Jump to content

Dangerous PHP functions


Egorkin

Recommended Posts

The forum said that I have dangerous PHP functions enabled. I opened the message and thought they would be listed there. But NO! Then why the message? It carries no information in this form.

I have banned, but what is missing?

disable_functions = escapeshellarg, escapeshellcmd, exec, ini_alter, parse_ini_file, passthru, pcntl_exec, popen, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, show_source, shell_exec, symlink,system;

Link to comment
Share on other sites

IPS checks for 'exec', 'system', 'passthru', 'pcntl_exec', 'popen', 'proc_open', 'shell_exec'. Where are you putting the disable_functions statement? It must be in the PHP ini file and cannot be in your web server's configuration (i.e. not in apache's configuration, or .htaccess, etc.).

Output phpinfo() and be sure you're setting it in the file indicated.

https://www.php.net/manual/en/ini.core.php#ini.disable-functions

Edited by Paul E.
Link to comment
Share on other sites

8 hours ago, Paul E. said:

Where are you putting the disable_functions statement?

In php. ini of course! 🧒

8 hours ago, Paul E. said:

Output phpinfo() and be sure you're setting it in the file indicated.

image.png.673b9bdb79552273c24d9300ebae8f31.png

I have a complaint about IPS. Why do they not display exactly what the error is, but just "you have an error" (it turns out where you want there and look for your problems)?

Link to comment
Share on other sites

Some errors are caused by things that do not need to be communicated to end users. Each error has an error code, however, which allows us to look up the problem at the code level more specifically. Sometimes errors also log more details to the system logs.

Where are you seeing "You have an error"? What is the error code, and if you view the system logs in the AdminCP (use the live search to look for "System Logs") do you see any related logs?

Link to comment
Share on other sites

7 hours ago, Egorkin said:

In php. ini of course! 

If you are on a shared server then the php.ini file may not be recursive - which means that you will need to add that php.ini file to every folder to ensure those commands are executed at every level.  Some hosts have recursive php.ini files, but many don't.  Add the php.ini file into your admin folder and see if the error goes away, if it does then your php.ini file is NOT recursive.  Don't assume that because the error has gone away by adding the php.ini file in the admin folder that it has worked, it has just worked in the admin folder, so it won't be effective everywhere.  I had this same issue on the shared hosting server I use and I had to add the php.ini file to every folder (I used a command script to do this for me lol).

Link to comment
Share on other sites

  • 1 month later...

I have this in the root directory of my server and, in my domains main index (well the php.ini files)

Quote

disable_functions = "exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source"
 

I still see the error notification when I load my ACP up.

Any ideas why?

Link to comment
Share on other sites

  • 3 weeks later...
On 9/23/2020 at 11:53 AM, Davyc said:

If you are on a shared server then the php.ini file may not be recursive - which means that you will need to add that php.ini file to every folder to ensure those commands are executed at every level.  Some hosts have recursive php.ini files, but many don't.  Add the php.ini file into your admin folder and see if the error goes away, if it does then your php.ini file is NOT recursive.  Don't assume that because the error has gone away by adding the php.ini file in the admin folder that it has worked, it has just worked in the admin folder, so it won't be effective everywhere.  I had this same issue on the shared hosting server I use and I had to add the php.ini file to every folder (I used a command script to do this for me lol).

 

I had a similar problem. This solved it for me. 

Thanks.

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...