PHP source code audit dictionary

I have classified functions related to PHP security. I have read many articles and blogs, and I would like to express my gratitude. 1. include/require/require_once/include_once/users/system/popen/passthru/proc_open/pcntl_exec/users/preg_replace/assert/call_user_func/call_user_func_array/create_function4. _ GET/_ POST/_ COOKIE/_ SERVER/_ REQUEST/_ ENV/php: // input/getenv/5. session/cookie6.extract/parse_str/mb_parse_str/import_request_variables/unserialize7.copy/rmdir/chmod/delete/fwrite/fopen/readfile/fpasst Hru/clusters/file_put_contents/unlink/upload/opendir/fgetc/fgets/ftruncate/fputs/fputcs8.select/insert/update/delete/order by/group by/limit/in (/stripslashes /urldecode9.confirm _ phpdoc_compiled/mssql_pconnect/mssql_connect/crack_opendict/snmpget/ibase_connect10.echo/print/printf/vprintf/document. write/document. innerHTML/document. innerHtmlText11.phpinfo/highlight_file/show_source12.iconv/m B _convert_encoding comes with security configuration options in php. ini. Safe_mode = off (a lot of shit cannot be done with this on) disabled_functions = N/A (no one, we want all) register_globals = on (we can set variables by request) allow_url_include = on (for lfi/rfi) allow_url_fopen = on (for lfi/rfi) magic_quotes_gpc = off (this will escape '"and NUL's with a backslash and we don't want that) short_tag_open = on (some scripts are using short tags, better o N) file_uploads = on (we want to upload) display_errors = on (we want to see the script errors, maybe some undeclared variables?) Open_basedir: Restricted Access Directory display_errors = off: displays error messages