5.1.3. Disable Functions

5.1.3.1. Mechanism Implementation

The implementation of Disable Function in PHP is in php-src/Zend/Zend-API.c. When PHP starts, it reads the forbidden functions in the configuration file, and calls them one by one according to the forbidden function names zend_disable_function to achieve the forbidden effect.

This function finds the corresponding position in the built-in function list according to the function name and modifies it. The code of the current version is as follows:

ZEND_API int zend_disable_function(char *function_name, size_t function_name_length) /* {{{ */
{
    zend_internal_function *func;
    if ((func = zend_hash_str_find_ptr(CG(function_table), function_name, function_name_length))) {
        zend_free_internal_arg_info(func);
        func->fn_flags &= ~(ZEND_ACC_VARIADIC | ZEND_ACC_HAS_TYPE_HINTS | ZEND_ACC_HAS_RETURN_TYPE);
        func->num_args = 0;
        func->arg_info = NULL;
        func->handler = ZEND_FN(display_disabled_function);
        return SUCCESS;
    }
    return FAILURE;
}

Similar to how functions are implemented, disable classes are also implemented in this way:

ZEND_API int zend_disable_class(char *class_name, size_t class_name_length) /* {{{ */
{
    zend_class_entry *disabled_class;
    zend_string *key;

    key = zend_string_alloc(class_name_length, 0);
    zend_str_tolower_copy(ZSTR_VAL(key), class_name, class_name_length);
    disabled_class = zend_hash_find_ptr(CG(class_table), key);
    zend_string_release_ex(key, 0);
    if (!disabled_class) {
        return FAILURE;
    }
    INIT_CLASS_ENTRY_INIT_METHODS((*disabled_class), disabled_class_new);
    disabled_class->create_object = display_disabled_class;
    zend_hash_clean(&disabled_class->function_table);
    return SUCCESS;
}

Because of this implementation mechanism, after PHP is started use ini_set to modify disable_functions or disable_classes is invalid.

disable_functionsdisable_classes

5.1.3.2. Bypass