that the disable function setting in the main php.ini can be overridden through custom php.ini files when php is running as cgi.
Posted by 2Mhost, 09-22-2010, 06:30 PM
No, if user put disabled_function = and left blank, this will allow shell functions in his account.!?
Posted by jdbravo, 09-22-2010, 07:12 PM
Hi, Why you don't deny users to upload their php.ini? It increments the risk of your server and allow users to set their own limits like the memory_limit and max_execution_time and this can affect the performance of your server. If you have customers that require some specific configurations you can do that specifying the php.ini per domain.
Posted by sysguru, 03-07-2012, 02:22 PM
I wonder how come hostgator allow custom ini and block dl as well other fuctions globally.
Posted by sysguru, 03-07-2012, 02:49 PM
here is the links for HG to disable dl and other settings http:// support.hostgator. com/articles/cpanel/php-settings-that-cannot-be-changed