How to disable phpinfo(); in a shared environment/hosting?

The phpinfo() function in php has a lot of uses. Before going to disable the phpinfo function,you must learn the basics of it. Here is the link which helps you to create the phpinfo >> phpinfo() <<

What is phpinfo() function ?

The function phpinfo() displays the current information of PHP, which includes the php extensions and compilations, version, server information and environment (if compiled as a module), the PHP environment, paths, master and local values of configuration options, HTTP headers, and the PHP License etc.

You will get the PHP information not only from the browser but also from the server command-line.

There is an option called disable_functions in php.ini file on server to disable php functions. Here is the steps to do the same.

Step I : SSH to server as root.
Step II : Edit the php.ini file,

disable_functions =  phpinfo

OR
In .htaccess, add the following line.

php_value disable_functions phpinfo

What is the difference between Tar and Gzip ? Details with example

I too had this doubt! what are the differences between “tar” and “zip” utilities in Linux.

The answer is quit simple rather than the confusion. We all are very familiar about the word (extension) “.tar.gz“, it’s very common when we download something from internet. Read more..

Other php functions commonly disabled in shared environment.

#show_source()

The show_source() function outputs a file with the PHP syntax highlighted. The syntax is highlighted by using HTML tags.
The colors used for highlighting can be set in the php.ini file or with the ini_set() function.
This function returns TRUE on success, or FALSE on failure.
show_source() is an alias of highlight_file().

#system

Execute an external program and display the output

#shell_exec

Execute command via shell and return the complete output as a string

#passthru

Execute an external program and display raw output

#exec

Execute an external program

#popen

Opens process file pointer

#proc_open

Execute a command and open file pointers for input/output

#allow_url_fopen

If enabled, allow_url_fopen allows PHP’s file functions to retrieve data from remote locations such as an FTP server or web site, and could lead to code injection vulnerabilities.

Eg; In php.ini

disable_functions = "show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen"

Thanks 🙂

Related Links:
1, How to create phpinfo page on Linux server
2, List the current PHP handler on the server
3, How to change PHP handler from SuPHP to FastCGI

Post navigation

Arunlal Ashok

Linux Systems Architect at Endurance International Group. I know her (Linux) since many years. Linux lover. Like to play on Linux console. I started this blog to share and discuss Linux thoughts.

Always happy for an open discussion! Write to arun (@) crybit (dot) com. Check about me for more details. About this blog and our strong members, check The team CryBit.com

Leave a Reply

Your email address will not be published. Required fields are marked *