php5. x Disable eval
- 2021-11-10 08:57:00
- OfStack
This time, we will talk about how to prohibit the execution of eval function in php code. I thought we could directly modify disable_function in php. ini ~
However, the reality is often not so satisfactory. After checking GG for 1 time, it is found that eval is not a function, but a feature provided by php.
Fortunately, some predecessors provided php extension to disable the evil eval: suhosin
I began to find that it was necessary to patch php, but I refused, but I really didn't find a better way. However, the actual installation is really convenient:
yum install wget make gcc gcc-c++ zlib-devel openssl openssl-devel pcre-devel kernel keyutils patch perl
cd /usr/local/src
wget http://download.suhosin.org/suhosin- Corresponding version .tgz
tar zxvf suhosin- Corresponding version .tgz
cd suhosin- Corresponding version
/usr/bin/phpize
./configure --with-php-config=/usr/bin/php-config
make & make install
After compiling, you will be prompted for the location of the library file, such as:
/usr/lib64/php/modules
We only need to add the corresponding extension in php. ini:
extension=/usr/lib64/php/modules/suhosin.so
suhosin.executor.disable_eval=On
Restart
php-fpm
After the process, you can see in phpinfo that the suhosin extension has been installed ~
Look carefully at the added configuration items. In fact, many control points have to be studied slowly ~
Summarize