开发者

overwrite the phpinfo() function?

问答 作者:

I was curious and was wondering if there was a way for me to make my own phpinfo() function?

function phpinfo() {
   // show custom list of php.ini settings here
}

i tried this but i get a parse error because i named my function the same as the PHP built-in function.

I know you can change the way phpinfo() outputs its data (colors etc) but I haven't found a way where I can filter the content of the page.开发者_高级运维

I am letting people make sub domain when they register and with that i am letting them host their own files, but i wan't to limit the phpinfo output so that they can only see what i let them see.

I have full control over my PHP installation as I am running my site off a dedicated server if that helps any.

You can rename the old phpinfo using runkit_function_rename. After you've renamed it, you can define a new function named phpinfo. If you need to call the old function, just call it by its new name. Alternatively, if you don't need to call the old function, you can remove it using runkit_function_remove.

The problem with these solutions is if they knew the name you renamed it to, they could call that to get the original output. The best solution is probably to modify the PHP source to filter what phpinfo outputs.

Edit: Here's an example of how you might use runkit_function_rename. I don't have runkit installed so I can't test to see if it works or not, but it might:

runkit_function_rename('phpinfo', 'old_phpinfo');

function phpinfo() {
    ob_start();
    old_phpinfo();
    $data=ob_get_contents();
    ob_end_clean();
    $data=str_replace("php", "(the language you're using)", $data);
    echo $data;
}

You could use the php.ini directive disable_functions to disable the standard phpinfo function which would allow you to define your own. See http://php.net/manual/en/ini.core.php.

I don't think this is a great route to go down though. You need to be able to trust people you are allowing to upload code to your server. I don't think there's much in the phpinfo() output that couldn't be got trivially by other means.

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9