Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle commonly-disabled functions more gracefully #1001

Open
zerocrates opened this issue Jan 24, 2023 · 0 comments
Open

Handle commonly-disabled functions more gracefully #1001

zerocrates opened this issue Jan 24, 2023 · 0 comments

Comments

@zerocrates
Copy link
Member

Shared hosts often disable exec/shell_exec and many related functions (annoyingly including escapeshellarg). In prior versions a disabled function emits a warning and returns null, and the places we use these tend to tolerate that kind of silent failure.

In PHP 8+, a disabled function is seen as not being defined at all. This is easier to detect but means that blindly using the function is a fatal error now, and we have some places where we just use these functions without checking or providing a configuration to avoid their use.

Minimally we should guard these with checks that the function exists, though some of them could potentially be removed entirely.

See https://forum.omeka.org/t/switching-from-php74-to-8-0-causes-file-uploading-problem/16451 for an example of this problem in action.

zerocrates added a commit that referenced this issue Mar 24, 2023
PHP 8+ makes disabled functions act as if not defined at all. To account
for this and the increased likelihood of hosts to disable functions
associated with process execution, check for function existence before
running mandatory calls to exec, shell_exec, or escapeshellarg. Other
calls like those in the default ExternalImageMagick derivative creator
can be avoided through configuration.

(#1001)
kimisgold pushed a commit that referenced this issue Jun 26, 2024
PHP 8+ makes disabled functions act as if not defined at all. To account
for this and the increased likelihood of hosts to disable functions
associated with process execution, check for function existence before
running mandatory calls to exec, shell_exec, or escapeshellarg. Other
calls like those in the default ExternalImageMagick derivative creator
can be avoided through configuration.

(#1001)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant