Jump to content

PHP Warning system () has been disabled for security reasons


compsol

Recommended Posts

The code I am having a problem with is this: 

 

 

 

                        ob_start();

                        $resultTxt = system($command, $result);

                        $errTxt = ob_get_contents();

                        ob_clean();

                        $resultTxt = nl2br($errTxt) . "$resultTxt";

 

 

 

I get a PHP Warning that the system () has been disabled for security reasons. I don't have access to the php.ini file to change this.

 

Can the code be changed from system to something else that will work?

Link to comment
Share on other sites

LIke trq says; if system is disabled, everything is disabled. And that's because the admin doesn't want you to let random users run shell commands on his server. Quite understandable.

 

The next question is: what are you using system() for, perhaps somebody knows an alternative way of doing the same thing.

Link to comment
Share on other sites

I didn't write the code it was someone else I just taking over the management of the site for the end user. Basically it is a hotel booking system and the user would select which hotel they would like to stay in and fill in all the required information. This information is then encrypted and then e-mail to the user and also the hotel with more information on. The encrypted e-mail goes to the hotel and then thy put in the decryption code to be able to read it.

 

It all works okay except it gets to the stay of encrypting the message and creating the e-mail and this is where it fails. It is using gnupg and the system () was part of the code to run this command.  It did work perfectly before but as previously mentioned the system () is now being blocked by the hosting provider.

Link to comment
Share on other sites

Then I suggest you talk to your hoster, perhaps they can think of a safe alternative to do this. The issue is not with executing system(), it's with how PHP could be tricked to execute anything a hacker wants. So if the hoster get's control over what the system() command actually contains, it's safe for them.

 

If not, then all you can do is find a PHP alternative for the system command, HP can do encryption but we (and possibly you?) don't know what kind it's doing right now.

If there are no alternatives in PHP and the host doesn't want to help, then all you can do is move host...

Link to comment
Share on other sites

It is using gnupg and the system () was part of the code to run this command.

PHP has GnuPG functions you can use to potentially re-implement whatever your current system command is doing using PHP. You'll need to check with your host to see if these functions are enabled. If they are not currently enabled, they may be more willing to enable them vs opening up system() to you.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.