2007. 09. 14, péntek keltezéssel 08.31-kor Instruct ICC ezt írta: > > Instruct ICC schrieb: > > > I was going to mention > > > http://php.he.net/manual/en/features.safe-mode.functions.php and ask > > > you if you need any of those functions, but I prefer Nathan's answer. > > > You may be able to set the error reporting in conjunction with > > > disable_functions and be done. > > > Date: Thu, 13 Sep 2007 20:30:52 +0200 > > From: samy-delux@xxxxxx > > Hey, > > > > Thanks for the replies! > > safe-mode is not an option unfortunately! > > But changing the Error reporting, is the first thing I wanted to do, but > > when I asked if this was possible on this list, somebody replied, that > > it this is not possible! > > > > Could you point me to a way, how I can achieve, that the "this function > > is disabled" error, without suppressing other error messages? > > > > Regards, > > Samy > > I just tested what I had in mind. And it worked. When I added phpinfo to disable_functions in php.ini and attempted to use it in a script, it was displayed as a warning. So I modifed error_reporting in php.ini to not show warnings and I believe I achieved the results you want. However, in a production environment, I think you should disable all error reporting to not tip your hand to a hacker. I haven't verified this today, but I remember a situation where the PHP script would not display errors (or notices or warnings or ... whatever messages) in the web page, yet the message would still appeared in the Apache logs. > > I just changed php.ini to: > disable_functions = "phpinfo" > ... > error_reporting = E_ALL & ~E_WARNING a better solution would be error_reporting = E_ALL display_errors = off log_errors = on this sends all error messages to the apache log, as you mentioned above. see: http://hu2.php.net/manual/en/ref.errorfunc.php http://hu2.php.net/manual/en/ref.errorfunc.php#ini.display-errors greets Zoltán Németh > > http://php.net/manual/en/features.safe-mode.php > http://php.net/manual/en/function.error-reporting.php > http://php.net/manual/en/features.safe-mode.functions.php > > Ahh, read this in php.ini: > ; Print out errors (as a part of the output). For production web sites, > ; you're strongly encouraged to turn this feature off, and use error logging > ; instead (see below). Keeping display_errors enabled on a production web site > ; may reveal security information to end users, such as file paths on your Web > ; server, your database schema or other information. > > > Also Samy, > I saw something like this in someone's signature line on this list: > > > Because it destroys the context or flow of the discussion. > > >Why should I not "TOP-POST"? > > _________________________________________________________________ > Can you find the hidden words? Take a break and play Seekadoo! > http://club.live.com/seekadoo.aspx?icid=seek_wlmailtextlink -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
