XF 1.3 Upgrading to 1.3 - disabled core PHP functions disable_functions in php.ini

Skylined

Skylined

Well-known member
I'm updating to v1.3 in a test forum and I've received this message.

The following warnings were detected when verifying that your server can run XenForo:
  • Your server has disabled core PHP functions via the disable_functions directive in php.ini. Depending on the functions that have been disabled, this may cause unexpected problems in XenForo. All PHP functions should be enabled.
These may affect the proper execution of XenForo at times and should be resolved if possible.
Click to expand...


I've contacted my hosting and they told me that they cannot change php.ini settings for security reasons.
The message clearly says that all PHP functions should be enabled, but I would really like to know if they are all really needed, because that would mean that I would have to switch my hosting, which I've just renewed for a whole year. :(
 
Sort by date Sort by votes
Thanks @Brogan, I saw that one, but I have quite a few more disabled functions.

system, shell, exec, system_exec, shell_exec, mysql_pconnect, passthru, popen, proc_open, proc_close, proc_nice, proc_terminate, proc_get_status, escapeshellarg, escapeshellcmd, eval
 
Upvote 0 Downvote
If version 1.2.x currently runs then you should have no problem running 1.3.
You may however encounter problems with future versions of XenForo, if any of those functions are utilised.
 
Upvote 0 Downvote
You should ask your host why eval is blocked... It's a useful function, and can only be used for harm in badly-written scripts.

I'm also almost certain that it is used in places in XF...

Liam
 
Upvote 0 Downvote
Unfortunately, I have to say that's a good example of a bad list of disabled functions. There are very valid uses for some of those functions -- XenForo does use at least one of them. Two of those functions are simply string manipulation functions.

Also the attempt to disable eval is useless as technically eval isn't a function.
 
Upvote 0 Downvote
Well, in general you should be fine to continue, but there may be a feature that uses one of those functions in the future. We can't really give a 100% definitive list of the functions used by XenForo (or add-ons) as it's always subject to change. I'd say it's worth keeping it in mind at least.

Most of those functions relate to executing a command via the command line or executing a separate process. They are attempting to use this function for security, but chances are there are ways around it as is.
 
Upvote 0 Downvote
My host says:

"Unfortunately, I cannot give you that specific information for security reasons. However, you can enable most anything that is not enabled via custom php.ini inside your website. "All PHP functions should be enabled" is very broad. Once installed if there is an option required that is not hopefully the software will let you know. We can then give you the proper instructions on how to enable it".
 
Upvote 0 Downvote
I found this in my php.ini

Code: 
; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/disable-functions
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,

So I must change it to this?
Code: 
;disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
 
Upvote 0 Downvote
Thank you @Mike . Maybe you can insert a message in the upgrade process that said, what php function must switched off if we make a update.

Some settings in the PHP.ini serve even security. On security, no one wants to miss.
Is that possible?
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

R
  • Solved
XF 2.2 Unwelcome message PHP functions disabled by hosting site
Replies
2
Views
531
Paul B
P
L
  • Question Question
Core PHP functions: do they really need to be enabled?
Replies
9
Views
902
FTL
FTL
Gossamer
  • Question Question
XF 2.1 Disabled Core PHP Functions
Replies
9
Views
2K
expanserpb
E
PabloC
  • Question Question
PHP function exec via the disable_functions directive in php.ini
Replies
3
Views
3K
PabloC
PabloC
vbuser
  • Question Question
XF 2.0 Your server has disabled a core PHP function exec
Replies
9
Views
3K
Mike
Mike
Back
Top Bottom