Disabled Functions are Treated Like Non-Existent Functions in PHP 8.0

Disabled Functions are Treated Like Non-Existent Functions in PHP 8.0

PHP has disable_functions directive that allows to specify functions which should be disabled. This commonly used to disable unsafe functions for security reasons.

The disable_functions directive can be set in php.ini file:

disable_functions = phpinfo

Let's say we have a PHP script and want to use a disabled function:

<?php

phpinfo();

In versions prior to PHP 8.0, trying to use a disabled function emits a warning.

Warning: phpinfo() has been disabled for security reasons in main.php on line 3

Since PHP 8.0, trying to use a disabled function provides a fatal error because the disabled function is treated like non-existent function.

Fatal error: Uncaught Error: Call to undefined function phpinfo() in main.php:3

Since PHP 8.0, we can redefine a disabled function.

<?php

function phpinfo() {
    echo 'PHP Version >=8.0';
}

phpinfo();

In PHP 8.0 or newer versions, output will be:

PHP Version >=8.0

In versions prior to PHP 8.0, trying to redefine a disabled function provides a fatal error.

Fatal error: Cannot redeclare phpinfo() in main.php on line 3

Related

Leave a Comment

Cancel reply

Your email address will not be published.