Uhm,
I like people who harden shared hosting environments but I do not understand how restricting yourself should give you any pratical security advantage.
I'm not aware of any security concern involving php_uname(). Are you?
Having said I'm not a fan of [[security through obscurity]], but having said I love the STFU operatoe, I would suggest to just allow that function instead of patching MediaWiki with '@' there.
Cheers
On September 24, 2020 11:19:58 PM GMT+02:00, Jeffrey Walton noloader@gmail.com wrote:
On Thu, Sep 24, 2020 at 5:17 PM Valerio Bozzolan via MediaWiki-l mediawiki-l@lists.wikimedia.org wrote:
Well,
In the meanwhile I would suggest to contact your hosting provider:
they should remove the php_uname() function from the disabled_functions directive.
That's us. We run a hardened installation: https://github.com/weidai11/website/blob/master/apache-php/security.ini.
Jeff