Disable 16 high-risk functions in PHP

Language 2023-08-12 18:24:24 views: null

passthru()
function description: Allows to execute an external program and echo the output, similar to exec().
Hazard level: high

exec()
function description: allow to execute an external program (such as UNIX Shell or CMD command, etc.).
Hazard level: high

system()
function description: Allows to execute an external program and echo the output, similar to passthru().
Hazard level: high

chroot()
function description: it can change the working root directory of the current PHP process, it
can only work when the system supports PHP in CLI mode, and this function is not applicable to Windows system.
Hazard level: high

chgrp()
function description: change the user group to which a file or directory belongs.
Hazard level: high

chown ()
function description: change the owner of the file or directory.
Hazard level: high

shell_exec()
function description: Execute the command through the shell, and return the execution result as a string.
Hazard level: high

proc_open()
function description: Execute a command and open the file pointer for reading and writing.
Hazard level: high

proc_get_status()
function description: Get the information of the process opened by proc_open().
Hazard level: high

ini_alter()
function description: it is an alias function of ini_set() function, the function is the same as ini_set().
See ini_set() for details.
Hazard level: high

ini_set()
function description: it can be used to modify and set PHP environment configuration parameters.
Hazard level: high

ini_restore()
function description: it can be used to restore PHP environment configuration parameters to their initial values.
Hazard level: high

dl()
function description: Load a PHP external module during the running of PHP (not at startup).
Hazard level: high

Function description of pfsockopen()
: establish a socket persistent connection in Internet or UNIX domain.
Hazard level: high

popen()
function description: A command can be passed through the parameters of popen(), and the file opened by popen() will be executed.
Hazard level: high

putenv ()
function description: used to change the system character set environment when PHP is running. In PHP version lower than 5.2.6, this function can be used to
modify the system character set environment, and then use the sendmail command to send special parameters to execute the system SHELL command.
Hazard level: high

Guess you like

Origin blog.csdn.net/qq_26429153/article/details/131674623
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com