<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>Functions restricted/disabled by safe mode</title>
</head>
<body><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="ini.sect.safe-mode.html">Security and Safe Mode</a></div>
<div class="next" style="text-align: right; float: right;"><a href="features.commandline.html">Command line usage</a></div>
<div class="up"><a href="features.safe-mode.html">Safe Mode</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="features.safe-mode.functions" class="sect1">
<h2 class="title">Functions restricted/disabled by safe mode</h2>
<p class="para">
This is a still probably incomplete and possibly incorrect listing
of the functions limited by
<a href="features.safe-mode.html" class="link">safe mode</a>.
<table class="doctable table">
<caption><strong>Safe mode limited functions</strong></caption>
<thead>
<tr>
<th>Function</th>
<th>Limitations</th>
</tr>
</thead>
<tbody class="tbody">
<tr>
<td> <span class="function"><strong>dbmopen()</strong></span></td>
<td>Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.dbase-open.html" class="function">dbase_open()</a></span></td>
<td>Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.filepro.html" class="function">filepro()</a></span></td>
<td>Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.filepro-rowcount.html" class="function">filepro_rowcount()</a></span></td>
<td>Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.filepro-retrieve.html" class="function">filepro_retrieve()</a></span></td>
<td>Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed.</td>
</tr>
<tr>
<td>ifx_*</td>
<td>sql_safe_mode restrictions, (!= safe mode)</td>
</tr>
<tr>
<td>ingres_*</td>
<td>sql_safe_mode restrictions, (!= safe mode)</td>
</tr>
<tr>
<td>mysql_*</td>
<td>sql_safe_mode restrictions, (!= safe mode)</td>
</tr>
<tr>
<td> <span class="function"><a href="function.pg-lo-import.html" class="function">pg_lo_import()</a></span></td>
<td>Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.posix-mkfifo.html" class="function">posix_mkfifo()</a></span></td>
<td>Checks whether the directory in which
the script is operating has the same UID (owner) as the script that is being
executed.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.putenv.html" class="function">putenv()</a></span></td>
<td>Obeys the safe_mode_protected_env_vars and
safe_mode_allowed_env_vars ini-directives. See also the documentation
on <span class="function"><a href="function.putenv.html" class="function">putenv()</a></span></td>
</tr>
<tr>
<td> <span class="function"><a href="function.move-uploaded-file.html" class="function">move_uploaded_file()</a></span></td>
<td>Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed. </td>
</tr>
<tr>
<td> <span class="function"><a href="function.chdir.html" class="function">chdir()</a></span></td>
<td>Checks whether the directory in which
the script is operating has the same UID (owner) as the script that is being
executed.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.dl.html" class="function">dl()</a></span></td>
<td>This function is disabled when PHP is running in <a href="features.safe-mode.html" class="link">safe mode</a>.</td>
</tr>
<tr>
<td><a href="language.operators.execution.html" class="link">backtick operator</a></td>
<td>This function is disabled when PHP is running in <a href="features.safe-mode.html" class="link">safe mode</a>.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.shell-exec.html" class="function">shell_exec()</a></span> (functional equivalent
of backticks)</td>
<td>This function is disabled when PHP is running in <a href="features.safe-mode.html" class="link">safe mode</a>.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.exec.html" class="function">exec()</a></span></td>
<td>You can only execute executables within the <a href="ini.sect.safe-mode.html#ini.safe-mode-exec-dir" class="link">safe_mode_exec_dir</a>.
For practical reasons it's currently not allowed to have
<em>..</em> components in the path to the executable.
<span class="function"><a href="function.escapeshellcmd.html" class="function">escapeshellcmd()</a></span> is executed on the argument of this
function.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.system.html" class="function">system()</a></span></td>
<td>You can only execute executables within the <a href="ini.sect.safe-mode.html#ini.safe-mode-exec-dir" class="link">safe_mode_exec_dir</a>.
For practical reasons it's currently not allowed to have
<em>..</em> components in the path to the executable.
<span class="function"><a href="function.escapeshellcmd.html" class="function">escapeshellcmd()</a></span> is executed on the argument of this
function.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.passthru.html" class="function">passthru()</a></span></td>
<td>You can only execute executables within the <a href="ini.sect.safe-mode.html#ini.safe-mode-exec-dir" class="link">safe_mode_exec_dir</a>.
For practical reasons it's currently not allowed to have
<em>..</em> components in the path to the executable.
<span class="function"><a href="function.escapeshellcmd.html" class="function">escapeshellcmd()</a></span> is executed on the argument of this
function.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.popen.html" class="function">popen()</a></span></td>
<td>You can only execute executables within the <a href="ini.sect.safe-mode.html#ini.safe-mode-exec-dir" class="link">safe_mode_exec_dir</a>.
For practical reasons it's currently not allowed to have
<em>..</em> components in the path to the executable.
<span class="function"><a href="function.escapeshellcmd.html" class="function">escapeshellcmd()</a></span> is executed on the argument of this
function.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.fopen.html" class="function">fopen()</a></span></td>
<td>Checks whether the directory in which
the script is operating has the same UID (owner) as the script that is being
executed.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.mkdir.html" class="function">mkdir()</a></span></td>
<td>Checks whether the directory in which
the script is operating has the same UID (owner) as the script that is being
executed.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.rmdir.html" class="function">rmdir()</a></span></td>
<td>Checks whether the directory in which
the script is operating has the same UID (owner) as the script that is being
executed.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.rename.html" class="function">rename()</a></span></td>
<td>Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which
the script is operating has the same UID (owner) as the script that is being
executed.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.unlink.html" class="function">unlink()</a></span></td>
<td>Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which
the script is operating has the same UID (owner) as the script that is being
executed.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.copy.html" class="function">copy()</a></span></td>
<td>Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which
the script is operating has the same UID (owner) as the script that is being
executed. (on
<em><code class="parameter">source</code></em> and
<em><code class="parameter">target</code></em>)</td>
</tr>
<tr>
<td> <span class="function"><a href="function.chgrp.html" class="function">chgrp()</a></span></td>
<td>Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.chown.html" class="function">chown()</a></span></td>
<td>Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.chmod.html" class="function">chmod()</a></span></td>
<td>Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed. In addition, you cannot
set the SUID, SGID and sticky bits</td>
</tr>
<tr>
<td> <span class="function"><a href="function.touch.html" class="function">touch()</a></span></td>
<td>Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which
the script is operating has the same UID (owner) as the script that is being
executed.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.symlink.html" class="function">symlink()</a></span></td>
<td>Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which
the script is operating has the same UID (owner) as the script that is being
executed. (note: only the target is
checked)</td>
</tr>
<tr>
<td> <span class="function"><a href="function.link.html" class="function">link()</a></span></td>
<td>Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which
the script is operating has the same UID (owner) as the script that is being
executed. (note: only the target is
checked)</td>
</tr>
<tr>
<td> <span class="function"><a href="function.apache-request-headers.html" class="function">apache_request_headers()</a></span></td>
<td>In safe mode, headers beginning with <em>authorization</em>
(case-insensitive) will not be returned.</td>
</tr>
<tr>
<td> <span class="function"><a href="function.header.html" class="function">header()</a></span></td>
<td>In safe mode, the uid of the script is added to the
<em>realm</em> part of the
<em>WWW-Authenticate</em> header if you set this
header (used for HTTP Authentication).</td>
</tr>
<tr>
<td><a href="features.http-auth.html" class="link">PHP_AUTH variables</a></td>
<td>
In safe mode, the variables <var class="varname"><var class="varname">PHP_AUTH_USER</var></var>,
<var class="varname"><var class="varname">PHP_AUTH_PW</var></var>, and <var class="varname"><var class="varname">AUTH_TYPE</var></var>
are not available in <var class="varname"><var class="varname"><a href="reserved.variables.server.html" class="classname">$_SERVER</a></var></var>. Regardless, you
can still use <var class="varname"><var class="varname">REMOTE_USER</var></var> for the USER.
(note: only affected since PHP 4.3.0)
</td>
</tr>
<tr>
<td>
<span class="function"><a href="function.highlight-file.html" class="function">highlight_file()</a></span>,
<span class="function"><a href="function.show-source.html" class="function">show_source()</a></span>
</td>
<td>
Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which
the script is operating has the same UID (owner) as the script that is being
executed. (note: only affected since PHP 4.2.1)
</td>
</tr>
<tr>
<td>
<span class="function"><a href="function.parse-ini-file.html" class="function">parse_ini_file()</a></span>
</td>
<td>
Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which
the script is operating has the same UID (owner) as the script that is being
executed. (note: only affected since PHP 4.2.1)
</td>
</tr>
<tr>
<td>
<span class="function"><a href="function.set-time-limit.html" class="function">set_time_limit()</a></span>
</td>
<td>
Has no effect when PHP is running in <a href="ini.sect.safe-mode.html#ini.safe-mode" class="link">safe mode</a>.
</td>
</tr>
<tr>
<td>
<a href="info.configuration.html#ini.max-execution-time" class="link">max_execution_time</a>
</td>
<td>
Has no effect when PHP is running in <a href="ini.sect.safe-mode.html#ini.safe-mode" class="link">safe mode</a>.
</td>
</tr>
<tr>
<td>
<span class="function"><a href="function.mail.html" class="function">mail()</a></span>
</td>
<td>
In safe mode, the fifth parameter is disabled. (note: only affected since PHP 4.2.3)
</td>
</tr>
<tr>
<td>
<span class="function"><a href="function.session-start.html" class="function">session_start()</a></span>
</td>
<td>
The owner of a script must be the same as owner of a <a href="session.configuration.html#ini.session.save-path" class="link">session.save_path</a> directory if
the default <em>files</em> <a href="session.configuration.html#ini.session.save-handler" class="link">session.save_handler</a> is
used.
</td>
</tr>
<tr>
<td>
All filesystem and stream functions.
</td>
<td>
Checks whether the files or directories being operated
upon have the same UID (owner) as the script that is being executed. Checks whether the directory in which
the script is operating has the same UID (owner) as the script that is being
executed. (see the <a href="ini.sect.safe-mode.html#ini.safe-mode-include-dir" class="link">safe_mode_include_dir</a>
<var class="filename">php.ini</var> option.
</td>
</tr>
</tbody>
</table>
</p>
</div><hr /><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="ini.sect.safe-mode.html">Security and Safe Mode</a></div>
<div class="next" style="text-align: right; float: right;"><a href="features.commandline.html">Command line usage</a></div>
<div class="up"><a href="features.safe-mode.html">Safe Mode</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
