Koozali.org: home of the SME Server

php issues on 9.2

Offline jameswilson

  • ****
  • 739
  • +0/-0
    • Security Warehouse, trade security equipment
php issues on 9.2
« on: October 29, 2019, 05:23:30 PM »
have the following warning in ipb

Quote
Some functions are enabled on your server which have the potential to cause serious damage to your community or server. If you are in a shared hosting environment, some of these functions may bypass the restrictions which prevent one account on the server affecting another. Their presence also increases the amount of damage that could be caused if your AdminCP is compromised.
Since Invision Community, and most other web applications do not use these functions, we recommend disabling them on your server, at least within the directory that your community is installed in. You should contact your hosting provider or system administrator and ask them to be added to the disable_functions PHP setting.
exec system passthru popen proc_open shell_exec


Im assuming these can be disabled with db commands but dont want to try without confirmation.

Also
It is requesting cURL php extentions

Thanks all
James

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: php issues on 9.2
« Reply #1 on: October 30, 2019, 01:01:38 AM »
Have you php-scl or php-fpm installed ?

If yes what version of php do you use then

Offline jameswilson

  • ****
  • 739
  • +0/-0
    • Security Warehouse, trade security equipment
Re: php issues on 9.2
« Reply #2 on: November 06, 2019, 04:59:36 PM »
Have you php-scl or php-fpm installed ?

If yes what version of php do you use then
Yes using php-mod 7.3

Ta

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: php issues on 9.2
« Reply #3 on: November 07, 2019, 05:04:21 AM »
Code: [Select]
mkdir /etc/e-smith/templates-custom/opt/remi/php73/root/etc/php.ini/ -p
cp /etc/e-smith/templates/opt/remi/php73/root/etc/php.ini/10LanguageOptions /etc/e-smith/templates-custom/opt/remi/php73/root/etc/php.ini/
then edit the new file and add what you want in front of disable_functions =


honestly this could also been a bug to open and copy the way it is done in php-fpm contribs but for the base php and all php-scl available
Code: [Select]
/etc/e-smith/templates/etc/php-fpm.d/custom.conf/10All:php_admin_value[disable_functions] = $disabled_functions