Edit report at https://bugs.php.net/bug.php?id=62397&edit=1
ID: 62397 Comment by: bobwei9 at hotmail dot com Reported by: spamik at yum dot pl Summary: disable_functions = eval does not work Status: Not a bug Type: Bug Package: *General Issues PHP Version: 5.3.14 Block user comment: N Private report: N New Comment: Why can't you simply add a new core directive for disabling this language construct? Previous Comments: ------------------------------------------------------------------------ [2012-06-23 12:29:45] larue...@php.net as I said, eval is not a *function*, so disable_*functions* has no effect to eval.. ------------------------------------------------------------------------ [2012-06-23 10:56:33] anon at anon dot anon A reason why a bug exists is not a reason why it is not a bug. ------------------------------------------------------------------------ [2012-06-23 09:14:58] larue...@php.net eval is not a function, if you want to disable it, you may refer to Suhosin thanks ------------------------------------------------------------------------ [2012-06-23 07:28:04] reeze dot xia at gmail dot com eval is not a function but language construct http://php.net/eval so it cannot be disabled by adding it to disable_functions ------------------------------------------------------------------------ [2012-06-23 00:24:50] spamik at yum dot pl Description: ------------ disable_functions = eval does not work. eval is often used to obfucate code by malicious viruses. I see no reason why blocking access to eval() is not doable. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=62397&edit=1