'HTTP_USER_AGENT', 'HTTP_HOST', 'HTTP_PHP', '_SESSION', 'CFG_ROOT',
'DOCUMENT_ROOT', '_SERVER',
+ // Don't run XDEBUG on production servers
+ 'XDEBUG_',
+
// Sensitive files
'/environ', 'etc/shadow', 'etc/gshadow', 'etc/passwd', 'etc/group',
'etc/./shadow', 'etc/./gshadow', 'etc/./passwd', 'etc/./group',
'open_basedir', 'suhosin', 'cgi.force_redirect', 'cgi.redirect_status_env',
// PHP commands/scripts
- 'fopen', 'fwrite', 'phpinfo()', '\<?', '?\>', 'base64_decode', 'file_put_contents',
+ 'fopen', 'fwrite', 'phpinfo()', '=phpinfo', '\<?', '?\>', 'base64_decode', 'file_put_contents',
'set_magic_quotes_runtime', 'set_magic_quotes_runtime', 'display_errors', 'passthru',
'call_user_func', 'set_time_limit', 'urldecode',
+ // PHPUnit is strictly console!
+ 'eval-stdin.php',
+
// php.ini variables
'disable_functions', 'safe_mode', 'allow_url_include', 'auto_prepend_file',