[Phpmyadmin-devel] disabled functions for security
robbat2 at orbis-terrarum.net
robbat2 at orbis-terrarum.net
Mon Mar 3 08:36:06 CET 2003
On Mon, Mar 03, 2003 at 08:05:48AM -0800, robbat2 at orbis-terrarum.net wrote:
> On Mon, Mar 03, 2003 at 10:03:08AM -0500, Marc Delisle wrote:
> > >>>>Problem is, in this case, function_exists('ini_get') is true
> > >>>>even if ini_get() is disabled.
> > >>>>
> > >>>This is a problem, indeed. As far as I can say, we can only work around
> > >>>this by adding a new directive to the config file, e.g.
> > >>>$cfg['IniGetDisabled'] with default value FALSE. In this case we simply
> > >>>replace ...
> > >>>
> > >>>function_exists('ini_get')
> > >>>
> > >>>... by ...
> > >>>
> > >>>(!$cfg['IniGetDisabled'] && function_exists('ini_get'))
> > >>>
> > >Just taking this generic for a sec, does somebody want to throw together
> > >PMA_function_exists() that does the function_exists check + check if
> > >it's disabled for a better result?
> > I agree to take this generic, but just *how* can we check if it's disabled?
> > Try it and look for an error?
> Sounds like a good route to me.
>
> I'm trying to hack together a testcase quickly.
Umm, on PHP 4.3.0 I get results that like the following:
(with ini_get disabled):
function_exists('ini_get') returns FALSE
which is not what was mentioned before!
I can't quite get code to behave right anyway
but everybody can take a look at it in the meantime:
http://www.orbis-terrarum.net/~robbat2/phptest/
--
Robin Hugh Johnson
E-Mail : robbat2 at orbis-terrarum.net
Home Page : http://www.orbis-terrarum.net/?l=people.robbat2
ICQ# : 30269588 or 41961639
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20030303/a7326397/attachment-0001.sig>
More information about the Developers
mailing list