Home » Php » disable_functions php.ini eval function still work

disable_functions php.ini eval function still work

Posted by: admin July 12, 2020 Leave a comment

Questions:

I got a little problem trying to disable some function in my php.
First of all, i`m not the owner of the server so I can’t change the master php.ini configuration. But I tried to change it with the directive the server owner give me.

Here is the line I put in the php.ini file I created

disable_functions=eval,exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

in my phpinfo() I can see in the local value and the master value that those function are disabled.

But my problem start here.
In the same file in witch i run the phpinfo() and I can confirm that the function are supposed to be disabled, I run an eval() and a shell_exec() and the eval() still work but the shel_exec() is disabled.

Why can’t I disable eval()?

How to&Answers:

eval is a language construct, not a function, so it can’t be disabled. See http://www.php.net/eval for more info.

Answer:

You can try building https://github.com/mk-j/PHP_diseval_extension to disable eval.