Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:98274
Return-Path: <php@golemon.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 9587 invoked from network); 9 Feb 2017 17:12:23 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 9 Feb 2017 17:12:23 -0000
Authentication-Results: pb1.pair.com smtp.mail=php@golemon.com; spf=softfail; sender-id=softfail
Authentication-Results: pb1.pair.com header.from=php@golemon.com; sender-id=softfail
Received-SPF: softfail (pb1.pair.com: domain golemon.com does not designate 74.125.82.177 as permitted sender)
X-PHP-List-Original-Sender: php@golemon.com
X-Host-Fingerprint: 74.125.82.177 mail-ot0-f177.google.com  
Received: from [74.125.82.177] ([74.125.82.177:34094] helo=mail-ot0-f177.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 3C/B8-33872-6F2AC985 for <internals@lists.php.net>; Thu, 09 Feb 2017 12:12:22 -0500
Received: by mail-ot0-f177.google.com with SMTP id f9so8070909otd.1
        for <internals@lists.php.net>; Thu, 09 Feb 2017 09:12:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=golemon-com.20150623.gappssmtp.com; s=20150623;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=yIIEvVU+ayJESCDjkFH1a/0ccr5pv+dCL0PGQA+H+h0=;
        b=iqvbz34k2IwvIMo2xn45gapK8L21gOJHjFRRhZmnp39bSo/ZmyFdB+MjLDN+0f7MIq
         EkS9CkzjD09FxS63lQgWkccgR1YUKVZ6iPT7S/VmWdaNBBcZ7g2bL04qsnUutaV89TRZ
         v8RI4lBkiZzFZbzhzCmkGytcOit5EamDbHoKiuj8D5aJoaAbnyY+hS4o5vdoVEjEWjuC
         74F8Ahm0AcQR0cXZc7Jmy0QofS2jyJQHF4nGsxENp5IRMgGNa5MCCbvuKAp0ZUCisn6u
         43z7ARoY6BgCkiOg02wCvNZGivjivkTjTNjVZFhnY/ZeUBvpL11VLfQPjk05Xz2FTSJv
         QM7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=yIIEvVU+ayJESCDjkFH1a/0ccr5pv+dCL0PGQA+H+h0=;
        b=LPM9unnGz3HSktZGNJ0StGFOkwup04XPpWMYV1OXlVORvY9+sXfWWa+zjze32YubAX
         4eySCBAltrcj6M16GQqIepiJZrtNsVCjlUgaTWbtNhonHR1sX2nFrbjpg4+oVTrt4WMH
         mXuKHSAZqeSjSfzqyDKFu1g0c4HwRpsZYwbDCzrkAW1Z78dAK1g/2F2WecHa4UYNjYdc
         PgmFjkauOLtzxBmfl5w83OCDxI2Qk5agvW1RzM7RdRYNWJlRdy/n7ghrduSeGjCl6dy5
         Wq2xAYU7M/7w1hByK2juTZJY24eMaaoQSrUOoCz69zGThWKfCox2ij0Jd0WrB5z5in2J
         kuEg==
X-Gm-Message-State: AMke39nIwbsmaDSfjIgAoRtTjQ/jmqLrbBvp3xTnohl0uu0pT/C4c3eilbytjjXy64172blMbbFJTVAnVYK+nw==
X-Received: by 10.157.15.221 with SMTP id m29mr2113303otd.186.1486660338707;
 Thu, 09 Feb 2017 09:12:18 -0800 (PST)
MIME-Version: 1.0
Sender: php@golemon.com
Received: by 10.157.14.104 with HTTP; Thu, 9 Feb 2017 09:12:18 -0800 (PST)
X-Originating-IP: [73.9.224.155]
In-Reply-To: <4CD4DCCC-6643-4A66-B6AD-4BF0EF89FDA9@gmail.com>
References: <4CD4DCCC-6643-4A66-B6AD-4BF0EF89FDA9@gmail.com>
Date: Thu, 9 Feb 2017 12:12:18 -0500
X-Google-Sender-Auth: 50c-9txcS6oUMLwnncoNeiuQ2Js
Message-ID: <CAESVnVpFmLuJkSG-znmOyRDh2evcEiv3ZXzQkhoet4r9hekM=A@mail.gmail.com>
To: Ben RUBSON <ben.rubson@gmail.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] Improve (disable|enable)_functions #65386
From: pollita@php.net (Sara Golemon)

On Thu, Jan 19, 2017 at 6:18 AM, Ben RUBSON <ben.rubson@gmail.com> wrote:
> As proposed by cmb (thank you !), I open a discussion regarding req #65386 :
> https://bugs.php.net/bug.php?id=65386
>
> It summarizes requests around disable_functions directive :
> - modification of disable_functions to be a PHP_INI_SYSTEM directive ;
>
Could you clarify? `disable_functions` *IS* a PHP_INI_SYSTEM directive:

PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL)

> - implementation of enable_functions as a PHP_INI_SYSTEM directive ;
>
I'm not a big fan of a whitelist for weakening/overriding a blacklist setting.

There's also a technical hurdle here due to the way that functions are
(currently) disabled.  It's INI_SYSTEM because enabling/disabling on a
per-request (per vhost essentially means per request) basis means a
lot more heavy lifting than disabling on a system-wide level (we just
replace the function implementation in the global table with a STFU
message).

func->handler = ZEND_FN(display_disabled_function);


> - support of wildcards in these 2 directives.
>
I could potentially get down with wildcards.  It's way easier to
exhaustively cover an entire class of functions, but if the goal is to
disable an entire extension's worth of functions, wouldn't one
just.... not load that extension?

I understand this part makes more sense with the `enable_functions`
idea, but... see above.

-Sara