php5. x Disable eval

This time, we will talk about how to prohibit the execution of eval function in php code. I thought we could directly modify disable_function in php. ini ~

However, the reality is often not so satisfactory. After checking GG for 1 time, it is found that eval is not a function, but a feature provided by php.

Fortunately, some predecessors provided php extension to disable the evil eval: suhosin

I began to find that it was necessary to patch php, but I refused, but I really didn't find a better way. However, the actual installation is really convenient:

yum install wget make gcc gcc-c++ zlib-devel openssl openssl-devel pcre-devel kernel keyutils patch perl
cd /usr/local/src
wget http://download.suhosin.org/suhosin- Corresponding version .tgz
tar zxvf suhosin- Corresponding version .tgz
cd suhosin- Corresponding version 
/usr/bin/phpize
./configure --with-php-config=/usr/bin/php-config
make & make install

After compiling, you will be prompted for the location of the library file, such as: /usr/lib64/php/modules

We only need to add the corresponding extension in php. ini:

extension=/usr/lib64/php/modules/suhosin.so
suhosin.executor.disable_eval=On

Restart php-fpm After the process, you can see in phpinfo that the suhosin extension has been installed ~

Look carefully at the added configuration items. In fact, many control points have to be studied slowly ~

Summarize