Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:98274 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 9587 invoked from network); 9 Feb 2017 17:12:23 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 9 Feb 2017 17:12:23 -0000 Authentication-Results: pb1.pair.com smtp.mail=php@golemon.com; spf=softfail; sender-id=softfail Authentication-Results: pb1.pair.com header.from=php@golemon.com; sender-id=softfail Received-SPF: softfail (pb1.pair.com: domain golemon.com does not designate 74.125.82.177 as permitted sender) X-PHP-List-Original-Sender: php@golemon.com X-Host-Fingerprint: 74.125.82.177 mail-ot0-f177.google.com Received: from [74.125.82.177] ([74.125.82.177:34094] helo=mail-ot0-f177.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 3C/B8-33872-6F2AC985 for ; Thu, 09 Feb 2017 12:12:22 -0500 Received: by mail-ot0-f177.google.com with SMTP id f9so8070909otd.1 for ; Thu, 09 Feb 2017 09:12:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=golemon-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=yIIEvVU+ayJESCDjkFH1a/0ccr5pv+dCL0PGQA+H+h0=; b=iqvbz34k2IwvIMo2xn45gapK8L21gOJHjFRRhZmnp39bSo/ZmyFdB+MjLDN+0f7MIq EkS9CkzjD09FxS63lQgWkccgR1YUKVZ6iPT7S/VmWdaNBBcZ7g2bL04qsnUutaV89TRZ v8RI4lBkiZzFZbzhzCmkGytcOit5EamDbHoKiuj8D5aJoaAbnyY+hS4o5vdoVEjEWjuC 74F8Ahm0AcQR0cXZc7Jmy0QofS2jyJQHF4nGsxENp5IRMgGNa5MCCbvuKAp0ZUCisn6u 43z7ARoY6BgCkiOg02wCvNZGivjivkTjTNjVZFhnY/ZeUBvpL11VLfQPjk05Xz2FTSJv QM7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=yIIEvVU+ayJESCDjkFH1a/0ccr5pv+dCL0PGQA+H+h0=; b=LPM9unnGz3HSktZGNJ0StGFOkwup04XPpWMYV1OXlVORvY9+sXfWWa+zjze32YubAX 4eySCBAltrcj6M16GQqIepiJZrtNsVCjlUgaTWbtNhonHR1sX2nFrbjpg4+oVTrt4WMH mXuKHSAZqeSjSfzqyDKFu1g0c4HwRpsZYwbDCzrkAW1Z78dAK1g/2F2WecHa4UYNjYdc PgmFjkauOLtzxBmfl5w83OCDxI2Qk5agvW1RzM7RdRYNWJlRdy/n7ghrduSeGjCl6dy5 Wq2xAYU7M/7w1hByK2juTZJY24eMaaoQSrUOoCz69zGThWKfCox2ij0Jd0WrB5z5in2J kuEg== X-Gm-Message-State: AMke39nIwbsmaDSfjIgAoRtTjQ/jmqLrbBvp3xTnohl0uu0pT/C4c3eilbytjjXy64172blMbbFJTVAnVYK+nw== X-Received: by 10.157.15.221 with SMTP id m29mr2113303otd.186.1486660338707; Thu, 09 Feb 2017 09:12:18 -0800 (PST) MIME-Version: 1.0 Sender: php@golemon.com Received: by 10.157.14.104 with HTTP; Thu, 9 Feb 2017 09:12:18 -0800 (PST) X-Originating-IP: [73.9.224.155] In-Reply-To: <4CD4DCCC-6643-4A66-B6AD-4BF0EF89FDA9@gmail.com> References: <4CD4DCCC-6643-4A66-B6AD-4BF0EF89FDA9@gmail.com> Date: Thu, 9 Feb 2017 12:12:18 -0500 X-Google-Sender-Auth: 50c-9txcS6oUMLwnncoNeiuQ2Js Message-ID: To: Ben RUBSON Cc: PHP internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Improve (disable|enable)_functions #65386 From: pollita@php.net (Sara Golemon) On Thu, Jan 19, 2017 at 6:18 AM, Ben RUBSON wrote: > As proposed by cmb (thank you !), I open a discussion regarding req #65386 : > https://bugs.php.net/bug.php?id=65386 > > It summarizes requests around disable_functions directive : > - modification of disable_functions to be a PHP_INI_SYSTEM directive ; > Could you clarify? `disable_functions` *IS* a PHP_INI_SYSTEM directive: PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL) > - implementation of enable_functions as a PHP_INI_SYSTEM directive ; > I'm not a big fan of a whitelist for weakening/overriding a blacklist setting. There's also a technical hurdle here due to the way that functions are (currently) disabled. It's INI_SYSTEM because enabling/disabling on a per-request (per vhost essentially means per request) basis means a lot more heavy lifting than disabling on a system-wide level (we just replace the function implementation in the global table with a STFU message). func->handler = ZEND_FN(display_disabled_function); > - support of wildcards in these 2 directives. > I could potentially get down with wildcards. It's way easier to exhaustively cover an entire class of functions, but if the goal is to disable an entire extension's worth of functions, wouldn't one just.... not load that extension? I understand this part makes more sense with the `enable_functions` idea, but... see above. -Sara