• The "root problem" from our point of view is a security policy with no technical basis. As a general rule, we do not implement changes to help installs solve problems of their own making, and you have this problem only because of your policy.
• disable_functions = phpinfo does not improve the security of Phabricator, but impairs normal behavior.
• To move forward, you should either: change the policy, obtain an exemption to the policy, fork Phabricator, or select other software which adheres to the policy.

Cool thanks for the detailed response.

I do think it is technically reasonable to have phpinfo disabled by default, as in normal running mode there is no need for it and it does open doors that would be better closed. This is common practice in a few places so thought i'd share upstream with you guys.

random write up that explains in more words - https://www.adampalmer.me/iodigitalsec/2010/07/06/disabling-phpinfo/

Though obviously i accept its your call :)

no need for it

During normal operation, we use it with ob_start() to introspect PHP's configuration to help users with setup:

https://secure.phabricator.com/source/phabricator/browse/master/src/applications/config/view/PhabricatorSetupIssueView.php;654f0f6043f810ca4c9deef10f97178dc5b811b9$347-405