Disabled PHP functions
As an increased security measure it’s a good idea to have the following functions disabled in your php.ini file:
show_source – Prints out or returns a syntax highlighted version of the code contained in
filename using the colors defined in the built-in syntax highlighter for PHP.
system – Execute an external program and display the output
shell_exec – Execute command via shell and return the complete output as a string
passthru – Execute an external program and display raw output
exec – Execute an external program
popen – Opens process file pointer
proc_open – Execute a command and open file pointers for input/output
These are potentially unsafe functions that malicious scripts can take advantage of. More information about PHP functions can be found here.
Here’s an easy-to-paste string for your php.in file: show_source,system,shell_exec,passthru,exec,popen,proc_open