Menu
I would like to know how to test if system() or exec() is allowed on a server. I keep getting this error "Warning: exec() has been disabled for security reasons in ..."
I understand that the safe_mode function is depreciated in the php version my provider runs (5.3.3) so i cant use a get_ini('safe_mode') check.
What else to do?
I use this for a backup script. if the provider allows system, the script makes a tar file and mails it to me whenever a user logs in.
Thanks in advance.
543
Well, there's only two ways it can be disabled: safe_mode or disable_functions.
So you can do a check like:
function isAvailable($func) {
if (ini_get('safe_mode')) return false;
$disabled = ini_get('disable_functions');
if ($disabled) {
$disabled = explode(',', $disabled);
$disabled = array_map('trim', $disabled);
return !in_array($func, $disabled);
}
return true;
}
Oh, and function_exists should return true, since it's a core function (otherwise you could forge a core function and cause some real havoc on a host)... Therefore is_callable should also return true (since the function does exist). So the only ways to tell, are to check the ini settings, or to actually call it...
Edit: One other thing to note, there are several of ways to execute shell commands. Check out:
97
Testing for disabled functions and the presence of safe mode as shown by @ircmaxell is arguably the easiest way to go.
If you want to find out 1000% reliably whether execution of system commands is possible - there may be security patches like Suhosin that block this on another level - try to exec() an external command that is bound to work on all systems (including Windows), and is extremely unlikely to fail even if user rights are very tight.
Say
cd .
this should work (i.e. not return false, and return an error level code of 0) at least on all Linux, Windows and Unix flavours including OS X.
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
