[wp-trac] [WordPress Trac] #37680: PHP Warning: ini_get_all() has been disabled for security reasons

WordPress Trac noreply at wordpress.org
Tue Aug 30 08:03:25 UTC 2016


#37680: PHP Warning: ini_get_all() has been disabled for security reasons
------------------------------------------+-----------------------
 Reporter:  dd32                          |       Owner:  dd32
     Type:  defect (bug)                  |      Status:  reopened
 Priority:  normal                        |   Milestone:  4.6.1
Component:  Bootstrap/Load                |     Version:  4.6
 Severity:  normal                        |  Resolution:
 Keywords:  has-patch commit fixed-major  |     Focuses:
------------------------------------------+-----------------------

Comment (by dd32):

 Replying to [comment:18 jeremyfelt]:
 > Replying to [comment:17 jdgrimes]:
 > > @dd32 `function_exists()` [https://secure.php.net/manual/en/function
 .function-exists.php#refsect1-function.function-exists-notes doesn't
 detect disabled functions]:
 > >
 > > >'''Note:'''
 > > >A function name may exist even if the function itself is unusable due
 to configuration or compiling options (with the image functions being an
 example).
 >
 > `function_exists()` returns false for functions disabled through
 `disable_function` in php.ini.
 >
 > Via the discussion on #26772, it seems like it's possible for a false
 positive when using suhosin config to disable. We added an additional
 check for `ini_get( 'disable_functions' )` in [29330], but I'm not sure
 how that works with suhosin anyway, which uses the option
 `suhosin.executor.func.blacklist`.
 >
 > It may be that we've done just fine with `function_exists()` on it's own
 beyond that one bug report, but I may also not understand a piece.

 Technically you're right, personally though, I don't want to perform silly
 work arounds like that. I'm fine with a server which uses a hardening
 extension to disable a safe function throwing warnings.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/37680#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list