Strona 1 z 1

Blokada funkcji w php

: 19 października 2013, 22:02
autor: piroaa
Ze względów bezpieczeństwa dobrze jest zablokować kilka funkcji w php. Oto lista z opisami, którą ostatnimi czasy opracowałem:

Kod: Zaznacz cały

PHP Options/Info Functions
    assert_options — Set/get the various assert flags
    assert — Checks if assertion is FALSE
    cli_get_process_title — Returns the current process title
    cli_set_process_title — Sets the process title
    dl — Loads a PHP extension at runtime
    extension_loaded — Find out whether an extension is loaded
    gc_collect_cycles — Forces collection of any existing garbage cycles
    gc_disable — Deactivates the circular reference collector
    gc_enable — Activates the circular reference collector
    gc_enabled — Returns status of the circular reference collector
    get_cfg_var — Gets the value of a PHP configuration option
    get_current_user — Gets the name of the owner of the current PHP script
    get_defined_constants — Returns an associative array with the names of all the constants and their values
    get_extension_funcs — Returns an array with the names of the functions of a module
    get_include_path — Gets the current include_path configuration option
    get_included_files — Returns an array with the names of included or required files
    get_loaded_extensions — Returns an array with the names of all modules compiled and loaded
    get_magic_quotes_gpc — Gets the current configuration setting of magic_quotes_gpc
    get_magic_quotes_runtime — Gets the current active configuration setting of magic_quotes_runtime
    get_required_files — Alias of get_included_files
    getenv — Gets the value of an environment variable
    getlastmod — Gets time of last page modification
    getmygid — Get PHP script owner's GID
    getmyinode — Gets the inode of the current script
    getmypid — Gets PHP's process ID
    getmyuid — Gets PHP script owner's UID
    getopt — Gets options from the command line argument list
    getrusage — Gets the current resource usages
    ini_alter — Alias of ini_set
    ini_get_all — Gets all configuration options
    ini_get — Gets the value of a configuration option
    ini_restore — Restores the value of a configuration option
    ini_set — Sets the value of a configuration option
    magic_quotes_runtime — Alias of set_magic_quotes_runtime
    main — Dummy for main
    memory_get_peak_usage — Returns the peak of memory allocated by PHP
    memory_get_usage — Returns the amount of memory allocated to PHP
    php_ini_loaded_file — Retrieve a path to the loaded php.ini file
    php_ini_scanned_files — Return a list of .ini files parsed from the additional ini dir
    php_logo_guid — Gets the logo guid
    php_sapi_name — Returns the type of interface between web server and PHP
    php_uname — Returns information about the operating system PHP is running on
    phpcredits — Prints out the credits for PHP
    phpinfo — Outputs information about PHP's configuration
    phpversion — Gets the current PHP version
    putenv — Sets the value of an environment variable
    restore_include_path — Restores the value of the include_path configuration option
    set_include_path — Sets the include_path configuration option
    set_magic_quotes_runtime — Sets the current active configuration setting of magic_quotes_runtime
    sys_get_temp_dir — Returns directory path used for temporary files
    version_compare — Compares two "PHP-standardized" version number strings
    zend_logo_guid — Gets the Zend guid
    zend_thread_id — Returns a unique identifier for the current thread
    zend_version — Gets the version of the current Zend engine
Filesystem Functions
    disk_free_space — Returns available space on filesystem or disk partition
    disk_total_space — Returns the total size of a filesystem or disk partition
    diskfreespace — Alias of disk_free_space
    filegroup — Gets file group
    fileinode — Gets file inode
    fileowner — Gets file owner
    fileperms — Gets file permissions
    fpassthru — Output all remaining data on a file pointer
    is_executable — Tells whether the filename is executable
    lchgrp — Changes group ownership of symlink
    lchown — Changes user ownership of symlink
    link — Create a hard link
    linkinfo — Gets information about a link
    lstat — Gives information about a file or symbolic link
    parse_ini_file — Parse a configuration file
    parse_ini_string — Parse a configuration string
    readlink — Returns the target of a symbolic link
    realpath_cache_get — Get realpath cache entries
    realpath_cache_size — Get realpath cache size
    rewind — Rewind the position of a file pointer
    stat — Gives information about a file
    symlink — Creates a symbolic link
    touch — Sets access and modification time of file
Proctitle Functions
    setproctitle — Set the process title
    setthreadtitle — Set the thread title
PCNTL Functions
    pcntl_alarm — Set an alarm clock for delivery of a signal
    pcntl_errno — Alias of pcntl_strerror
    pcntl_exec — Executes specified program in current process space
    pcntl_fork — Forks the currently running process
    pcntl_get_last_error — Retrieve the error number set by the last pcntl function which failed
    pcntl_getpriority — Get the priority of any process
    pcntl_setpriority — Change the priority of any process
    pcntl_signal_dispatch — Calls signal handlers for pending signals
    pcntl_signal — Installs a signal handler
    pcntl_sigprocmask — Sets and retrieves blocked signals
    pcntl_sigtimedwait — Waits for signals, with a timeout
    pcntl_sigwaitinfo — Waits for signals
    pcntl_strerror — Retrieve the system error message associated with the given errno
    pcntl_wait — Waits on or returns the status of a forked child
    pcntl_waitpid — Waits on or returns the status of a forked child
    pcntl_wexitstatus — Returns the return code of a terminated child
    pcntl_wifexited — Checks if status code represents a normal exit
    pcntl_wifsignaled — Checks whether the status code represents a termination due to a signal
    pcntl_wifstopped — Checks whether the child process is currently stopped
    pcntl_wstopsig — Returns the signal which caused the child to stop
    pcntl_wtermsig — Returns the signal which caused the child to terminate
POSIX Functions
    posix_access — Determine accessibility of a file
    posix_ctermid — Get path name of controlling terminal
    posix_errno — Alias of posix_get_last_error
    posix_get_last_error — Retrieve the error number set by the last posix function that failed
    posix_getcwd — Pathname of current directory
    posix_getegid — Return the effective group ID of the current process
    posix_geteuid — Return the effective user ID of the current process
    posix_getgid — Return the real group ID of the current process
    posix_getgrgid — Return info about a group by group id
    posix_getgrnam — Return info about a group by name
    posix_getgroups — Return the group set of the current process
    posix_getlogin — Return login name
    posix_getpgid — Get process group id for job control
    posix_getpgrp — Return the current process group identifier
    posix_getpid — Return the current process identifier
    posix_getppid — Return the parent process identifier
    posix_getpwnam — Return info about a user by username
    posix_getpwuid — Return info about a user by user id
    posix_getrlimit — Return info about system resource limits
    posix_getsid — Get the current sid of the process
    posix_getuid — Return the real user ID of the current process
    posix_initgroups — Calculate the group access list
    posix_isatty — Determine if a file descriptor is an interactive terminal
    posix_kill — Send a signal to a process
    posix_mkfifo — Create a fifo special file (a named pipe)
    posix_mknod — Create a special or ordinary file (POSIX.1)
    posix_setegid — Set the effective GID of the current process
    posix_seteuid — Set the effective UID of the current process
    posix_setgid — Set the GID of the current process
    posix_setpgid — Set process group id for job control
    posix_setsid — Make the current process a session leader
    posix_setuid — Set the UID of the current process
    posix_strerror — Retrieve the system error message associated with the given errno
    posix_times — Get process times
    posix_ttyname — Determine terminal device name
    posix_uname — Get system name
Program execution Functions
    escapeshellarg — Escape a string to be used as a shell argument
    escapeshellcmd — Escape shell metacharacters
    exec — Execute an external program
    passthru — Execute an external program and display raw output
    proc_close — Close a process opened by proc_open and return the exit code of that process
    proc_get_status — Get information about a process opened by proc_open
    proc_nice — Change the priority of the current process
    proc_open — Execute a command and open file pointers for input/output
    proc_terminate — Kills a process opened by proc_open
    shell_exec — Execute command via shell and return the complete output as a string
    system — Execute an external program and display the output
Semaphore Functions
    ftok — Convert a pathname and a project identifier to a System V IPC key
    msg_get_queue — Create or attach to a message queue
    msg_queue_exists — Check whether a message queue exists
    msg_receive — Receive a message from a message queue
    msg_remove_queue — Destroy a message queue
    msg_send — Send a message to a message queue
    msg_set_queue — Set information in the message queue data structure
    msg_stat_queue — Returns information from the message queue data structure
    sem_acquire — Acquire a semaphore
    sem_get — Get a semaphore id
    sem_release — Release a semaphore
    sem_remove — Remove a semaphore
    shm_attach — Creates or open a shared memory segment
    shm_detach — Disconnects from shared memory segment
    shm_get_var — Returns a variable from shared memory
    shm_has_var — Check whether a specific entry exists
    shm_put_var — Inserts or updates a variable in shared memory
    shm_remove_var — Removes a variable from shared memory
    shm_remove — Removes shared memory from Unix systems
Shared Memory Functions
    shmop_close — Close shared memory block
    shmop_delete — Delete shared memory block
    shmop_open — Create or open shared memory block
    shmop_read — Read data from shared memory block
    shmop_size — Get size of shared memory block
    shmop_write — Write data into shared memory block
Network Functions
    define_syslog_variables — Initializes all syslog related variables
    gethostname — Gets the host name
    openlog — Open connection to system logger
    syslog — Generate a system log message
FTP Functions
    ftp_alloc — Allocates space for a file to be uploaded
    ftp_cdup — Changes to the parent directory
    ftp_chdir — Changes the current directory on a FTP server
    ftp_chmod — Set permissions on a file via FTP
    ftp_close — Closes an FTP connection
    ftp_connect — Opens an FTP connection
    ftp_delete — Deletes a file on the FTP server
    ftp_exec — Requests execution of a command on the FTP server
    ftp_fget — Downloads a file from the FTP server and saves to an open file
    ftp_fput — Uploads from an open file to the FTP server
    ftp_get_option — Retrieves various runtime behaviours of the current FTP stream
    ftp_get — Downloads a file from the FTP server
    ftp_login — Logs in to an FTP connection
    ftp_mdtm — Returns the last modified time of the given file
    ftp_mkdir — Creates a directory
    ftp_nb_continue — Continues retrieving/sending a file (non-blocking)
    ftp_nb_fget — Retrieves a file from the FTP server and writes it to an open file (non-blocking)
    ftp_nb_fput — Stores a file from an open file to the FTP server (non-blocking)
    ftp_nb_get — Retrieves a file from the FTP server and writes it to a local file (non-blocking)
    ftp_nb_put — Stores a file on the FTP server (non-blocking)
    ftp_nlist — Returns a list of files in the given directory
    ftp_pasv — Turns passive mode on or off
    ftp_put — Uploads a file to the FTP server
    ftp_pwd — Returns the current directory name
    ftp_quit — Alias of ftp_close
    ftp_raw — Sends an arbitrary command to an FTP server
    ftp_rawlist — Returns a detailed list of files in the given directory
    ftp_rename — Renames a file or a directory on the FTP server
    ftp_rmdir — Removes a directory
    ftp_set_option — Set miscellaneous runtime FTP options
    ftp_site — Sends a SITE command to the server
    ftp_size — Returns the size of the given file
    ftp_ssl_connect — Opens an Secure SSL-FTP connection
    ftp_systype — Returns the system type identifier of the remote FTP server
Misc. Functions
    highlight_file — Syntax highlighting of a file
    highlight_string — Syntax highlighting of a string
    php_strip_whitespace — Return source with stripped comments and whitespace
    show_source — Alias of highlight_file
    sys_getloadavg — Gets system load average
A tutaj pełna lista, którą osobiście blokuję. Ma kilka funkcji więcej i jest gotowa do umieszczenia w pliku php.ini:

Kod: Zaznacz cały

assert_options ,assert ,cli_get_process_title ,cli_set_process_title ,dl ,extension_loaded ,gc_collect_cycles ,gc_disable ,gc_enable ,gc_enabled ,get_cfg_var ,get_current_user ,get_defined_constants ,get_extension_funcs ,get_include_path ,get_included_files ,get_loaded_extensions ,get_magic_quotes_gpc ,get_magic_quotes_runtime ,get_required_files ,getenv ,getlastmod ,getmygid ,getmyinode ,getmypid ,getmyuid ,getopt ,getrusage ,ini_alter ,ini_get_all ,ini_get ,ini_restore ,ini_set ,magic_quotes_runtime ,main ,memory_get_peak_usage ,memory_get_usage ,php_ini_loaded_file ,php_ini_scanned_files ,php_logo_guid ,php_sapi_name ,php_uname ,phpcredits ,phpinfo ,phpversion ,putenv ,restore_include_path ,set_include_path ,set_magic_quotes_runtime ,version_compare ,zend_logo_guid ,zend_thread_id ,zend_version ,disk_free_space ,disk_total_space ,diskfreespace ,filegroup ,fileinode ,fileowner ,fileperms ,fpassthru ,is_executable ,lchgrp ,lchown ,link ,linkinfo ,lstat ,parse_ini_file ,parse_ini_string ,readlink ,realpath_cache_get ,realpath_cache_size ,rewind ,stat ,symlink ,touch ,setproctitle ,setthreadtitle ,pcntl_alarm ,pcntl_errno ,pcntl_exec ,pcntl_fork ,pcntl_get_last_error ,pcntl_getpriority ,pcntl_setpriority ,pcntl_signal_dispatch ,pcntl_signal ,pcntl_sigprocmask ,pcntl_sigtimedwait ,pcntl_sigwaitinfo ,pcntl_strerror ,pcntl_wait ,pcntl_waitpid ,pcntl_wexitstatus ,pcntl_wifexited ,pcntl_wifsignaled ,pcntl_wifstopped ,pcntl_wstopsig ,pcntl_wtermsig ,posix_access ,posix_ctermid ,posix_errno ,posix_get_last_error ,posix_getcwd ,posix_getegid ,posix_geteuid ,posix_getgid ,posix_getgrgid ,posix_getgrnam ,posix_getgroups ,posix_getlogin ,posix_getpgid ,posix_getpgrp ,posix_getpid ,posix_getppid ,posix_getpwnam ,posix_getpwuid ,posix_getrlimit ,posix_getsid ,posix_getuid ,posix_initgroups ,posix_isatty ,posix_kill ,posix_mkfifo ,posix_mknod ,posix_setegid ,posix_seteuid ,posix_setgid ,posix_setpgid ,posix_setsid ,posix_setuid ,posix_strerror ,posix_times ,posix_ttyname ,posix_uname ,escapeshellarg ,escapeshellcmd ,exec ,passthru ,proc_close ,proc_get_status ,proc_nice ,proc_open ,proc_terminate ,shell_exec ,system ,ftok ,msg_get_queue ,msg_queue_exists ,msg_receive ,msg_remove_queue ,msg_send ,msg_set_queue ,msg_stat_queue ,sem_acquire ,sem_get ,sem_release ,sem_remove ,shm_attach ,shm_detach ,shm_get_var ,shm_has_var ,shm_put_var ,shm_remove_var ,shm_remove ,shmop_close ,shmop_delete ,shmop_open ,shmop_read ,shmop_size ,shmop_write ,define_syslog_variables ,gethostname ,openlog ,syslog ,ftp_alloc ,ftp_cdup ,ftp_chdir ,ftp_chmod ,ftp_close ,ftp_connect ,ftp_delete ,ftp_exec ,ftp_fget ,ftp_fput ,ftp_get_option ,ftp_get ,ftp_login ,ftp_mdtm ,ftp_mkdir ,ftp_nb_continue ,ftp_nb_fget ,ftp_nb_fput ,ftp_nb_get ,ftp_nb_put ,ftp_nlist ,ftp_pasv ,ftp_put ,ftp_pwd ,ftp_quit ,ftp_raw ,ftp_rawlist ,ftp_rename ,ftp_rmdir ,ftp_set_option ,ftp_site ,ftp_size ,ftp_ssl_connect ,ftp_systype ,highlight_file ,highlight_string ,php_strip_whitespace ,show_source ,sys_getloadavg,openssl_csr_export_to_file, openssl_csr_export, openssl_csr_new, openssl_csr_sign, openssl_error_string, openssl_free_key,openssl_get_privatekey, openssl_get_publickey, openssl_open, openssl_pkcs7_decrypt, openssl_pkcs7_encrypt, openssl_pkcs7_sign, openssl_pkcs7_verify, openssl_pkey_export_to_file, openssl_pkey_export, openssl_pkey_free, openssl_pkey_get_private,openssl_pkey_get_public, openssl_pkey_new, openssl_private_decrypt, openssl_private_encrypt, openssl_public_decrypt,openssl_public_encrypt, openssl_seal, openssl_sign, openssl_verify, openssl_x509_check_private_key, openssl_x509_checkpurpose,openssl_x509_export_to_file, openssl_x509_export, openssl_x509_free, openssl_x509_parse, openssl_x509_read, curl_version, load_file, leak, listen, ignore_user_abord, source, fpaththru, virtual, shell, disktotalspace, popen

Oraz skromna lista klas:

Kod: Zaznacz cały

Phar,PharData,PharFileInfo,PharException
Jeśli blokujecie coś jeszcze dajcie znać pewnie też włączę.