There are sometimes we have to check the availability of addons module such as curl and json within php load for maintenance and debugging purposes. The ispcp disabled this phpinfo call function due to vulnerability leak by this function, and this is good for precaution against hackers out there, but as I mention above, there are times we need to enable this function temporarily for debugging.
And because ispcp using OpenBaseDir to control the php setting, thus the php ini is easily manageable per subdomain, edit each subdomain php ini you want to control under folder /var/www/fcgi/<domain-name>/php5/php.ini :
; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; —- Added by JFDesign —- add / remove phpinfo on the list below to disable phpinfo access —-
disable_functions = show_source, system, shell_exec, passthru, phpinfo, exec, shell, symlink, popen, proc_open; This directive allows you to disable certain classes for security reasons.
; It receives a comma-delimited list of class names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
disable_classes =
Don’t forget to reload the apache server after that.
