Home  >   Forum Home  >  Technical Support Forums  >  Technical Support  >  Thread
   
 
PHP Security Vulnerability
 
RavenStrider
Posted: 12 January 2005 06:01 AM   [ Ignore ]  
Grad Student
Avatar
Rank
Total Posts:  34
Joined  01-29-2003

Hi! My webhost has emailed me about this:

PHP Security

Thus, I’m quoting my webhost, on this one:

The following functions have been disabled in PHP and probably will not
be enabled again:

exec
system
shell_exec
proc_open
passthru

My question is… will this have an effect on EE functionality?
Profile
 
 
Nevin Lyne
Posted: 12 January 2005 09:26 AM   [ Ignore ]   [ # 1 ]  
Moderator
Avatar
RankRankRankRank
Total Posts:  1075
Joined  08-01-2002

Actually like the article says, its not actually a security issue with PHP, but was an issue with phpBB that allowed outside people to use functions in php to run their own code, but to answer your question, I believe the removal of exec will affect the usage of ImageMagic or NetPBM as image libraries so you will probably need to rely on GD2 if integrated with your hosts php version.  I am not positive whatelse it might affect, but that is the only thing that I can think of that EE would be using external calls for.  Rick or Paul can probably chip in more information.

 Signature 
Profile
 
 
Rick Ellis
Posted: 12 January 2005 10:01 AM   [ Ignore ]   [ # 2 ]  
Administrator
Avatar
RankRankRankRankRank
Total Posts:  2541
Joined  12-21-2001

We use exec with the image manipulation functions and nothing else.

By the way, our secirity filtering actually looks for instances of those words in GET, POST, COOKIE, etc. requests and filters them out.

 Signature 
Profile
MSG
 
 
RavenStrider
Posted: 12 January 2005 10:24 AM   [ Ignore ]   [ # 3 ]  
Grad Student
Avatar
Rank
Total Posts:  34
Joined  01-29-2003

Thanks for the info.

I’m using GD2 as my image manipulation library.
Profile
 
 
   
 
 
‹‹ Assigning a Variable      blogger api - Invalid Section Selection ››
Post Marker Legend
New Topic New posts Hot Topic Hot Topic with new posts New Poll New Poll Moved Topic Moved Topic Sticky Topic Sticky topic
Old Topic No new posts Hot Old Topic Hot Topic with no new posts Old Poll Old Poll Closed Topic Closed Topic Announcement Announcements
Theme
Change Theme
Visitor Statistics
The most visitors ever was 1149, on July 16, 2007 09:33 AM
Total Registered Members: 64978 Total Logged-in Users: 29
Total Topics: 82017 Total Anonymous Users: 17
Total Replies: 440817 Total Guests: 175
Total Posts: 522834    
Members ( View Memberlist )
Newest Members:  hazlett_davidkpspokeli9htcluizmbentsitjmattdennis3pparkkinlikewisesoftwareicam coordinator
Active Members:    Alejandro MutAlicatBatdelfuegobcartierbkuberekBmovieCarloCrssp-eeCrucialDEAEfraín BárcenahothousegraphixiainIngmar GreiljeremydgreatjhudakjtrollKevin Althauskirkarachalouderthan10M SwindlerMacDeathmarcel_villeriusMike YoungnyeomanParamore Reddramonekalsawrmedekswillia1
Powered By ExpressionEngine
ExpressionEngine Discussion Forum - Version 2.1.1 (20081028)
Script Executed in 0.3675 seconds
Atom Feed   RSS 2.0