0

For various reasons (for example, phpMyAdmin stops working), it is not practical (for those higher up) to disable eval by adding:

[suhosin]
suhosin.executor.disable_eval = On

in php.ini.

Can eval be disabled with .htaccess, and if it can, how? What are the prerequisites, and what would I need to add to .htaccess in order to make it work?

The hosting is dedicated, runs on PHP 5.4.16, with phpMyAdmin 4.0.10.1. Updates of everything involved (PHP, phpMyAdmin, MariaDB, the webapps running, PHP extensions, etc) can not be done at the moment (or in any forseeable future), so what I'm looking for is a patch-up.

FiddlingAway
  • 1,598
  • 3
  • 14
  • 30
  • What different should it make whether you disable a function from the php settings or from a dynamic configuration? It is missing for all logic triggered by a request. – arkascha Aug 14 '21 at 11:27
  • @arkascha If it's disabled globally (php.ini), it breaks phpMyAdmin, that's why I want to be able to disable it locally, via .htaccess, if possible. Or, if not, with user.ini, which would contain the exceptions from the general php.ini rules. – FiddlingAway Aug 16 '21 at 11:17
  • 1
    That is not really possible, I would expect. Not because such feature is not available inside distributed configuration files (".htaccess") in apache, but because that is not how php works in such an environment, _unless_ you use old fashioned cgi logic for processing (which however is slow like a turtle). – arkascha Aug 16 '21 at 11:33

0 Answers0