why is php's ini_set function switched off on

2020-05-06 10:58发布

问题:

I am using hosting on VPS and they've not allowed me to use php's ini_set function to set configuration at runtime, on a script by script basis. Instead I must change the settings directly in the php.ini file which is a mission to access via SSH.

Why is this?

This, although fine, is slightly annoying as I have 12 domains on the shared server and I do not neccessarily want to set the settings across the board....

回答1:

If it's a product aimed at resellers, it is probably to prevent your clients / customers / users from changing php.ini settings at will, which is usually a wise thing to do.

But if you have full access to the machine, shouldn't you be able to re-activate ini_set?



回答2:

Like Pekka said, if you can modify your php.ini via SSH, then try to change it there.

Turn off safe_mode and check for contents of disable_functions

This directive allows you to disable certain functions for security reasons. It takes on a comma-delimited list of function names. disable_functions is not affected by Safe Mode. This directive must be set in php.ini For example, you cannot set this in httpd.conf.



回答3:

VPS providers have a tendency to force their users to use the most secure environment possible. Disabling ini_set() typically is good security practice, since you could easily have an eval() statement in your PHP code that uses a GET/POST/SESSION variable as input, for example. I believe ini_set() is blocked by default if safe_mode is turned on. I would imagine any shared hosting provider would enforce safe_mode.



回答4:

Can you tell more about the server components. PHP as CGI or mod_php. Is PHP enabled with suPHP or other protection systems? Some option can be changed with an .htaccess file. Have you direct access to the httpd.conf file? There you can enable ini_set() -> http://php.net/manual/en/configuration.changes.php