Show phpinfo not available message to user
Hi, i was able to turn php info off via the direct file option. I had originally found this post
Warning: phpinfo() has been disabled for security reasons in
But sadly i dont have that menu option, there is no php config option or advanced option on my menu. I guess you moved it since that post.
Anyway, i added phpinfo to the disabled functions however it just displays a blank page, i would like to add a message to that page which says this function has been disabled for security reasons, however i dont know how to add that message.
Is there a way via whm to add that message if someone tries to look up phpinfo?
Thanks
-
I guess you moved it since that post.
Go here: WebHost Manager "Service Configuration "PHP Configuration Editor Click the Advanced Mode radio button at top. Search the page with your browser for: disable_functions It's there.i would like to add a message to that page
The page is your script.0 -
I dont see it, here is the screen shot of service config, i checked server config too. 0 -
Are you logged in as root user to WHM? 0 -
Yes 0 -
Is that server completely setup? You're actually missing two items. PHP Configuration Editor and Configure PHP and suEXEC. 0 -
I assumed it was, i thought i went thru everything when i set it up 6 mos ago. It has been running fine, i just use apache to serve up my PHP so i dont use any cgi for that since im the only user i dont need individual php.ini files. What did i miss that would prevent those two items? UPDATE: i did find this webmasters.stackexchange.com/questions/98776/why-doesnt-the-php-configuration-editor-show-up-in-whm I am also using easyapache so does that mean i dont need those items? 0 -
Aha! I am not currently using EasyApache4 on any of my rigs. PHP Configuration Editor - Version 60 Documentation - cPanel Documentation This interface only exists on systems that run EasyApache 3. If your system runs EasyApache 4, use WHM's 0 -
OK thanks, so how does that effect the message display, is that going to be in error control in the php ini or is that going to be at the domain level in a custom error file? I assume that when you block phpinfo it should give an error code i hope. UPDATE: I do get the message in my error log [04-Jan-2017 08:30:49 UTC] PHP Warning: phpinfo() has been disabled for security reasons in /home/username/public_html/folder/filename.php on line 3 however it does not show an error code, so im not sure how to do a custom error page for it. 0 -
I think i found it its at the php level you can test it like so: $phpinfo = //youll have to set this value - see the phpinfo doc page if(!empty($phpinfo)) { //info is there do something }else{ //info is not there do something else //such as display message }
that should work0 -
Hi, i was able to turn php info off via the direct file option. I had originally found this post Warning: phpinfo() has been disabled for security reasons in But sadly i dont have that menu option, there is no php config option or advanced option on my menu. I guess you moved it since that post. Anyway, i added phpinfo to the disabled functions however it just displays a blank page, i would like to add a message to that page which says this function has been disabled for security reasons, however i dont know how to add that message. Is there a way via whm to add that message if someone tries to look up phpinfo? Thanks
Why to block phpinfo? Remember, hiding something is an invitation to hack.... This is the invitation to hack "this function has been disabled for security reasons"...You have to fight in another way with this, not sending invitations...0 -
Why to block phpinfo? Remember, hiding something is an invitation to hack.... This is the invitation to hack "this function has been disabled for security reasons"...You have to fight in another way with this, not sending invitations...
I understand and respect your reply and i agree to a point. However if thats the case then having a login is also an invite. The message does not have to say that directly it can say anything. I guess i didnt think this all the way through because that solution i offered just works if you have one file you use to display phpinfo, it does not work on a server global scale. So im back to square one on this. :(0
Please sign in to leave a comment.
Comments
11 comments