[wp-trac] [WordPress Trac] #37680: PHP Warning: ini_get_all() has been disabled for security reasons
WordPress Trac
noreply at wordpress.org
Tue Aug 30 05:30:03 UTC 2016
#37680: PHP Warning: ini_get_all() has been disabled for security reasons
------------------------------------------+-----------------------
Reporter: dd32 | Owner: dd32
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 4.6.1
Component: Bootstrap/Load | Version: 4.6
Severity: normal | Resolution:
Keywords: has-patch commit fixed-major | Focuses:
------------------------------------------+-----------------------
Comment (by jeremyfelt):
Replying to [comment:17 jdgrimes]:
> @dd32 `function_exists()` [https://secure.php.net/manual/en/function
.function-exists.php#refsect1-function.function-exists-notes doesn't
detect disabled functions]:
>
> >'''Note:'''
> >A function name may exist even if the function itself is unusable due
to configuration or compiling options (with the image functions being an
example).
`function_exists()` returns false for functions disabled through
`disable_function` in php.ini.
Via the discussion on #26772, it seems like it's possible for a false
positive when using suhosin config to disable. We added an additional
check for `ini_get( 'disable_functions' )` in [29330], but I'm not sure
how that works with suhosin anyway, which uses the option
`suhosin.executor.func.blacklist`.
It may be that we've done just fine with `function_exists()` on it's own
beyond that one bug report, but I may also not understand a piece.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37680#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list