GitHub - cktricky/DangerousPHPFunctions: Comprehensive list of potentially dangerous PHP functions

cktricky / DangerousPHPFunctions Public

Notifications You must be signed in to change notification settings
Fork 0
Star 13

Comprehensive list of potentially dangerous PHP functions

13 stars 11 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 20 Commits
README		README
dangerous_strings.rb		dangerous_strings.rb
footer.html		footer.html
generate_html.php		generate_html.php
generate_ini.sh		generate_ini.sh
header.html		header.html
likely_used.txt		likely_used.txt
php_dangerous.txt		php_dangerous.txt

Repository files navigation

This is a list of potentially dangerous PHP functions which should be disabled in most of the PHP web hosting environments.

The php_dangerous.txt file contains the categorized list of these functions. 
The likely_used.txt file contains functions which can be used dangerously but are required by many applications.

Format: 

    [Category name ]
    function_name # comment

The generate_ini.sh script generates a php.ini entry from the list. Usage:

generate_ini.sh php_dangerous.txt

DISCLAIMER
==========

Use at your own risk! Hardening should always be done in accordance with the current environment.