Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
T
T
Tom2018-06-11 00:22:49
PHP
Tom, 2018-06-11 00:22:49

Is there a white list of php functions?

There are two questions:
first, it is necessary to create a white list of functions for the user to use. so that functions such as popen, pclose, exec, system, include, etc. are excluded.
Has anyone done this?
and secondly, what dangers can the code executed through cmd cause. That is, a php file is executed that calls cmd and then executes some instructions. what can it threaten?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Andrey, 2018-06-11
@VELIK505

so that functions such as popen,pclose,exec,system,include are excluded

in php.ini
It is also possible not globally but for the user to make a separate php.ini and list the prohibited functions there.

Report
R
Rastishka, 2018-06-25
@Rastishka

Once played with such a thing: evileval.sourceforge.net

Similar questions
E
Evgeny Yakushov2019-10-09 19:41:27
How to download a dynamically generated file and make the location of this page? 3Reply
N
Nicelogin2017-05-23 09:03:13
How to write bat file with condition check and ping command? 3Reply
S
Sergey c0re2019-10-27 15:59:55
How to import full export into Oracle 9i clean base? 2Reply
V
Vlad Osadchyi2019-10-30 17:12:17
Why would in_array(1.7, range(0, 2, 0.1)) return false? 2Reply
U
unlik2015-06-20 16:47:52
Installing Laravel 5.1 via phpstorm? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question