[TYPO3-english] php's disable_functions

Marcus Krause marcus#exp2009 at t3sec.info
Mon Nov 30 10:44:10 CET 2009


Claudio Strizzolo schrieb am 11/30/2009 10:31 AM Uhr:
> Hi all,
> several security-related sites suggest disabling some potentially 
> dangerous PHP functions on web servers as a method to improve security, 
> together with other configurations and tools.
> This is done by adding a disable_functions directive to php.ini, i.e.:
> 
> disable_functions=system,exec,passthru,shell_exec, 
> popen,phpinfo,escapeshellcmd,escapeshellarg,proc_open,show_source
> 
> Some functionalities in Typo3 (i.e. Imagemagick) need some of those 
> functions to be enabled (exec, for instance), so some of those functions 
> cannot actually be disabled.
> [...]

Well, find out yourself!
Retrieve a list with suggested function names to be disabled.
Then, for each function grep through TYPO3 Core to check if such
function is used or not!
Afterwards, report back your findings to this list. ;-)


Marcus.


More information about the TYPO3-english mailing list