Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

escapeshellarg() has been disabled for security reasons

Tags:

upload

codeigniter-2

When I want to upload anything in any form I see the Warning: escapeshellarg() has been disabled for security reasons message on my site. What can I do to fix this?

My framework is codeigniter final version.

Here is the full warning:

A PHP Error was encountered

Severity: Warning

Message: escapeshellarg() has been disabled for security reasons

Filename: libraries/Upload.php
like image 920
Schizo Avatar asked Apr 30 '12 13:04

Schizo

3 Answers

The @ operator will silence any PHP errors the function could raise. You should never use it!

Solutions:

  1. Remove the escapeshellarg string from the disable_functions in php.ini file

  2. Ask your host provider to remove Remove the escapeshellarg string from the disable_functions in php.ini file if you don't have an access to the php.ini file

  3. make your own escapeshellarg. The function only escapes any single quotes in the given string and then adds single quotes around it.

    function my_escapeshellarg($input)
{
    $input = str_replace('\'', '\\\'', $input);
    return '\''.$input.'\'';
}

    and do something like this:

    // $cmd = 'file --brief --mime ' . escapeshellarg($file['tmp_name']) . ' 2>&1';
$cmd = 'file --brief --mime ' . my_escapeshellarg($file['tmp_name']) . ' 2>&1';

    But what is best is to extend the Upload.php library and override the _file_mime_type function instead of changing on the core of CodeIgniter so that you will not lose it if you ever want to update CodeIgniter.

    Helpful links: https://www.codeigniter.com/user_guide/general/core_classes.html

like image 127
Waqleh Avatar answered Nov 02 '22 00:11

Waqleh

Try

$cmd = 'file --brief --mime ' . @escapeshellarg($file['tmp_name']) . ' 2>&1';

Open Upload.php file from system/libraries folder and put @ in front of escapeshellarg($file['tmp_name']) at line 1066 and second thing upload this file under application/libraries folder that will be better, other wise no problem, you can replace system's Upload.php file.

like image 5
aman Avatar answered Nov 01 '22 23:11

aman

  1. Remove the escapeshellarg string from the disable_functions at php.ini* file

  2. Ask your hosting provider to remove the string above if you don't have an access to the php.ini* file

  3. Change hosting provider which allows the running of the escapeshellarg function.

from this website: http://www.2by2host.com/articles/php-errors-faq/disabled_escapeshellarg/

like image 2
keithics Avatar answered Nov 01 '22 23:11

keithics
Sign in to Comment

Related questions

Multipart File Upload in Ruby
how to prevent uploading of exe file in asp.net mvc
How to allow files uploading with WebView in Cocoa?
How to upload multiple files with Zend framework?
Big files uploading (WebException: The connection was closed unexpectedly)
WebKitFormBoundary included in file payload on direct upload to s3
Django app that can provide user friendly, multiple / mass file upload functionality to other apps
Uploading multiple files to blobstore (redux)
jQuery : a drag-and-drop upload with multi dropzone
ASP.NET Kendo UI Upload
How to change upload directory in my plugin uploader
Laravel 5.3, check if uploaded file is bigger than upload_max_filesize (optional upload)
Implementing ProgressDialog in Multipart Upload Request
CKeditor: missing "Upload" tab on image properties
php str_getcsv array issue
Putting default value in <input type=file....>
Upload large binary file to using Java Spring RestTemplate
How to preview an uploaded image as the background image of a div?
ByteArrayOutputStream to a FileBody
PHP Image uploader (with resize and crop) [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!