1.2.98. Can’t Disable Function¶
This is the list of potentially dangerous PHP functions being used in the code, such as exec() or fsockopen().
eval() is not reported here, as it is not a PHP function, but a language construct : it can’t be disabled.
This analysis is the base for suggesting values for the disable_functions directive.
<?php
// This script uses ftp_connect(), therefore, this function shouldn't be disabled.
$ftp = ftp_connect($host, 21);
// This script doesn't use imap_open(), therefore, this function may be disabled.
?>
1.2.98.1. Specs¶
Short name |
Security/CantDisableFunction |
Rulesets |
|
Exakat since |
0.8.4 |
PHP Version |
All |
Severity |
Major |
Time To Fix |
Slow (1 hour) |
Precision |
High |
Features |
disable-functions |
Related rule |
|
Available in |