The phpinfo() function in php has a lot of uses. Before going to disable the phpinfo function, you must learn the basics of it. Here is the link which helps you to create the phpinfo –> phpinfo()
What is phpinfo() function ?
The function phpinfo() displays the current information of PHP, which includes the php extensions and compilations, version, server information and environment (if compiled as a module), the PHP environment, paths, master and local values of configuration options, HTTP headers, and the PHP License etc.
You will get the PHP information not only from the browser but also from the server command-line. For that you just need to execute the phpinfo file, like:
php phpinfo.php
How to disable phpinfo() ?
This post was published on Oct, 2018. Verified with new versions and updated. In case of any issues, please comment. Our team will reply or update the post as soon as possible.
There is an option called disable_functions in php configuration file (php.ini) on server to disable php functions. Here is the steps to do the same.
Step I : SSH to server
Step II : Edit the php.ini file
disable_functions = phpinfo
OR, In .htaccess, add the following line.
php_value disable_functions phpinfo
What is the difference between Tar and Gzip ? Details with example
I too had this doubt! what are the differences between “tar” and “zip” utilities in Linux.
The answer is quit simple rather than the confusion. We all are very familiar about the word (extension) “.tar.gz“, it’s very common when we download something from internet. Read more..
Other php functions commonly disabled in shared environment.
#show_source()
The show_source() function outputs a file with the PHP syntax highlighted. The syntax is highlighted by using HTML tags. The colors used for highlighting can be set in the php.ini file or with the ini_set() function. This function returns TRUE on success, or FALSE on failure. show_source() is an alias of highlight_file().
#system
Execute an external program and display the output
#shell_exec
Execute command via shell and return the complete output as a string
#passthru
Execute an external program and display raw output
#exec
Execute an external program
#popen
Opens process file pointer
#proc_open
Execute a command and open file pointers for input/output
#allow_url_fopen
If enabled, allow_url_fopen allows PHP’s file functions to retrieve data from remote locations such as an FTP server or web site, and could lead to code injection vulnerabilities.
Eg; In php.ini
disable_functions = "show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen"
Thank you!
Related articles
1, How to create phpinfo page on Linux server
2, List the current PHP handler on the server
3, How to change PHP handler from SuPHP to FastCGI
If you are interested in new technologies please read about how Prometheus helps on monitoring. All these docs are under this category, Prometheus.
This is an excellent post. This is really helpful and for my business websites.