[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[sr #110984] [php] Disabling php exec function breaks multiple things
|
From: |
Jing Luo |
|
Subject: |
[sr #110984] [php] Disabling php exec function breaks multiple things |
|
Date: |
Wed, 20 Dec 2023 08:56:54 -0500 (EST) |
URL:
<https://savannah.nongnu.org/support/?110984>
Summary: [php] Disabling php exec function breaks multiple
things
Group: Savannah Administration
Submitter: jing
Submitted: Wed 20 Dec 2023 10:56:52 PM JST
Category: Savane
Priority: 5 - Normal
Severity: 5 - Blocker
Status: None
Assigned to: None
Originator Email:
Operating System: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Wed 20 Dec 2023 10:56:52 PM JST By: Jing Luo <jing>
A recent commit of savane introduced php.ini, which has a line
"disable_functions = exec,passthru,popen,shell_exec,system". apache.conf also
has a line doing the same thing, but that's another story.
This doesn't work for me: exec is being used by these files:
./frontend/php/include/utils.php: exec ("rm -fr $dir");
./frontend/php/include/account.php: $pwqgen = exec ("pwqgen");
./frontend/php/include/vcs/git.php: exec ("grep -A 3
'^repo\.url=$group_name\(/\|\.git$\)' $sys_etc_dir/cgitrepos", $output);
It breaks login, register (new user), get list from cgit, and gpg.
Because in apache.conf, we already have SetHandler default-handler, I don't
think disabling exec is necessary.
_______________________________________________________
Reply to this item at:
<https://savannah.nongnu.org/support/?110984>
_______________________________________________
Message sent via Savannah
https://savannah.nongnu.org/
- [sr #110984] [php] Disabling php exec function breaks multiple things,
Jing Luo <=