I have performed some research and began building a complete list of PHP 5's builtin functions as documented on the project site.
What is the performance cost of leveraging disable_functions
and/or disable_classes
?
How do these global settings work?
Note that I came across a very valuable list of exploitable functions and the RIPS scanner.
However, it does seem more complete to actually block all functions and classes that aren't used in the PHP code.