I'm currently working with a team to develop a CMS which allows the user to add some PHP functions to their page. We're are getting to the point where we are going to work on that function of the CMS, and I was just wondering what functions would you disable? I've got the basics, but what other ways do people know where security can be put at risk by allowing users to write (and execute) PHP scripts?
I've got the basic list here (For those who don't know, this is to be used in the php.ini file):
My team haven't begun discussion about this matter yet, but I was just curious about it.