Jump to content

Dangerous PHP Functions Message - But Can't Find the Cause


Recommended Posts

I am getting the Dangerous PHP Functions Message being queued up.  However, I don't believe it is correct.  I will document it below.  Here is the message:

Could contain: Page, Text

Of course, opening it up it looks like this:

Could contain: Page, Text, File

But I disabled these functions globally and locally.  I think it's a faulty message to the console.  I recall that in the support window I used to get notified if these were not disabled and now I do not get a notification.  I believe the notification was under the PHP box.  Here I show that it's now empty:

Could contain: Page, Text, File

 

Here I ran the phpinfo command at the public_html root directory and show that it was disabled globally and locally:

Could contain: Page, Text

 

Possible explanations:

(1) The message being sent to the inbox of the webmaster is in error.  Note, I believe the error would be identified on the support page if these weren't disabled and there are no error messages in this location.

(2) Somehow, there is a subdirectory that has re-enabled the disabled functions.  I have no idea how that could have happened.  Can you tell me what directory the test for disabled functions is run at for the message routine?  Perhaps this is a different directory than the test run by the support page.   I could try to run it backwards and see if phpinfo shows an enabled function.

 

 

 

 

Link to comment
Share on other sites

7 minutes ago, RocketSMS said:

Here I ran the phpinfo command at the public_html root directory and show that it was disabled globally and locally:

Is your community in public_html? Are you running a separate version of PHP in a different directory?

8 minutes ago, RocketSMS said:

(2) Somehow, there is a subdirectory that has re-enabled the disabled functions.  I have no idea how that could have happened.  Can you tell me what directory the test for disabled functions is run at for the message routine?  Perhaps this is a different directory than the test run by the support page.   I could try to run it backwards and see if phpinfo shows an enabled function.

This would be in admin but you should test in all because it does little to disable the check to still have these functions running in other directories of your server configuration.

Link to comment
Share on other sites

Quote

Is your community in public_html? Are you running a separate version of PHP in a different directory?

Yes, of course.  That's what I showed this.  Here is the evidence. 

Could contain: Page, Text, File, Webpage, White Board

 

Quote

This would be in admin but you should test in all because it does little to disable the check to still have these functions running in other directories of your server configuration.

I repeated this for public_html/admin/ and got the same result, as you would expect.  I showed that globally it's disabled and also used cPanel to set php.ini file with disable locally as well.  So you would expect all subdirectories to have these values unless somehow there was a local .ini file in the Invision directories that reversed this.

I am unsure how to repeat the test on all subdirectories from public_html.  I suspect there might be thousands.  

In any case, the fact that I can go to the support page and it doesn't show a problem, but I keep getting messages from the system seems to indicate something is not working as expected.  One would think that they would match.  In this case, the functions are disabled globally and locally.

 

Link to comment
Share on other sites

Do note also that the message doesn't disappear automatically even if you fix the issue. If you disabled the function after you saw the message in ACP, you need to close it yourself.

Also, if you want to double-check that the functions are indeed disabled, there is a phpinfo link on the support page. See what it says there rather than testing with an external phpino().

Link to comment
Share on other sites

Quote

To clarify on this. The message shows because our software is actually being allowed to run those functions. So its not so much a case of whether or not they are disabled. It's a case of finding why they are not disabled

Actually it shows it's disabled and when it wasn't disabled it was highlighted on the support page.  The support page says not problems.  But I keep getting this message saying they aren't.

Quote

Do note also that the message doesn't disappear automatically even if you fix the issue. If you disabled the function after you saw the message in ACP, you need to close it yourself.

Yes, I kill the message in the ACP and it comes back after a day or two.  I just closed it last night and will report when it reappears.

Quote

Also, if you want to double-check that the functions are indeed disabled, there is a phpinfo link on the support page. See what it says there rather than testing with an external phpino().

I ran that phpinfo() on the support page as well, and it shows that those functions are disabled globally and locally. This is what you would expect since the support page says there are no problems.

Link to comment
Share on other sites

If the notification keeps reappearing, the software is still seeing these functions available to be ran. If you're struggling to see why on your server, you may wish to contact your hosting provider or hire a server administrator.

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...