An buga wata hanya don ƙetare a cikin mai fassarar PHP ƙayyadaddun ƙuntatawa da aka ƙayyade ta amfani da umarnin disable_functions da sauran saitunan a cikin php.ini. Bari mu tuna cewa umarnin disable_functions yana ba da damar hana amfani da wasu ayyuka na ciki a cikin rubutun, alal misali, zaku iya kashe “tsarin, exec, passthru, popen, proc_open da shell_exec” don toshe kira zuwa shirye-shiryen waje ko fopen don hana. bude fayiloli.
Abin lura ne cewa amfani da aka yi amfani da shi yana amfani da raunin da aka ba da rahoto ga masu haɓaka PHP fiye da shekaru 10 da suka wuce, amma sun dauki shi karamar matsala ba tare da wani tasiri na tsaro ba. Hanyar harin da aka gabatar ya dogara ne akan canza ƙimar sigogi a cikin ƙwaƙwalwar ajiyar tsari kuma yana aiki a cikin duk sakin PHP na yanzu, farawa tare da PHP 7.0 (har ila yau harin yana yiwuwa akan PHP 5.x, amma wannan yana buƙatar canje-canje ga amfani) . An gwada cin zarafi akan wasu jeri na Debian, Ubuntu, CentOS da FreeBSD tare da PHP a cikin nau'i na cli, fpm da module don apache2.
source: budenet.ru