php 检查“exec”是否被禁用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3938120/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Check if "exec" is disabled
提问by esqew
Is there any function in PHP that I can use to detect whether or not the execfunction is available?
PHP 中是否有任何函数可以用来检测该exec函数是否可用?
回答by Brent
<?php
function exec_enabled() {
$disabled = explode(',', ini_get('disable_functions'));
return !in_array('exec', $disabled);
}
?>
EDIT: Fixed the explode as per Ziagl's comment.
编辑:根据 Ziagl 的评论修复了爆炸。
回答by Daniel Convissor
The following function is more robust. It deals with the disabled_functionsvalue having 0 or more spaces between function names, checks the suhosin patch's blacklist setting, covers safe_mode, and stores the answer for future reference.
下面的函数更健壮。它处理disabled_functions函数名称之间有 0 个或多个空格的值,检查 suhosin 补丁的黑名单设置,coverssafe_mode并存储答案以供将来参考。
function is_exec_available() {
static $available;
if (!isset($available)) {
$available = true;
if (ini_get('safe_mode')) {
$available = false;
} else {
$d = ini_get('disable_functions');
$s = ini_get('suhosin.executor.func.blacklist');
if ("$d$s") {
$array = preg_split('/,\s*/', "$d,$s");
if (in_array('exec', $array)) {
$available = false;
}
}
}
}
return $available;
}
回答by svens
You can search the ini setting disable_functionsfor the exec()function.
您可以搜索disable_functions该exec()功能的 ini 设置。
if( false !== strpos(ini_get("disable_functions"), "exec") ) {
// exec() is disabled
Just for completeness, note that PHP Safe Modeputs some restrictions on the function too.
为了完整起见,请注意 PHP安全模式也对该功能施加了一些限制。
回答by Tom Willmot
You also need to check whether safe_mode is active as exec is unavailable if safe_mode is on
您还需要检查 safe_mode 是否处于活动状态,因为如果 safe_mode 处于开启状态,则 exec 不可用
function is_exec_available() {
// Are we in Safe Mode
if ( $safe_mode = ini_get( 'safe_mode' ) && strtolower( $safe_mode ) != 'off' )
return false;
// Is shell_exec disabled?
if ( in_array( 'exec', array_map( 'trim', explode( ',', ini_get( 'disable_functions' ) ) ) ) )
return false;
return true;
}
回答by Lance Cleveland
A one-line compilation of safe mode, function exists, and disabled exec using some of the techniques found on various SO posts.
使用在各种 SO 帖子中找到的一些技术,对安全模式、函数存在和禁用 exec 的单行编译。
This will check that exec is available and enabled BEFORE trying to run it. If you run exec() and the function does not exist or is disabled a warning will be generated. Depending on the server settings that may render to the browser and will almost-always write a line to a log file = performance hit.
这将在尝试运行它之前检查 exec 是否可用并已启用。如果您运行 exec() 并且该函数不存在或被禁用,则会生成警告。取决于可能呈现给浏览器的服务器设置,并且几乎总是将一行写入日志文件 = 性能下降。
// Exec function exists.
// Exec is not disabled.
// Safe Mode is not on.
$exec_enabled =
function_exists('exec') &&
!in_array('exec', array_map('trim',explode(', ', ini_get('disable_functions')))) &&
!(strtolower( ini_get( 'safe_mode' ) ) != 'off')
;
if ($exec_enabled) { exec('blah'); }
