- Issue created by @fmstasi
We are performing a security review on our system, so I've been asked to evaluate the removal of PHP functions that are considered unsafe. I noticed that in ldap there is a call to phpinfo in `ldap_servers/src/Controller/DebugController.php`, I wonder if there is a way to remove it? Also, since it's in DebugController, can I expect the module to work normally if we disable phpinfo?
Active
4.12
Code
It makes Drupal less vulnerable to abuse or misuse. Note, this is the preferred tag, though the Security tag has a large body of issues tagged to it. Do NOT publicly disclose security vulnerabilities; contact the security team instead. Anyone (whether security team or not) can apply this tag to security improvements that do not directly present a vulnerability e.g. hardening an API to add filtering to reduce a common mistake in contributed modules.