| 
Welcome, Guest
Joomlapolis Forum
Archives
CB
CB 1.0
Bugs

Possible issue if exec() disabled
(1 viewing) (1) Guest
  • Page:
  • 1

TOPIC: Possible issue if exec() disabled

Possible issue if exec() disabled 5 years, 9 months ago #12585

  • Posts:
  • Karma:
Hi - please excuse CB newbie if this is known issue - I've just installed CB today. Let me know if this is a proper bug and I should put on the tracker.

Issue: com_comprofiler may generate notices and warnings if PHP exec() is disabled (as is the case with e.g. my host, for security reasons).

My setup:
PHP 4.4.2 Apache 1.3.34 WinXP MySQL 4.1.18 (MySQL client libs 3.23.49)
php.ini includes:
* disable_functions shell_exec,exec,system,passthru,popen
* error_reporting 2047
Joomla 1.0.8
CB 1.0 Stable

To Reproduce:
(1) Login as administrator
(2) Go to the CB Configuration Manager
(.../administrator/index2.php?option=com_comprofiler&task=showconfig)

Results: Various notices and warnings starting with:
Notice: Undefined variable: output in c:\program files\apache group\apache\htdocs\joomla\administrator\components\com_comprofiler\imgToolbox.class.php on line 626
Notice: Undefined variable: status in c:\program files\apache group\apache\htdocs\joomla\administrator\components\com_comprofiler\imgToolbox.class.php on line 626
Warning: exec() has been disabled for security reasons in c:\program files\apache group\apache\htdocs\joomla\administrator\components\com_comprofiler\imgToolbox.class.php on line 626
...

Here's the relevant bit from imgToolbox.class.php:
function testIM(){
   exec('convert -version', $output, $status);
   ...
}
function testNetPBM(){
   exec('jpegtopnm -version 2>&1',  $output, $status);
   ...
}

I guess this is looking to see what image software can be used. Sadly none since our host has blocked it

Other impacts: Cursory view of imgToolbox.class.php suggests it may rely on availability of exec() elsewhere, but perhaps only the ones at lines 626 and 634 really matter since the others will not be called of those fail.

Possible solution/workround: check ini_get(disable_functions) and give up on the tests immediately if it contains "exec". Here's what I did to fix it for me. 
$ diff imgToolbox.class.php imgToolbox.class.php.old
625,628d624
<     // Check if exec() is disabled, e.g. for security reasons
<     function isExecDisabled(){
<         return in_array( 'exec', explode( ',',ini_get( 'disable_functions' ) ) );
<     }
630,632d625
<         if($this->isExecDisabled()){
<             return false;     // exec() is disabled, so give up
<         }
641,643d633
<         if($this->isExecDisabled()){
<             return false;     // exec() is disabled, so give up
<         }


I hope this is useful.

Best wishes,

Mark.
The topic has been locked.

Re:Possible issue if exec() disabled 5 years, 7 months ago #15706

  • Posts:
  • Karma:
Hi y have the same problem but y can´t find the directory where one is the file ini_get

Help PLEASE!!!
The topic has been locked.

Re:Possible issue if exec() disabled 5 years, 7 months ago #15727

  • Posts:
  • Karma:
plumbley wrote:
Hi - please excuse CB newbie if this is known issue - I've just installed CB today. Let me know if this is a proper bug and I should put on the tracker.

Issue: com_comprofiler may generate notices and warnings if PHP exec() is disabled (as is the case with e.g. my host, for security reasons).

My setup:
PHP 4.4.2 Apache 1.3.34 WinXP MySQL 4.1.18 (MySQL client libs 3.23.49)
php.ini includes:
* disable_functions shell_exec,exec,system,passthru,popen
* error_reporting 2047
Joomla 1.0.8
CB 1.0 Stable

To Reproduce:
(1) Login as administrator
(2) Go to the CB Configuration Manager
(.../administrator/index2.php?option=com_comprofiler&task=showconfig)

Results: Various notices and warnings starting with:
Notice: Undefined variable: output in c:\program files\apache group\apache\htdocs\joomla\administrator\components\com_comprofiler\imgToolbox.class.php on line 626
Notice: Undefined variable: status in c:\program files\apache group\apache\htdocs\joomla\administrator\components\com_comprofiler\imgToolbox.class.php on line 626
Warning: exec() has been disabled for security reasons in c:\program files\apache group\apache\htdocs\joomla\administrator\components\com_comprofiler\imgToolbox.class.php on line 626
...

Here's the relevant bit from imgToolbox.class.php:
function testIM(){
   exec('convert -version', $output, $status);
   ...
}
function testNetPBM(){
   exec('jpegtopnm -version 2>&1',  $output, $status);
   ...
}

I guess this is looking to see what image software can be used. Sadly none since our host has blocked it

Other impacts: Cursory view of imgToolbox.class.php suggests it may rely on availability of exec() elsewhere, but perhaps only the ones at lines 626 and 634 really matter since the others will not be called of those fail.

Possible solution/workround: check ini_get(disable_functions) and give up on the tests immediately if it contains "exec". Here's what I did to fix it for me. 
$ diff imgToolbox.class.php imgToolbox.class.php.old
625,628d624
<     // Check if exec() is disabled, e.g. for security reasons
<     function isExecDisabled(){
<         return in_array( 'exec', explode( ',',ini_get( 'disable_functions' ) ) );
<     }
630,632d625
<         if($this->isExecDisabled()){
<             return false;     // exec() is disabled, so give up
<         }
641,643d633
<         if($this->isExecDisabled()){
<             return false;     // exec() is disabled, so give up
<         }


I hope this is useful.

Best wishes,

Mark.


Cool. Thanks for the hint. Please log it with link to this thread at the bug tracker on forge:

forge.joomla.org/sf/tracker/do/listArtif...ects.cb/tracker.bugs

Thanks
Beat
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly
CB links: Subscribe to CB documentation - Our templates - Paid Subscriptions - Get Hosting - Our Forge - Incubator
Visit my CB Profile - Send me a Private Message (PM)
--
help us spend more time coding by helping others in this forum, many thanks
The topic has been locked.

Re:Possible issue if exec() disabled 5 years, 6 months ago #18411

  • Posts:
  • Karma:
Hi!

It was not clearly for me which archive and that lines I have that to edit…

Sory may native language is portugues.

Thanks.
The topic has been locked.

Re:Possible issue if exec() disabled 5 years, 4 months ago #22060

  • Posts:
  • Karma:
hi mate, this sounds like what I need. However I am unsure where to paste your code that you have provided? and what to remove?

Thanks
The topic has been locked.
  • Page:
  • 1
Joomlapolis Forum
Archives
CB
CB 1.0
Bugs
Powered by Kunena
Time to create page: 1.32 seconds