-3

I want to block ini_get('disable_functions') without blocking ini_get() in disable_functions section because when i block ini_get() in my server the roundcube dosen't load, how can i do that?

alysa
  • 11
  • 1

1 Answers1

3

As far as I know there is no way to block functions in PHP based on their arguments. Allowing a user to see what functions are disabled will have no impact on server security. They can't use the functions anyway, so what possible use could they make of this knowledge?

Update: If you really want to block functions in PHP based on arguments you would have to modify the source of PHP itself and recompile your PHP binaries, which you of course can do if you know some ANSI C.

tbjers
  • 131
  • 3
  • +1. There's no benefit to blocking this, especially as malicious users would try to use the blocked functions anyways and wind up with an error indicating that they're blocked. – ceejayoz Jul 09 '13 at 19:54
  • If an attacker knows the blocked function so try the open functions to approach his goal – alysa Jul 09 '13 at 19:58
  • @alysa An attacker is going to try all of them. It's trivial to automate. This won't make you the slightest bit more secure. – ceejayoz Jul 09 '13 at 20:04