Determining if a function is *really* available in PHP

After pounding for a few hours, I think I finally got the UID and GID tests for PHPSecInfo in an acceptable state. Two things have made this hard:

  1. You can really only do this with an exec() call to the “id” UNIX command, or the posix_* functions, either of which are frequently disabled
  2. There basically is not a foolproof way to programatically tell if a function is available or not in PHP

2 is the real rub, and quite annoying. is_callable() will return TRUE even if a function has been disabled in php.ini with disabled_functions (which, in my mind, is contrary to what “is_callable” implies). function_exists() will return FALSE if the function is disabled in php.ini, but will return TRUE if the function is being blocked by safe_mode.

For now, the tests try exec('id') first, seeing if it passes function_exists() and safe_mode is disabled. If it fails those, the posix_* functions are checked against function_exists (they aren’t affected by safe_mode. If those fail as well, the test will be skipped.

[tags]phpsecinfo, uid, gid, posix, exec, safe_mode, disabled_functions, function_exists, is_callable[/tags]