Check phpinfo() is available before using

Fixes an issue I raised at https://github.com/phpseclib/phpseclib/issues/1255 Proof of logic at https://3v4l.org/RqrHt I ended up moving more code than discussed in the issue - initially to avoid `$content` being undefined when it came to `preg_match_all()`, but also as it made sense grouping the code that way. Also, initialising `$versions` outside the check, right at the start ensures it's always defined for the `switch` code further down.
2024-12-27 19:54:57 +00:00 · 2018-03-24 11:05:16 +00:00 · 2018-03-24 11:05:16 +00:00 · d4a98457bc
commit d4a98457bc
parent fc90c58f7f
2 changed files with 38 additions and 30 deletions
--- a/phpseclib/Crypt/RSA.php
+++ b/phpseclib/Crypt/RSA.php
@ -468,6 +468,10 @@ class RSA
                    break;
                case extension_loaded('openssl') && file_exists($this->configFile):
                    // some versions of XAMPP have mismatched versions of OpenSSL which causes it not to work
+                    $versions = array();
+
+                    // avoid generating errors (even with suppression) when phpinfo() is disabled (common in production systems)
+                    if (strpos(ini_get('disable_functions'), 'phpinfo') === false) {
                        ob_start();
                        @phpinfo();
                        $content = ob_get_contents();
@ -475,7 +479,6 @@ class RSA

                        preg_match_all('#OpenSSL (Header|Library) Version(.*)#im', $content, $matches);

-                    $versions = array();
                        if (!empty($matches[1])) {
                            for ($i = 0; $i < count($matches[1]); $i++) {
                                $fullVersion = trim(str_replace('=>', '', strip_tags($matches[2][$i])));
@ -488,6 +491,7 @@ class RSA
                                }
                            }
                        }
+                    }

                    // it doesn't appear that OpenSSL versions were reported upon until PHP 5.3+
                    switch (true) {
--- a/phpseclib/Math/BigInteger.php
+++ b/phpseclib/Math/BigInteger.php
@ -266,6 +266,10 @@ class BigInteger

        if (extension_loaded('openssl') && !defined('MATH_BIGINTEGER_OPENSSL_DISABLE') && !defined('MATH_BIGINTEGER_OPENSSL_ENABLED')) {
            // some versions of XAMPP have mismatched versions of OpenSSL which causes it not to work
+            $versions = array();
+
+            // avoid generating errors (even with suppression) when phpinfo() is disabled (common in production systems)
+            if (strpos(ini_get('disable_functions'), 'phpinfo') === false) {
                ob_start();
                @phpinfo();
                $content = ob_get_contents();
@ -273,7 +277,6 @@ class BigInteger

                preg_match_all('#OpenSSL (Header|Library) Version(.*)#im', $content, $matches);

-            $versions = array();
                if (!empty($matches[1])) {
                    for ($i = 0; $i < count($matches[1]); $i++) {
                        $fullVersion = trim(str_replace('=>', '', strip_tags($matches[2][$i])));
@ -286,6 +289,7 @@ class BigInteger
                        }
                    }
                }
+            }

            // it doesn't appear that OpenSSL versions were reported upon until PHP 5.3+
            switch (true) {