Jump to content

Dangerous PHP functions?


Go to solution Solved by Genestoy,

Recommended Posts

Posted

Can't seem to get rid of this problem. Have talked to host support, first support person said need to create php.ini file and placed this in the public_html folder

disable_functions = "exec,system,passthru,pcntl_exec,popen,proc_open,shell_exec"

did not work, called host back, got different support person and they stated "oh, we don't allow php.ini on a shared server" so need to make a .users.ini file with the same code as above. That did not work either still got notification in the acp. I then placed the .user.ini in the forum folder did not work, placed the php.ini in the forum folder did not work. It is my understanding that the disable_functions does not work in a .user.ini file?

This problem only started after upgrading to 4.7.2.1 from 4.5 version

How do I get this problem solved???? Please don't tell me I get no support because I am on a self-hosted site as I have a license and have for 20 years!

Thanks

Posted

Unfortunately, your hosting provider would need to be the one who you are working with here as this is a server-side configuration, not a software one. We are merely reading your PHP configuration.

Please keep in mind that on a shared server this might not be possible to appease what we're looking for here because the server will need this disabled throughout our installation because if you disable these only in one directory of our software, it kind of defeats the purpose. Please also keep in mind that this is not a requirement of our software but rather a suggestion to strengthen the security of your server. If the answer with your hosting provider is simply that you cannot do this then you would need to evaluate if disabling these is of concern for you. If it is, then you will either need to upgrade to a plan with your current provider that allows you to do so or move to a different provider that allows you to do so.

Posted

Your hosting provider doesn't seem to want to do a service that at the very least they should have the knowledge to do, there seems to be just ill will.

The invision team will not be able to help you with this because it is a configuration that needs to be done in your php, the system is already indicating what needs to be done.

Posted

Just got off the phone again with my host and got a 3rd support person and they said to put it in the .htaccess file but no guarantees it will work there either and php.ini is definately not allowed on their shared servers, so I wonder why all these years I never got that notification BEFORE upgrading to 4.7.2.1????

Posted

Unfortunately, only your hosting provider can answer this as it is a server configuration piece. However, as mentioned, it is not required on our end so what you perform with this information is up to you.

Posted
18 minutes ago, Genestoy said:

They sent me a script to put in the .htaccess file, will see if it works, seems to take a day for the notification to pop up again.

The notification has been hidden only for your user. Create another account and give ACP permission, the notification will pop up if it's still active.

  • Solution
Posted

UPDATE: The htaccess script did not work so my hosting provider had sent me an email to see if I was "satisfied" with the support I got and you can guess what I told them, I also told them I was searching for another host that would be able to accommodate me! Then the next day I get another email from a senior support person and lo and behold he fixed the problem with some script in a special server php that only affects my domain on the server, so it can be done just have to be persistent!

Posted
14 hours ago, Genestoy said:

UPDATE: The htaccess script did not work so my hosting provider had sent me an email to see if I was "satisfied" with the support I got and you can guess what I told them, I also told them I was searching for another host that would be able to accommodate me! Then the next day I get another email from a senior support person and lo and behold he fixed the problem with some script in a special server php that only affects my domain on the server, so it can be done just have to be persistent!

Glad to hear you got that sorted 🙂 

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...