How to disable phpinfo(); in a shared environment/hosting?
The phpinfo() function in php has a lot of uses. Before going to disable the phpinfo function,you must learn the basics of it. Here is the link which helps you to create the phpinfo >> phpinfo() <<
What is phpinfo() function ?
The function phpinfo() displays the current information of PHP, which includes the php extensions and compilations, version, server information and environment (if compiled as a module), the PHP environment, paths, master and local values of configuration options, HTTP headers, and the PHP License etc. You will get the PHP informations not only from the browser but also from the server command-line.
There is an option called disable_functions in php.ini file on server to disable php functions. Here is the steps to do the same.
Step I : SSH to server as root.
Step II : Edit the php.ini file,
disable_functions = phpinfo
In .htaccess, add the following line.
php_value disable_functions phpinfo
Other php functions commonly disabled in shared environment.
The show_source() function outputs a file with the PHP syntax highlighted. The syntax is highlighted by using HTML tags.
The colors used for highlighting can be set in the php.ini file or with the ini_set() function.
This function returns TRUE on success, or FALSE on failure.
show_source() is an alias of highlight_file().
Execute an external program and display the output
Execute command via shell and return the complete output as a string
Execute an external program and display raw output
Execute an external program
Opens process file pointer
Execute a command and open file pointers for input/output
If enabled, allow_url_fopen allows PHP’s file functions to retrieve data from remote locations such as an FTP server or web site, and could lead to code injection vulnerabilities.
Eg; In php.ini
disable_functions = "show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open, allow_url_fopen"