Jump to content

php.ini in forums folder not being used (re Dangerous PHP Functions Enabled)

Washerhelp

By Washerhelp
in Technical Problems

 Share
Go to solution Solved by Washerhelp,

Recommended Posts

Washerhelp Collaborator

Washerhelp

Posted
Posted

My website runs both WordPress, and Invision forums. Both in their own folders.

Some time ago, I received the "Dangerous PHP Functions Enabled" warning from my dashboard. So I added the following PHP.ini file in my root folder -

disable_functions = "exec, system, pcntl_exec, popen, proc_open, shell_exec, passthru"

This solved the issue. However, whilst troubleshooting a WordPress issue yesterday, I was told by my hosting tech support that some WordPress plug-ins need the exec function, and indeed this particular issue was fixed by removing the "exec" section.

But the warning has now returned in my Invision forums dashboard. The warning states that, "we recommend disabling them on your server, at least within the directory that your community is installed in". So I went over to the forums directory only to discover that I already have a PHP.ini file there, and it is already saying the following -

display_errors = Off
disable_functions = "exec, system, pcntl_exec, popen, proc_open, shell_exec, passthru"
auto_prepend_file = none

So for some reason, Invision is not using the PHP.ini file it's "forums" folder. I can't help thinking that for some reason the PHP.ini file in the root is the only one being read and used. But if that is the case, what is the point in having a PHP.ini file inside a folder?

Link to comment
Share on other sites
Washerhelp Collaborator

Washerhelp

Posted
  • Author
Posted

Many thanks for your reply Randy. I shall definitely bring that up with my hosting company, especially as it is actually their own cache plug-in that is the culprit.

Are you confirming that any PHP.ini file in a root folder will override any PHP.ini file inside of a subfolder?

I'm not sure how this all works, but are you saying that my hosting company has deliberately set it all up so that software running on it ignores PHP.INI files inside folders?

I'm wondering what would happen if I removed the PHP.ini file in the root folder, and had separate ones inside the WordPress, and Invision forums folder?

Link to comment
Share on other sites
Washerhelp Collaborator

Washerhelp

Posted
  • Author
Posted

Thanks Marc,  I thought all this stuff worked according to specific unchangeable rules? .htaccess files, PHP.ini files, HTML, CSS etc. I didn't realise that different hosting companies can change the rules. Or that they would possibly want to stop PHP.ini files being used by software running inside a folder?

Link to comment
Share on other sites
Jim M Grand Master

Jim M

Posted
Posted
3 minutes ago, Washerhelp said:

Wow, I suppose some might, but I'm pretty sure mine allows everything as it provides full php version control, and php.ini editors in the dashboard.

Something you'd want to ask your hosting provider and want to know how they handle custom php.ini's. Could be set just for the directory the custom php.ini is in, which would defeat the purpose of this recommendation. You would want this set throughout to help protect your server.

Link to comment
Share on other sites
  • Solution
Washerhelp Collaborator

Washerhelp

Posted
  • Author
  • Solution
Posted

I've found out it was because I had what they called Ultrafast PHP enabled -

 

"Standard PHP vs Ultrafast PHP

Ultrafast PHP is up to 30% faster than the Standard PHP and while on it, all subdomains are inheriting the PHP settings of the main site. Standard PHP is slightly slower but allows for per instance PHP management."

Thanks for your help.

Link to comment
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...