I want disable execute some php function like file_put_content,exec,eval on special directory.
I can use disable_functions in php.ini but how can define a special folder like c:\poject\public
If you have a working version of php.ini that disables the functions you want, then you just need to "link" the folder to that specidif .ini file. This means that your web server should, when serving files from that directory, should use that specific .ini file instead of the system one.
If you are using Apache2 as a server, a solution can be found here you can define a specific php.ini file for each virtualhost. Let's say you specific folder is /var/www/web1, you should put the php.ini with the function disabled into /var/www/web1 and use this Apache2 configuration
<VirtualHost 1.2.3.4:80>
[...]
PHPINIDir /var/www/web1
[...]
</VirtualHost>
If you are not familiar with or not using VirtualHosts (but still using Apache2), another possibile solution is putting PHP configuration into a file named .htaccess in the folder, with a syntax like this:
php_value disable_functions "file_put_content,exec,eval"
You can't use the disable_functions setting anywhere other than in a php.ini file, according to the PHP documentation,.
If you need per-vhost or per-directory restrictions on functions, I would suggest using separate instances of PHP-FPM, each of which can have its own php.ini. It also provides additional security benefits, such as complete sandboxing per daemon instance.
EDIT:
You can read about it on official documentation
or
php-fpm example configuration for both UNIX and TCP sockets.
Related
On a fresh install of Fedora 28 running PHP 7.2.14 I am experiencing a strange issue where short_open_tag = On in the main php.ini is being ignored. I have verified that there is only one instance of the flag in only the main php.ini (/etc/php.ini). I have tried setting the flag on in .htaccess with php_value short_open_tag 1. I have restarted Apache after each change. But when I verify with phpinfo() the flag is always set to Off. Has this flag been finally deprecated and the change is simply not reflected in the PHP change log (http://php.net/ChangeLog-7.php)? Looking through the PHP source (which I am no expert at) does not suggest an override so I am at a loss for explanation. Any insight would be appreciated.
I will first note that this question looks like a duplicate of this one. On the off chance it's not, here's my best answer.
The PHP documentation has a page on the opening tags which says:
PHP also allows for short open tag <? (which is discouraged since it is only available if enabled using the short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option).
Check phpinfo() and you may see a section entitled Configure Command which contains compilation options. See if there's an --enable-short-tags option in there anywhere. If not, listen to #phil and look for a section titled Additional .ini files parsed which may list other ini files that have been parsed.
If your search is as thorough as you suggest in your original post and you still cannot get short tags, it may be turned off in an apache configuration file or the short_open_tag directive may exist in more than one spot. A PHP.ini directive will override any prior values that might have been set.
A grep search might help. In my PHP info output, I see these values:
Loaded Configuration File - /etc/php5/apache2/php.ini
Scan this dir for additional .ini files - /etc/php5/apache2/conf.d
I can easily search all files in that location with this grep command:
grep -ir 'short_open_tag' /etc/php5/apache2
If you double/triple check all these ini files and restart apache and still can't get short_open_tag setting to work, this value may be set as an apache option. I suggest searching the apache configuration files for any reference to short_open_tag. The exact directory location may be different on your machine, but this grep command works for me
grep -ir 'short_open_tag' /etc/apache2
You should also keep in mind that your apache configuration may not be set up to even bother with .htaccess files so your attempt to override using .htaccess may be for naught unless you configure apache to actually use the .htaccess file. Assuming your apache configuration does bother parsing your htaccess file, this appears to be covered in another question here on SO.
And finally, if your server is configured to use PHP-FPM, then it uses a pool of PHP processes to handle PHP requests from the web server. If that's the case, you would need to restart php-fpm with this command:
sudo service php7.0-fpm restart
NOTE: this command may vary on different machines.
My development environment is shared with other developers of my startup and is setup on Rackspace. The php.ini file is located in /etc/ folder, and I believe this is a centralized location from where every other developer's dev environment setting is being configured from. I want to customize this php.ini file specifically for myself rather than having to do it in the /etc/ location.
Specifically I am setting up XDEBUG in my environment, some other developers don't want it, so I don't want to bug em :)
To do so, I scanned the Internet on how to override the php.ini file specifically for a directory, and found this page on stackoverflow
And following that, I simply copy pasted the php.ini file within my htdocs folder and then simply echoed out phpinfo() (I echoed this in one of my Controllers, (using Zend)). The index.php file is within the htdocs folder.
When I look # "Loaded Configuration File", it still reads
/etc/ instead of ../htdocs/
Anybody know what's up?
In general, it isn't possible to load php.ini on a per directory basis, but in some special cases (CGI/FastCGI), it is: see documentation for Per-user configuration
Since PHP 5.3.0, PHP includes support for .htaccess-style INI files on a per-directory basis. These files are processed only by the CGI/FastCGI SAPI. This functionality obsoletes the PECL htscanner extension. If you are using Apache, use .htaccess files for the same effect.
In addition to the main php.ini file, PHP scans for INI files in each directory, starting with the directory of the requested PHP file, and working its way up to the current document root (as set in $_SERVER['DOCUMENT_ROOT']). In case the PHP file is outside the document root, only its directory is scanned.
If you are hosting several independent sites on one server, you should consider FastCGI anyway, to keep them separated. With php5-fpm it's very easy to setup many pools of workers.
Note that only set a limited subset of the ini-options in the user-ini-file.
As you said you don't have control on the server, the possible work-arounds would be to:
Use ini_set() to override the changes inside your script. Not all of the configuration directives can be changed using ini_set() though.
Use an .htaccess file in your directory to override the configurations in php.ini file.
(certain parts adapted from #1438393)
Hope this helps!
I'm not sure you understood the post. The post means if you run the server and want a per domain php.ini you can run the module as a per domain so each user controls there domain php.ini however it looks like your server does not offer this so you will need to us htaccess file to overwrite the php.ini settings.
By over write this doesn't mean you can change the directory this means maybe add a module or add error reporting ect...
You can do it by using this post: How can I use xdebug to debug only one virtual host?
My development environment is shared with other developers of my startup and is setup on Rackspace. The php.ini file is located in /etc/ folder, and I believe this is a centralized location from where every other developer's dev environment setting is being configured from. I want to customize this php.ini file specifically for myself rather than having to do it in the /etc/ location.
Specifically I am setting up XDEBUG in my environment, some other developers don't want it, so I don't want to bug em :)
To do so, I scanned the Internet on how to override the php.ini file specifically for a directory, and found this page on stackoverflow
And following that, I simply copy pasted the php.ini file within my htdocs folder and then simply echoed out phpinfo() (I echoed this in one of my Controllers, (using Zend)). The index.php file is within the htdocs folder.
When I look # "Loaded Configuration File", it still reads
/etc/ instead of ../htdocs/
Anybody know what's up?
In general, it isn't possible to load php.ini on a per directory basis, but in some special cases (CGI/FastCGI), it is: see documentation for Per-user configuration
Since PHP 5.3.0, PHP includes support for .htaccess-style INI files on a per-directory basis. These files are processed only by the CGI/FastCGI SAPI. This functionality obsoletes the PECL htscanner extension. If you are using Apache, use .htaccess files for the same effect.
In addition to the main php.ini file, PHP scans for INI files in each directory, starting with the directory of the requested PHP file, and working its way up to the current document root (as set in $_SERVER['DOCUMENT_ROOT']). In case the PHP file is outside the document root, only its directory is scanned.
If you are hosting several independent sites on one server, you should consider FastCGI anyway, to keep them separated. With php5-fpm it's very easy to setup many pools of workers.
Note that only set a limited subset of the ini-options in the user-ini-file.
As you said you don't have control on the server, the possible work-arounds would be to:
Use ini_set() to override the changes inside your script. Not all of the configuration directives can be changed using ini_set() though.
Use an .htaccess file in your directory to override the configurations in php.ini file.
(certain parts adapted from #1438393)
Hope this helps!
I'm not sure you understood the post. The post means if you run the server and want a per domain php.ini you can run the module as a per domain so each user controls there domain php.ini however it looks like your server does not offer this so you will need to us htaccess file to overwrite the php.ini settings.
By over write this doesn't mean you can change the directory this means maybe add a module or add error reporting ect...
You can do it by using this post: How can I use xdebug to debug only one virtual host?
I am trying to use PHP's built-in function get_browser(). I followed the instructions in this useful post, but I'm still getting the error
browscap ini directive not set.
I downloaded the php_browscap.ini file and moved it into the same directory as my .htaccess file, so that its location is home/hostname/subdomain/php_browscap.ini Since I do not have access to my php.ini file, I am trying to edit the browscap property using .htaccess. This is what I entered:
php_value browscap home/hostname/subdomain/php_browscap.ini
I don't know if it matters, but below that there's some Rewrite Engine code.
As forementioned, I am still getting the error above. What did I do wrong?
Thanks.
The browscap PHP value has a changeable mode of PHP_INI_SYSTEM meaning it can only be set in php.ini or httpd.conf (not .htaccess).
Do a phpinfo() to understand your PHP runtime config. If your system is configure as "CGI/FastCGI" then it is probably running suPHP as the PHP initiator. In this case you can specify your own php.ini file. By default suPHP looks in the script directory but you can override this by the following directive in your .htaccess file:
suPHP_ConfigPath (expects a path name)
This option tells mod_suphp which path to pass on to the PHP-interpreter (by setting the PHPRC environment variable). Do NOT refer to a file but to the directory the file resists in.
E.g.: If you want to use "/path/to/server/config/php.ini", use "suPHP_Config/path/to/server/config".
If you don't use this option, PHP will use its compiled in default path.
Also you must use a properly formed path in your browsercap directive e.g.
browscap="/home/hostname/subdomain/php_browscap.ini"
(Note the leading /)
Addendum
I've just check and the Dreamhost shared hosting plan uses suEXEC. With suEXEC you can normally override the php.ini patch by copying the system php.ini (phpinfo() tells you where to find this) into a private directory, say _private as well as the browsercap.ini then adding
SetEnv PHPRC /home/hostname/_private
to your .htaccess file. If this doesn't work then the issue is specific to Dreamhost's suEXEC config and you need to ask this Q on http://discussion.dreamhost.com/
There are two potential problems here.
Perhaps your host does not allow you to override ini settings in the .htaccess file.
Maybe browscap does not like the path you have provided. Try:
php_value browscap /home/hostname/subdomain/php_browscap.ini
And ensure that permissions on that file allow the web user to read it.
If you are on a shared hosting and do not have access to the system php.ini then you can use the following standalone replacement of php's native "get_browser()" implementation.
https://github.com/garetjax/phpbrowscap
How do I edit php.ini when my host doesn't give me access to the core file? Is there a way to create a "sub" php.ini? If so, how would I make my apps pick up the subsequent file and use that instead of the master file (that I don't have access to edit)? It's a typical shared web host if that matters.
http://www.php.net/manual/en/configuration.changes.php
If your host allows it, you can use an Apache directive in an .htaccess file to override the INI path. (Most shared hosts, however, don't allow this.)
You might also be able to change certain individual settings via the ini_set() function in your script - again, if your host allows it.
Try to use the built-in function ini_set().