For example, setting this directive as follows limits modification
to only those variables with a PHP_ prefix:
safe_mode_allowed_env_vars = "PHP_"
Keep in mind that leaving this directive blank means that the user can modify any
environment variable.
safe_mode_protected_env_vars = string
Scope: PHP_INI_SYSTEM; Default value: LD_LIBRARY_PATH
The safe_mode_protected_env_vars directive offers a means for explicitly preventing
certain environment variables from being modified. For example, if you want to
prevent the user from modifying the PATH and LD_LIBRARY_PATH variables, you use this
directive:
safe_mode_protected_env_vars = "PATH, LD_LIBRARY_PATH"
open_basedir = string
Scope: PHP_INI_SYSTEM; Default value: NULL
Much like Apache??™s DocumentRoot directive, PHP??™s open_basedir directive can
establish a base directory to which all file operations will be restricted. This prevents
users from entering otherwise restricted areas of the server. For example, suppose all
Web material is located within the directory /home/www. To prevent users from viewing
and potentially manipulating files like /etc/passwd via a few simple PHP commands,
consider setting open_basedir like this:
open_basedir = "/home/www/"
CHAPTER 2 ?– CONFIGURING YOUR EN V IRONMENT 37
Note that the influence exercised by this directive is not dependent upon the
safe_mode directive.
disable_functions = string
Scope: PHP_INI_SYSTEM; Default value: NULL
In certain environments, you may want to completely disallow the use of certain
default functions, such as exec() and system().
Pages:
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118