MRatWork Forum by Mustafa Ramadhan

Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: chrisf on 2016-07-02, 21:58:15

Title: php fpm shell_exec and exec
Post by: chrisf on 2016-07-02, 21:58:15

I have been trying to figure out why a joomla site wasn't working properly and after turning on display errors found that:

shell_exec and exec both give phone warnings that they have been disabled for security reasons yet in PHP advanced configuration neither is in the disabled list.

How do I reenable this?  If it needs a custom template please add checkbox option in control panel to enable these functions.

Thank you,
Chris

Title: Re: php fpm shell_exec and exec
Post by: chrisf on 2016-07-02, 21:59:30

I am using php55m as branch used.

Title: Re: php fpm shell_exec and exec
Post by: MRatWork on 2016-07-02, 22:29:34

Remove from 'disable_functions' in 'advanced php configure' for certain client or admin.

Title: Re: php fpm shell_exec and exec
Post by: chrisf on 2016-07-02, 23:01:26

/opt/php55m/custom/php.ini

;### MR -- custom setting (handle by kloxo)
disable_functions = exec,passthru,shell_exec,system,proc_open,popen,show_source

that is the problem, it overrides pool/client configurations.  It needs to be commented out to allow individual admin/client disabled functions.

I do not want to use custom templates for php-fpm please fix.

Thank you

Title: Re: php fpm shell_exec and exec
Post by: chrisf on 2016-07-02, 23:07:33

I do not have shell_exec or exec in any configuration disabled.  (Server PHP or admin PHP)

Title: Re: php fpm shell_exec and exec
Post by: MRatWork on 2016-07-03, 05:54:07

No. disable_functions declare inside php-fpm files per-user. See '/opt/configs/php-fpm/conf/*/php-fpm.d'

Title: Re: php fpm shell_exec and exec
Post by: chrisf on 2016-07-03, 10:38:23

You can say No, but I just did extensive testing.  I have multiple php disabled.  I use php55m as branch used.  In any phpinfo() it says configuration loaded: /opt/php55m/custom/php.ini

In this php.ini:

;### MR -- custom setting (handle by kloxo)
disable_functions = exec,passthru,shell_exec,system,proc_open,popen,show_source


I have NO disabled function in KloxoMR panel with exec or shell_exec.  In phpinfo() it DOES NOT list them as disabled but when trying to use them, security warning is given.

I simply:
In /opt/php55m/custom/php.ini

;### MR -- custom setting (handle by kloxo)
;disable_functions = exec,passthru,shell_exec,system,proc_open,popen,show_source

Commented out and now all works.  If I change disabled functions in admin php configuration, it works.  I can add, remove exec etc.

When running fixphp script /opt/php55m/custom/php.ini does not get updated.  You need to comment out disabled functions in all php5*x/custom/php.ini files.

Test.  I have over and over.

Title: Re: php fpm shell_exec and exec
Post by: chrisf on 2016-07-03, 10:50:43

Try with display errors on.

<?php

$o = `zip -h 2>&1`;
echo $o;

?>

It will not work until you ; (comnent out) disabled functions in /opt/php5*m/custom/php.ini

After comnenting out, you can then add shell_exec to admin php advanced diaabled functions and it will disabke it, remove it - it works!  The problem is with /opt/php5*m/custom/php.ini files.

Title: Re: php fpm shell_exec and exec
Post by: MRatWork on 2016-07-03, 14:51:37

Disable 'disable_functions' (with comnent out) is make unsecure for other php types (other then php-fpm).

Title: Re: php fpm shell_exec and exec
Post by: chrisf on 2016-07-03, 16:40:41

Then in server php configuration when updating advanced php configuration, all /opt/php5*m/custom/php.ini needs updated, also with /script/fixphp.

The value for disabled functions should be updated by KloxoMR panel.

Please fix this.  Thank you.

Title: Re: php fpm shell_exec and exec
Post by: MRatWork on 2016-07-03, 16:59:37

Wait for next upload.