Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
Tholeko Posted February 24, 2019 Posted February 24, 2019 How do i go about changing this so its not dangerous? Dangerous PHP Functions Enabled Some functions are enabled on your server which have the potential to cause serious damage to your community or server. If you are in a shared hosting environment, some of these functions may bypass the restrictions which prevent one account on the server affecting another. Their presence also increases the amount of damage that could be caused if your AdminCP is compromised. Since Invision Community, and most other web applications do not use these functions, we recommend disabling them on your server, at least within the directory that your community is installed in. You should contact your hosting provider or system administrator and ask them to be added to the disable_functions PHP setting. exec system passthru pcntl_exec popen proc_open shell_exec
Black Tiger Posted February 24, 2019 Posted February 24, 2019 That depend on the options you have with your hosting account. If you are allowed to create your own php.ini (mostly when the hoster is using phpsuexec), you can set it in a php.ini in your webfolders root directory. When using cloud hosting, mostly there is an option to view and change php settings. There is a way do to it via .htaccess, provided the host has the setting to allow these settings in a .htaccess file, kind of like this: php_value proc_open Off php_value shell_exe Off php_value exec Off Don't use this, it's just an example, could also be php_flag or be configured in another way. Shortly said, the best you can do is ask your hosting provider on if and how you can change these settings.
Tholeko Posted February 24, 2019 Author Posted February 24, 2019 3 hours ago, Black Tiger said: That depend on the options you have with your hosting account. If you are allowed to create your own php.ini (mostly when the hoster is using phpsuexec), you can set it in a php.ini in your webfolders root directory. When using cloud hosting, mostly there is an option to view and change php settings. There is a way do to it via .htaccess, provided the host has the setting to allow these settings in a .htaccess file, kind of like this: php_value proc_open Off php_value shell_exe Off php_value exec Off Don't use this, it's just an example, could also be php_flag or be configured in another way. Shortly said, the best you can do is ask your hosting provider on if and how you can change these settings. I went and down this Here is the line which I used in the php.ini file of the domain: Code: # list of function to disable globally # disable_functions =exec,passthru,shell_exec,system,proc_open,popen,pcntl_exec
Black Tiger Posted February 24, 2019 Posted February 24, 2019 That is the correct line in the php.ini to be used if you have access to it. Normally after the change the apache webserver should be reloaded. But if you can access it via your hosting panel, it will be probably be done for you. It's easy to check, because if everhything is OK, the notice should have dissapeared now in your admin panel.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.