The phpinfo() function in php has a lot of uses. Before going to disable the phpinfo function, you must learn the basics of it. Here is the link which helps you to create the phpinfo –> phpinfo()
What is phpinfo() function ?
The function phpinfo() displays the current information of PHP, which includes the php extensions and compilations, version, server information and environment (if compiled as a module), the PHP environment, paths, master and local values of configuration options, HTTP headers, and the PHP License etc.
You will get the PHP information not only from the browser but also from the server command-line. For that you just need to execute the phpinfo file, like:
How to disable phpinfo() ?
This post was published on Oct, 2018. Verified with new versions and updated. In case of any issues, please comment. Our team will reply or update the post as soon as possible.
There is an option called disable_functions in php configuration file (php.ini) on server to disable php functions. Here is the steps to do the same.
Step I : SSH to server
Step II : Edit the php.ini file
disable_functions = phpinfo
OR, In .htaccess, add the following line.
php_value disable_functions phpinfo
What is the difference between Tar and Gzip ? Details with example
I too had this doubt! what are the differences between “tar” and “zip” utilities in Linux.
The answer is quit simple rather than the confusion. We all are very familiar about the word (extension) “.tar.gz“, it’s very common when we download something from internet. Read more..
Other php functions commonly disabled in shared environment.
The show_source() function outputs a file with the PHP syntax highlighted. The syntax is highlighted by using HTML tags. The colors used for highlighting can be set in the php.ini file or with the ini_set() function. This function returns TRUE on success, or FALSE on failure. show_source() is an alias of highlight_file().
Execute an external program and display the output
Execute command via shell and return the complete output as a string
Execute an external program and display raw output
Execute an external program
Opens process file pointer
Execute a command and open file pointers for input/output
If enabled, allow_url_fopen allows PHP’s file functions to retrieve data from remote locations such as an FTP server or web site, and could lead to code injection vulnerabilities.
Eg; In php.ini
disable_functions = "show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen"
If you are interested in new technologies please read about how Prometheus helps on monitoring. All these docs are under this category, Prometheus.