From b7387f314b24da38ea05718e1496abfff66f4ef0 Mon Sep 17 00:00:00 2001 From: epriestley Date: Tue, 13 Aug 2013 10:11:05 -0700 Subject: [PATCH] Raise a setup fatal for 'disable_functions' or 'disable_classes' Summary: Fixes T3709. PHP has two configuration options ('disable_functions', 'disable_classes') which allow functions and classes to be blacklisted at runtime. Since these break things in an unclear way, raise a setup fatal if they are set. We take a slightly more tailored approach to these in `phd` already, but I'd rather try just saying "no, this is bad" and see if we can get away with it. I suspect we can, and there's no legitimate reason to blacklist functions given that Phabricator must have access to, e.g., `proc_open()`. Test Plan: {F54058} Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T3709 Differential Revision: https://secure.phabricator.com/D6739 --- .../check/PhabricatorSetupCheckPHPConfig.php | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/src/applications/config/check/PhabricatorSetupCheckPHPConfig.php b/src/applications/config/check/PhabricatorSetupCheckPHPConfig.php index b5edbf4e92..9c7eaa25f8 100644 --- a/src/applications/config/check/PhabricatorSetupCheckPHPConfig.php +++ b/src/applications/config/check/PhabricatorSetupCheckPHPConfig.php @@ -24,6 +24,32 @@ final class PhabricatorSetupCheckPHPConfig extends PhabricatorSetupCheck { return; } + // Check for `disable_functions` or `disable_classes`. Although it's + // possible to disable a bunch of functions (say, `array_change_key_case()`) + // and classes and still have Phabricator work fine, it's unreasonably + // difficult for us to be sure we'll even survive setup if these options + // are enabled. Phabricator needs access to the most dangerous functions, + // so there is no reasonable configuration value here which actually + // provides a benefit while guaranteeing Phabricator will run properly. + + $disable_options = array('disable_functions', 'disable_classes'); + foreach ($disable_options as $disable_option) { + if (ini_get($disable_option)) { + $message = pht( + "You have '%s' enabled in your PHP configuration.\n\n". + "This option is not compatible with Phabricator. Remove ". + "'%s' from your configuration to continue.", + $disable_option, + $disable_option); + + $this->newIssue('php.'.$disable_option) + ->setIsFatal(true) + ->setName(pht('Remove PHP %s', $disable_option)) + ->setMessage($message) + ->addPHPConfig($disable_option); + } + } + $open_basedir = ini_get('open_basedir'); if ($open_basedir) {