I think you could turn this around and not disable the functions in your php.ini
file but then disable them on a directory per directory basis in either a .htaccess
file or your Apache httpd.conf
file, if you're using Apache as your web server. Other web servers most likely offer this feature too.
According to this blog post, you can override php flag and value settings in php.ini
in your .htaccess
file.
For example you could do the following:
# .htaccess in directory X
php_value disable_functions exec,passthru,shell_exec,system
-or- to re-enable it:
# .htaccess in directory X
php_value disable_functions null
The above is untested by me so I'm not sure if it will work for you or not. Also I can understand some of the confusion around this facility in PHP
. According to the PHP documentation it doesn't sound like the above is possible outside of the php.ini
file.
disable_functions string
This directive allows you to disable certain
functions for security reasons. It takes on a comma-delimited list of
function names. disable_functions is not affected by Safe Mode.
Only internal functions can be disabled using this directive.
User-defined functions are unaffected.
This directive must be set in php.ini For example, you cannot set this
in httpd.conf.