Page MenuHomePhabricator
Create Task
Maniphest T12462

Allow disabling of phpinfo within php.ini
Closed, WontfixPublic
Actions

Description

Currently the pre-flight checks will throw a wobbly if the disable_functions configuration parameter is defined within php.ini.

Some security policies mandate that phpinfo specifically is disabled.

Since phabricator doesn't need phpinfo to run, I suggest allowing this as an exception?

A small modification to /phabricator/src/applications/config/check/PhabricatorPHPPreflightSetupCheck.php sorts this (though aware its in the middle of the Debian commentary!).

+ // # We are required to disable phpinfo by Security Audit - AF 29/03/2017
+ if ($function === 'phpinfo') {
+ unset($functions[$k]);
+

Event Timeline

Fordy created this task.Mar 29 2017, 5:09 AM
chad closed this task as Wontfix.Mar 29 2017, 5:13 AM
chad claimed this task.
Fordy added a comment.Mar 29 2017, 5:19 AM

fast response, any words as to why this wont be fixed?

chad added a comment.Mar 29 2017, 5:20 AM

See Contributing Feature Requests for what we require in a feature request.

Fordy added a comment.Mar 29 2017, 5:38 AM

Hmmm, will have another go and delete bits and guess what i did wrong was suggesting a solution..

Phabricator · Built by Phacility