K
K
Kostya Bodnya2015-03-20 13:03:02
PHP
Kostya Bodnya, 2015-03-20 13:03:02

Why doesn't "suhosin.executor.disable_emodifier" work?

Hello!
I'm running PHP5.6 on Ubuntu 12.04 LTS as Apache 2.4
Suhosin module built from source.
In suhosin.ini I specify. the following directives:

suhosin.executor.disable_eval = On
suhosin.executor.disable_emodifier = On

If you look in phpinfo(), you can see that Suhosin is enabled, and these directives are set to "On" both globally and locally for the host.
But, here's the problem, the following code runs just fine:
eval('echo 5;');
This code runs just as well:
preg_replace("/.*/e", "eval('echo 5, PHP_EOL;')", ".");

Tell me, friends, how would I turn off all this indecency.
Thank you!

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question