PHP 7.0.0 Beta 2 Released

Funções restritas/desabilitadas pelo "safe mode"

Esta continua sendo uma lista provavelmente incompleta e possivelmente incorreta de funcões limitadas pelo "safe mode".

Funcões limitadas do safe mode
Funções Limitações
dbmopen() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed.
dbase_open() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed.
filepro() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed.
filepro_rowcount() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed.
filepro_retrieve() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed.
ifx_* sql_safe_mode restrictions, (!= safe mode)
ingres_* sql_safe_mode restrictions, (!= safe mode)
mysql_* sql_safe_mode restrictions, (!= safe mode)
pg_lo_import() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed.
posix_mkfifo() Checks whether the directory in which the script is operating has the same UID (owner) as the script that is being executed.
putenv() Obedece as diretivas-ini safe_mode_protected_env_vars e safe_mode_allowed_env_vars. Veja também a documentação de putenv()
move_uploaded_file() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed.
chdir() Checks whether the directory in which the script is operating has the same UID (owner) as the script that is being executed.
dl() This function is disabled when PHP is running in safe mode.
backtick operator This function is disabled when PHP is running in safe mode.
shell_exec() (função equivalente ao backticks) This function is disabled when PHP is running in safe mode.
exec() Poderá somente utilizar executáveis dentro do safe_mode_exec_dir. Por razões práticas, não é permitido possuir componentes .. no endereço do executável. escapeshellcmd() é executado como argumento desta função.
system() Poderá somente utilizar executáveis dentro do safe_mode_exec_dir. Por razões práticas, não é permitido possuir componentes .. no endereço do executável. escapeshellcmd() é executado como argumento desta função.
passthru() Poderá somente utilizar executáveis dentro do safe_mode_exec_dir. Por razões práticas, não é permitido possuir componentes .. no endereço do executável. escapeshellcmd() é executado como argumento desta função.
popen() Poderá somente utilizar executáveis dentro do safe_mode_exec_dir. Por razões práticas, não é permitido possuir componentes .. no endereço do executável. escapeshellcmd() é executado como argumento desta função.
fopen() Checks whether the directory in which the script is operating has the same UID (owner) as the script that is being executed.
mkdir() Checks whether the directory in which the script is operating has the same UID (owner) as the script that is being executed.
rmdir() Checks whether the directory in which the script is operating has the same UID (owner) as the script that is being executed.
rename() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which the script is operating has the same UID (owner) as the script that is being executed.
unlink() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which the script is operating has the same UID (owner) as the script that is being executed.
copy() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which the script is operating has the same UID (owner) as the script that is being executed. (on source and target)
chgrp() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed.
chown() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed.
chmod() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed. Além disso, não poderá alterar nem o SUID, nem o SGID, nem os sticky bits
touch() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which the script is operating has the same UID (owner) as the script that is being executed.
symlink() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which the script is operating has the same UID (owner) as the script that is being executed. (nota: somente o alvo é verificado)
link() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which the script is operating has the same UID (owner) as the script that is being executed. (nota: somente o alvo é verificado)
apache_request_headers() No "safe mode" o cabeçalho authorization (case-insensitive) não é retornado.
header() No "safe mode", o uid do script é adicionado ao realm que faz parte do cabeçalho WWW-Authenticate se você definir esse cabeçalho (usado para autenticação HTTP).
PHP_AUTH variables No "safe mode", as variáveis PHP_AUTH_USER, PHP_AUTH_PW e AUTH_TYPE não estão disponíveis em $_SERVER. Porém, pode-se utilizar o REMOTE_USER para o USER. (nota: apenas para a versão a partir PHP 4.3.0)
highlight_file(), show_source() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which the script is operating has the same UID (owner) as the script that is being executed.
parse_ini_file() Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which the script is operating has the same UID (owner) as the script that is being executed.
set_time_limit() Não há efeito quando o safe mode está ativado.
max_execution_time Não há efeito quando o safe mode está ativado.
mail() No safe mode, o quinto parâmetro é desabilitado.
session_start() O dono do script precisa ser o mesmo dono do diretório session.save_path se se o files padrão em session.save_handler for usado.
Todos as funções do sistemas de arquivos e de streams. Checks whether the files or directories being operated upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which the script is operating has the same UID (owner) as the script that is being executed. (veja a opção safe_mode_include_dir no php.ini

add a note add a note

User Contributed Notes 2 notes

up
2
tschmieder at bitworks dot de
7 years ago
refers to the previuos posting of

bananarama
15-May-2006 10:11

"all file-handling and -management functions are restricted, just in case someones wondering why they're not listed here.
a script can run these functions on files without errors, if the files were created (are owned) by the same UID, the script was created (is owned) by."

.... or if the directory, in which the file is located, has the same UID as the script, which tries to use a file in that directory...
up
2
Jan
9 years ago
It seems that glob and file_exists functions are also restricted in safe-mode.
To Top