Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:4640
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Date: Wed, 1 Oct 2003 11:27:10 +0000 (GMT)
To: internals@lists.php.net
In-Reply-To: <20031001083315.70767.qmail@pb1.pair.com>
Message-ID: <Pine.LNX.4.44.0310011052230.5128-100000@topaz.local>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: disable_functions per compiled-in group 
From: keith@topaz5.worldonline.co.uk (Keith Roberts)
References: <20031001083315.70767.qmail@pb1.pair.com>


Hi list!

I'm no php developer, just a few ideas really.

Would it be possible to disable all unused functions per
group, that are compiled into php4, using directives in
php.ini?

Could be ideal for testing purposes, and for others that
want to use different configurations of the same php_module,
without having to keep compiling different flavoured versions.

Should also help in tightening up security issues too.


Something like:


php.ini

...

Disable_XYZ On|Off

# Which would disable ALL functions for that particular
# group, such as:

Disable_Filesystem On|Off
# would disable all the functions in the filesystem group

Disable_Directory On|Off
# would disable all functions in the directory group

# Then to selectively allow the ENABLING of required
# functions from a particular group, use something like:

Enable_Filesystem_functions move_uploaded_file, rename
# which would allow use of the above 2 functions from the
# filesystem group, but still leaving the others disabled.

...

Obviously, there must be a number of core functions that
php needs, and these probably cannot be disabled.

Would this be practical?


Kind Regards - Keith Roberts