Opened 8 years ago
Closed 7 months ago
#42085 closed defect (bug) (wontfix)
Still getting ini_get_all warning message
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Bootstrap/Load | Keywords: | needs-patch 2nd-opinion close |
| Focuses: | Cc: |
Description (last modified by )
For some PHP configurations, the check function_exists does not suffice.
Warning: ini_get_all() has been disabled for security reasons in /home/mysite/public_html/wp-includes/load.php on line 1027
Suggested fix in wp_is_ini_value_changeable()
if ( ! isset( $ini_all ) ) {
$ini_all = false;
// Sometimes `ini_get_all()` is disabled via the `disable_functions` option for "security purposes".
if ( function_exists( 'ini_get_all' ) ) {
$disabled_functions_raw = explode( ',', ini_get( 'disable_functions' ) );
$disabled_functions = array_map( 'trim', $disabled_functions_raw );
if (!array_search( 'ini_get_all', $disabled_functions ) ) {
$ini_all = ini_get_all();
}
}
}
Change History (8)
#2
@
8 years ago
- Keywords needs-patch added
- Milestone changed from Awaiting Review to Future Release
Hi @scottcwilson, welcome to WordPress Trac! Thanks for the report.
We already check ini_get( 'disable_functions' ) for phpinfo() in [29330], makes sense to do the same here.
#3
@
8 years ago
- Keywords 2nd-opinion added
- Version 4.8.2 deleted
Under what condition does function_exists( 'ini_get_all' ) return true despite it being disable via disable_functions? Is it only when Suhosin is in use?
This is a lot of clunky code to introduce when a function_exists() check should be all that's required.
#4
@
8 years ago
John, I have an environment where this is occurring and would be happy to run any tests you wish that will help characterize this. Regarding Suhosin, yes, the server is running Suhosin 0.9.38.
#5
@
8 years ago
From previous discussion on the topic, it looks like Suhosin is the common factor. I wonder if is_callable() works, either in addition to or instead of function_exists(), when a function is disabled via the disable_functions directive. That's less hacky than looking directly at the string value of disable_functions.
#7
@
9 months ago
- Keywords close added
It's been seven years and there haven't been any additional reports of this issue either on trac or in the forums. That seems to indicate to me that perhaps this was an issue with the specific version of Suhosin. I think this might be something that can be closed as wontfix.
Previously: #37680