Core PHP Functions?

The Sandman

Well-known member
I'm doing the upgrade from XenForo 1.3.0 Beta 4 to Release Candidate 1. This is the first time I'm installing/upgrading XenForo on the new server, and I received the following warning message:

Your server has disabled core PHP functions. This may cause unexpected problems in XenForo. All PHP functions should be enabled.

Which functions does this refer to?
 
You have just moved servers, hence why you are seeing this now and not for previous 1.3 releases.

As the message states, enable the PHP functions.
@MattW should be able to sort that for you.
 
You have just moved servers, hence why you are seeing this now and not for previous 1.3 releases.

As the message states, enable the PHP functions.
@MattW should be able to sort that for you.
I did get a message from XenForo when upgrading on the old server as well. It went something like:
Dude - you're using a way obsolete version of PHP. Expect to have numerous issues and unexplained slowdowns/failures until you upgrade to a proper version of PHP.

Enabling the functions isn't a problem - I'm just wondering if there is a list of what XenForo considers to be the required core PHP functions for it to work properly.
 
Upload a PHPinfo page on your server.

Either PHP is running in safe mode or there are manually disabled functions in php.ini. The phpinfo output will tell you which this is. Just ctrl+f for safe_mode and disable_functions. You will be able to see exactly what config options are set that disable what functions.

Depending on your hosting config you may not be able to change this. Some shared hosts force PHP to run with disabled functions in a misguided security precaution.
 
I'm getting the same warning while upgrading and I was thinking about this.

show_source, system, shell_exec, passthru, exec, popen, proc_open, allow_url_fopen

These are the disabled php functions on my server and I don't think it is a good idea to enable them on a shared server.

Which ones does xenforo need exactly in order to function properly?
 
I spoke with WiredTree and they told me than the only disabled core functions were: curl, enchant, snnp library, pgsql, and system time zone. They apparently believe there is good reason for these to be disabled. Does XenForo require any of these functions to work properly?
 
Last edited:
I spoke with WiredTree and they told me than the only disabled core functions were: curl, enchant, snnp library, pgsql, and system time zone. They apparently believe there is good reason for these to be disabled. Does XenForo require any of these functions to work properly?
Xenforo needs system function
 
I'm getting the same warning while upgrading and I was thinking about this.

show_source, system, shell_exec, passthru, exec, popen, proc_open, allow_url_fopen

These are the disabled php functions on my server and I don't think it is a good idea to enable them on a shared server.

Which ones does xenforo need exactly in order to function properly?
Xenforo needs system, shell_exec, passthru, exec
 
I'm getting
The following warnings were detected when verifying that your server can run XenForo:
  • Your server has disabled core PHP functions. This may cause unexpected problems in XenForo. All PHP functions should be enabled.
These may affect the proper execution of XenForo at times and should be resolved if possible.
Tim @ Nimbus says these are the only disabled functions in PHP and are disabled by default:
system, proc_open, parse_ini_file, show_source
I wish the above message was more specific.
 
It simply displays if any functions are disabled. There are no functions that are disabled in the default PHP configuration, though different distributions might disable certain functions.

For example, your disabled functions are a bit strange:
  • system is similar to running something from the command prompt so I can sort of understand the idea, but there are a ton of other functions that do this too (not to mention that PHP can likely do anything bad itself).
  • proc_open is similar to system, but the other functions that do this mean that disabling is pointless.
  • parse_ini_file does what it says -- disabling this seems equivalent to disabling a function like fgetscsv.
  • show_source is an alias of highlight_file so the disable likely doesn't work for that anyway. Regardless, there's nothing to prevent someone from simply reading the file directly (and running highlight_string if they want highlighting).
I should also note that I have used these functions before in my career for completely legitimate things. Disabling functions provides no real security, but instead gets in the way of legitimate code.
 
Top Bottom