1.2.100. Can’t Disable Function

This is the list of potentially dangerous PHP functions being used in the code, such as exec() or fsockopen().

eval() is not reported here, as it is not a PHP function, but a language construct : it can’t be disabled. This analysis is the base for suggesting values for the disable_functions directive.

<?php

// This script uses ftp_connect(), therefore, this function shouldn't be disabled.
$ftp = ftp_connect($host, 21);

// This script doesn't use imap_open(), therefore, this function may be disabled.

?>

1.2.100.1. Connex PHP features

1.2.100.1.1. Specs

Short name

Security/CantDisableFunction

Rulesets

All, Appinfo, CE, Changed Behavior

Exakat since

0.8.4

PHP Version

All

Severity

Major

Time To Fix

Slow (1 hour)

Precision

High

Related rule

Can’t Disable Class

Available in

Entreprise Edition, Community Edition, Exakat Cloud