Cette page n'est pas encore disponible en français, sa traduction est en cours. Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.
The phpinfo() function is a built-in function in PHP that outputs a large amount of information about the current state of PHP. This includes information about PHP compilation options and extensions, the PHP version, server information and environment (if compiled as a module), the PHP environment, OS version information, paths, parent and local values of configuration options, HTTP headers, and the PHP License.
Using the phpinfo() function can pose a significant security risk, as it exposes all of this information to anyone who can access the page. This can potentially aid an attacker in finding a vulnerability in your server or application.
To avoid this, do not use the phpinfo() function in a production environment. If you need to use it for debugging purposes, make sure to remove it once you’re done. You can also restrict access to the page containing the phpinfo() function to only trusted individuals. Use other debugging methods that do not expose sensitive information whenever possible.
Non-Compliant Code Examples
<?phpechophpinfo();
Compliant Code Examples
<?phpecho"Hello World!";
Seamless integrations. Try Datadog Code Analysis
Datadog Code Analysis
Try this rule and analyze your code with Datadog Code Analysis
How to use this rule
1
2
rulesets:- php-security # Rules to enforce PHP security.
Create a static-analysis.datadog.yml with the content above at the root of your repository
Use our free IDE Plugins or add Code Analysis scans to your CI pipelines
