Where PHP Safe_mode is restricted after opening. Workaround

Source: Internet
Author: User
Where PHP Safe_mode is restricted after opening.
Where Safe_mode is restricted after opening.

------Solution--------------------
If PHP opens the Save Model,system () and other program execution functions will refuse to start programs that are not in this directory. Must use/as directory delimiter, including safe_mode_allowed_env_varsstring in Windows

Functions that are restricted or shielded by Safe mode
Function Name Restrictions
Dbmopen () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed.
Dbase_open () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed.
Filepro () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed.
Filepro_rowcount () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed.
Filepro_retrieve () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed.
Ifx_*sql_safe_mode limit, (! = Safe Mode)
Ingres_*sql_safe_mode limit, (! = Safe Mode)
Mysql_*sql_safe_mode limit, (! = Safe Mode)
Pg_loimport () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed.
Posix_mkfifo () checks if the directory being manipulated has the same UID (owner) as the script being executed.
Putenv () follows the Safe_mode_protected_env_vars and Safe_mode_allowed_env_vars options for INI settings. Please refer to the documentation for the putenv () function.
Move_uploaded_file () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed.
ChDir () checks if the directory being manipulated has the same UID (owner) as the script being executed.
DL () This function cannot be used when PHP is running in safe mode.
Backtick operator This function cannot be used when PHP is running in safe mode.
Shell_exec () (functionally the same as the Backticks function) This function cannot be used when PHP is running in safe mode.
EXEC () can only perform operations under the directory set by Safe_mode_exec_dir. For some reason, you cannot currently use the path of an executable object ... Escapeshellcmd () will be applied to the parameters of this function.
System () can only be performed under the directory set by the Safe_mode_exec_dir. For some reason, you cannot currently use the path of an executable object ... Escapeshellcmd () will be applied to the parameters of this function.
PassThru () can only be performed under the directory set by Safe_mode_exec_dir. For some reason, you cannot currently use the path of an executable object ... Escapeshellcmd () will be applied to the parameters of this function.
Popen () can only be performed under the directory set by Safe_mode_exec_dir. For some reason, you cannot currently use the path of an executable object ... Escapeshellcmd () will be applied to the parameters of this function.
fopen () checks if the directory being manipulated has the same UID (owner) as the script being executed.
mkdir () checks if the directory being manipulated has the same UID (owner) as the script being executed.
RmDir () checks if the directory being manipulated has the same UID (owner) as the script being executed.
Rename () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed. Checks whether the directory being manipulated has the same UID (owner) as the script being executed.
Unlink () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed. Checks whether the directory being manipulated has the same UID (owner) as the script being executed.
Copy () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed. Checks whether the directory being manipulated has the same UID (owner) as the script being executed. (on source and target)
CHGRP () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed.
Chown () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed.
chmod () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed. Also, you cannot set SUID, SGID, and sticky bits
Touch () checks if the file or directory being manipulated has the same UID (owner) as the script being executed. Checks whether the directory being manipulated has the same UID (owner) as the script being executed.
Symlink () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed. Checks whether the directory being manipulated has the same UID (owner) as the script being executed. (Note: test target only)
Link () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed. Checks whether the directory being manipulated has the same UID (owner) as the script being executed. (Note: test target only)
Apache_request_headers () in Safe mode, headers that start with "authorization" (case-sensitive) will not be returned.
Header () in Safe mode, if Www-authenticate is set, the UID of the current script is added to the realm of the header.
Php_auth variables in safe mode, variables Php_auth_user, PHP_AUTH_PW, and Php_auth_type are not available in $_server. However, you can still use Remote_user to get the user name. (Note: PHP 4.3.0 only works later)
Highlight_file (), Show_source () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed. Checks whether the directory being manipulated has the same UID (owner) as the script being executed. (Note that only valid after 4.2.1 version)
Parse_ini_file () checks whether the file or directory being manipulated has the same UID (owner) as the script being executed. Checks whether the directory being manipulated has the same UID (owner) as the script being executed. (Note that only valid after 4.2.1 version)
Set_time_limit () does not work in safe mode.
Max_execution_time does not work in safe mode.
Mail () in Safe mode, the fifth parameter is masked. (note, only from PHP 4.2.3 affected)

------Solution--------------------

Safe_mode is the only Php_ini_system property that must be set by PHP.ini or httpd.conf. To enable Safe_mode, simply modify Php.ini:safe_mode = On or modify httpd.conf to define the directory:
Options followsymlinks php_admin_value Safe_mode 1
After restarting Apache, Safe_mode is in effect. Starting Safe_mode will limit many PHP functions, especially those related to the system, such as file opening, command execution, and so on.

All functions that manipulate files will only work with the same file as the script UID

Although Safe_mode is not omnipotent (the lower version of PHP can be bypassed), it is strongly recommended to turn on Safe mode to some extent to avoid some unknown attacks. However, there are many limitations to enabling Safe_mode, which can have an impact on your application, so you need to adjust your code and configuration to be harmonious. Functions that are restricted or shielded by Safe mode can refer to the PHP manual.
------Solution--------------------
Top 1 floor and 3 floor
------Solution--------------------
As long as you don't try to write the file, then there's no difference.
If you allow the use of programs to write files, then what mode is meaningless
  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.