On Fri, Feb 10, 2017 at 4:02 AM, Ben RUBSON <ben.rub...@gmail.com> wrote: >> On 09 Feb 2017, at 18:12, Sara Golemon <poll...@php.net> wrote: >> Could you clarify? `disable_functions` *IS* a PHP_INI_SYSTEM directive: >> >> PHP_INI_ENTRY("disable_functions", "", PHP_INI_SYSTEM, NULL) > > However, as per all the bugs referenced by #65386, > using "php_admin_value disable_functions" in httpd.conf does not correctly > work. > The main issue certainly is that it can't be used per vhost. > (note that it however still affects their local ini value) > That's not surprising. When disable_functions processes an INI change, it's a one-way affair. Any functions listed in the INI setting are clobbered and their original handlers are lost (on purpose, I imagine).
When a new setting comes in to override it (via php_admin_value) it can only add to the list of disabled functions, not restore previously disabled functions. Again, I'm not certain, but my gut says this was intentional. >> There's also a technical hurdle here due to the way that functions are >> (currently) disabled. It's INI_SYSTEM because enabling/disabling on a >> per-request (per vhost essentially means per request) basis means a >> lot more heavy lifting than disabling on a system-wide level (we just >> replace the function implementation in the global table with a STFU >> message). > > Sounds like it would then require some dev to achieve this behaviour. > Would it however hurt requests performance ? > TL;DR - Yes. If you want a single process to serve some requests with function X disabled and some to serve it with that function enabled, then SOME amount of per-request processing has to be done. Maybe it's done on RINIT to shuffle around the function table, maybe it's done at function call time via a flag, maybe it's done by compiling to a different instruction for "potentially disabled function call". I'm not sure as I haven't thought very far into the problem. >> but if the goal is to >> disable an entire extension's worth of functions, wouldn't one >> just.... not load that extension? > > Because one would certainly want to re-enable one of these functions in > one of its vhosts (or even globally in php.ini) :) > Is running separate fcgi instances not an option here? -Sara -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php