The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

php.ini disable_functions request

Discussion in 'General Discussion' started by partsace, Jun 19, 2009.

  1. partsace

    partsace Active Member

    Joined:
    Jan 11, 2007
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    In WHM -->
    Service Configuration -->
    PHP Configuration Editor -->
    Switch to Advanced Mode -->

    Under disable_functions, I would like to know if I can remove phpinfo from 1 domain on my server. I have tried to do this in .htaccess but I keep coming-up with a 500 error. I do not want to remove phpinfo for this setting, just the one website.

    disable_functions = "show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open"

    Thanks for your help,

    Scott
     
  2. krizag

    krizag Member

    Joined:
    Jun 19, 2009
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    You can add this by creating a file named php.ini in the document root of the account.

    The content of the file will be:

    disable_functions = "show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open"

    But this will work if the php is compiled as CGI, if not it will give 500 internal server error.
     
  3. partsace

    partsace Active Member

    Joined:
    Jan 11, 2007
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Yep, 500 Internal Server Error

    It was NOT complied as CGI. Can I recompile it without causing any problems with my already existing accounts?

    Scott
     
    #3 partsace, Jun 20, 2009
    Last edited: Jun 20, 2009
  4. fineline

    fineline Active Member

    Joined:
    Apr 10, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Read the PHP manual....

    disable_functions string
    This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names. disable_functions is not affected by Safe Mode. This directive must be set in php.ini For example, you cannot set this in httpd.conf.
     
  5. Ronniev

    Ronniev Registered

    Joined:
    Sep 30, 2008
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    php with the CGI

    Hello,
    You can compile php with the CGI by using WHM -->
    Service Configuration --> Configure PHP and SuExec -->Apache Configuration -->PHP and SuExec Configuration.
    Some time some php script affect after that setting but you can easily solve that problem. :)
     
  6. fineline

    fineline Active Member

    Joined:
    Apr 10, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    That will work. I would just be careful. When you do that A user can then override anthing with a custom php.ini I think the only thing they can't override is enabling the exec function.
     
  7. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Krizag, you can't say this without knowing how the poster's PHP is configured ...

    What you describe is the method to set custom PHP settings for an account
    if the PHP on the system is setup as the old phpSuExec.

    Under DSO (Apache Module) based DSO, settings could be changed for
    an individual site view the main httpd.conf (for restricted settings) or
    from a .htaccess file in the users account (for general settings).

    Under SuPHP, you would need to add a custom PHP directive to the
    user's virtualhost configuration in httpd.conf that points to another PHP.INI
    file that you have setup somewhere else on the system.
     
Loading...

Share This Page