@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Raise a setup fatal for 'disable_functions' or 'disable_classes'

Summary:
Fixes T3709. PHP has two configuration options ('disable_functions', 'disable_classes') which allow functions and classes to be blacklisted at runtime.

Since these break things in an unclear way, raise a setup fatal if they are set.

We take a slightly more tailored approach to these in `phd` already, but I'd rather try just saying "no, this is bad" and see if we can get away with it. I suspect we can, and there's no legitimate reason to blacklist functions given that Phabricator must have access to, e.g., `proc_open()`.

Test Plan: {F54058}

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3709

Differential Revision: https://secure.phabricator.com/D6739

+26
+26
src/applications/config/check/PhabricatorSetupCheckPHPConfig.php
··· 24 24 return; 25 25 } 26 26 27 + // Check for `disable_functions` or `disable_classes`. Although it's 28 + // possible to disable a bunch of functions (say, `array_change_key_case()`) 29 + // and classes and still have Phabricator work fine, it's unreasonably 30 + // difficult for us to be sure we'll even survive setup if these options 31 + // are enabled. Phabricator needs access to the most dangerous functions, 32 + // so there is no reasonable configuration value here which actually 33 + // provides a benefit while guaranteeing Phabricator will run properly. 34 + 35 + $disable_options = array('disable_functions', 'disable_classes'); 36 + foreach ($disable_options as $disable_option) { 37 + if (ini_get($disable_option)) { 38 + $message = pht( 39 + "You have '%s' enabled in your PHP configuration.\n\n". 40 + "This option is not compatible with Phabricator. Remove ". 41 + "'%s' from your configuration to continue.", 42 + $disable_option, 43 + $disable_option); 44 + 45 + $this->newIssue('php.'.$disable_option) 46 + ->setIsFatal(true) 47 + ->setName(pht('Remove PHP %s', $disable_option)) 48 + ->setMessage($message) 49 + ->addPHPConfig($disable_option); 50 + } 51 + } 52 + 27 53 $open_basedir = ini_get('open_basedir'); 28 54 if ($open_basedir) { 29 55