Some PHP risk functions that need to be disabled (disable_functions) _php tips

Phpinfo ()
Function Description: Output PHP environment information and related modules, WEB environment and other information.
Hazard level: In

PassThru ()
Function Description: Allows to execute an external program and echo output, similar to exec ().
Danger level: High

EXEC ()
Function Description: Allows execution of an external program (such as a UNIX Shell or CMD command, etc.).
Danger level: High

System ()
Function Description: Allow to execute an external program and echo output, similar to PassThru ().
Danger level: High

Chroot ()
Functional Description: Can change the working root directory of the current PHP process, only if the system supports CLI mode
PHP to work, and this function does not apply to Windows systems.
Danger level: High

Scandir ()
Feature Description: Lists the files and directories in the specified path.
Hazard level: In

CHGRP ()
Feature Description: Change the user group to which the file or directory belongs.
Danger level: High

Chown ()
Feature Description: Change the owner of a file or directory.
Danger level: High

Shell_exec ()
Function Description: Executes the command through the Shell and returns the execution result as a string.
Danger level: High

Proc_open ()
Function Description: Executes a command and opens the file pointer for reading and writing.
Danger level: High

Proc_get_status ()
Feature Description: Gets information about the process that was opened using Proc_open ().
Danger level: High

Error_log ()
Feature Description: Sends error messages to the specified location (file).
Security Note: In some versions of PHP, you can use Error_log () to bypass PHP safe mode.
Execute arbitrary commands.
Hazard Rating: Low

Ini_alter ()
Function Description: is an alias function of the Ini_set () function, the function is the same as Ini_set ().
See Ini_set () specifically.
Danger level: High

Ini_set ()
Function Description: Can be used to modify, set the PHP environment configuration parameters.
Danger level: High

Ini_restore ()
Function Description: Can be used to restore the PHP environment configuration parameters to its initial value.
Danger level: High

DL ()
Function Description: Load a PHP external module while PHP is running (rather than booting).
Danger level: High

Pfsockopen ()
Feature Description: Establish a persistent socket connection to the Internet or UNIX domain.
Danger level: High

Syslog ()
Functional Description: The system-level syslog () function of the UNIX system can be invoked.
Hazard level: In

Readlink ()
Function Description: Returns the contents of the destination file that the symbolic connection points to.
Hazard level: In

Symlink ()
Feature Description: Establishes a symbolic link in the UNIX system.
Danger level: High

Popen ()
Function Description: You can pass a command through the parameters of Popen () and execute the file opened by Popen ().
Danger level: High

Stream_socket_server ()
Feature Description: Establish an Internet or UNIX server connection.
Hazard level: In

Putenv ()
Feature Description: Used to change the system character set environment while PHP is running. In PHP below the 5.2.6 version, you can use this function
After modifying the system character set environment, use the sendmail instruction to send special parameters to execute the System SHELL command.
Danger level: High

The disabled methods are as follows:
Open the/etc/php.ini file,
Find Disable_functions, add the name of the function you want to disable, as follows:
Phpinfo,eval,passthru,exec,system,chroot,scandir,chgrp,chown,shell_exec,proc_open,proc_get_status,ini_alter, Ini_alter,ini_restore,dl,pfsockopen,openlog,syslog,readlink,symlink,popepassthru,stream_socket_server,fsocket, Fsockopen