PHP Warning: shell_exec() and escapeshellarg() are disabled

[itwasntme]

I have started receiving PHP Warnings when scripts attempt to use the functions shell_exec() and escapeshellarg(). The warnings say these functions have been disabled for security reasons.

However, when I look at phpinfo() in my public_html folder, it shows "disable_functions" has no value and my php.ini definitely doesn't have the two functions disabled.

How do I enable these two functions so my code will work again?

I read that I can enable all functions by putting the following in my php.ini:

Code:

disable_functions ""

but isn't that what I already have if there is no value for disable_functions in phpinfo()?

Thanks

[lnxcode]

So by default:

/home/<user>/public_html/

so your php.ini is in your /public_html/ -is this where the content you're having problems with is? or do you need it in a specific folder? since the php.ini needs to be in a specific folder to apply the changes...

so if you're having issues in /public_html/apple/ your php.ini should be in /apple/

[itwasntme]

The scripts that are generating the warnings are in subfolders of my public_html folder, but I thought that if I ran phpinfo() in my public_html folder and it showed no functions were disabled, there was no way there would be any disabled in subfolders that had no php.ini in them.

I was using the public_html folder to determine how to enable the functions as my server configuration won't allow me to view phpinfo() from the actual subfolders involved.

My questions are:

1. How do I enable the two functions in php.ini?
2. Do I need to re-create my entire php.ini in the subfolders where the scripts run, or can I just add the lines that enable the functions?

Thanks

[Scott]

THat's pretty cool. Not many hosts allow custom php.ini files in folders. Nice to know.

[lnxcode]

Quote:

Originally Posted by itwasntme

The scripts that are generating the warnings are in subfolders of my public_html folder, but I thought that if I ran phpinfo() in my public_html folder and it showed no functions were disabled, there was no way there would be any disabled in subfolders that had no php.ini in them.

I was using the public_html folder to determine how to enable the functions as my server configuration won't allow me to view phpinfo() from the actual subfolders involved.

My questions are:

1. How do I enable the two functions in php.ini?
2. Do I need to re-create my entire php.ini in the subfolders where the scripts run, or can I just add the lines that enable the functions?

Thanks

On point number:

1. look at point number 2.
2. Yes, I would try this, place a php.ini file in the sub folder that you have the script in, that way it should apply that feature. (it maybe a security hole that was fixed in the latest verion of PHP5 (not sure).

Let us know how that goes....

[itwasntme]

I'm not sure I understand what you're asking me to do, and I still haven't found out how to enable a function. I can't find anything in the PHP manual that describes how to do so.

So, I created a php.ini that has the single line:

Code:

disable_functions = ""

I uploaded it into the subfolder where the two scripts run that are causing the warnings and breaking the code, then ran the scripts again.

I still get the warnings:

Quote:

PHP Warning: shell_exec() has been disabled for security reasons in <the subfolder and script>

Quote:

PHP Warning: escapeshellarg() has been disabled for security reasons in <the subfolder and script>

[lnxcode]

Try with a full php.ini file and upload it to the subdirectory where you have your scripts. If there's no luck, I will ask one of the guys here to check on it for you.

[itwasntme]

I uploaded a full php.ini including the line:

Quote:

disable_functions =

with safe mode off and tried it in both the subfolder where the scripts run and in my public_html folder, but neither worked. I get the same warnings and errors.

It looks like this problem began somewhere between 9/5 and 9/12. It was definitely working on 9/5, and definitely wasn't working on 9/12. I made no changes at this end, if that helps narrow down the possible reason shell_exec() and escapeshellarg() have been disabled.

Maybe you could have whoever works on it email or PM me for the domain name and other site-specific info if you need it?

[itwasntme]

This issue remains unresolved. Still waiting to hear from you...

[David]

Take the php.ini file from the ZIP archive I've attached and put it (just to be absolutely sure) into the folder where the PHP file you call is and also into the folder where the file that tries to use those two functions is located (unless these the two folders or even files are the same, of course). The name and location of the latter file is mentioned in the error messages you receive.
This should fix your problem.