Dangerous PHP Functions Enabled

[Yasir Rehman]

I Want To Create A Forum So That's Why Have Installed IPS On A Shared Hosting Now The IPS Is Showing This Warning.

Dangerous PHP Functions Enabled
We recommend disabling the following functions on your server, or at least in the directory that your community is installed in. If you do not manage your server yourself, your hosting provider will be able to assist with this.
exec, system, popen, proc_open, shell_exec


And The Hosting Provider Says Disabling These Functions Can Be Done.
Now I Want To Know What Will Happen If I Leave Them Just Like That.(Explain With Details)
or can i force it to be disabled just in my hosting by using .htaccess

Note: I'm Poor AF So Can't Afford Any Other Hosting/VPS.

 

[Maddox]

There is a thread over at IPS discussing this - https://invisioncommunity.com/forum...us-php-function/?tab=comments#comment-2736224

If you are on shared hosting and your host will not disable them for you, you can add a php.ini file to disable them - however, and this is the nasty bit, you need to upload the php.ini file to every folder for it to be fully effective (that's if your host does not allow recursive files). Adding the file to the admin folder only will stop the warning showing, but that doesn't mean those extensions are fully disabled.

Hope that helps.

 

[KnownHost]

Now I Want To Know What Will Happen If I Leave Them Just Like That.(Explain With Details).

Generally speaking leaving these functions enabled can make it easier if someone happens to find an exploit for your website.

So for instance exec allows a PHP script to execute a shell based commands (think modify, delete, move files). If none of your code uses these functions then it's nothing really to worry about, however, if someone can upload code that includes these functions then it makes it much easier for them to do nefarious things.

I'd play it safe and disable them with either htaccessor a php.ini file.

 

[Yasir Rehman]

There is a thread over at IPS discussing this - https://invisioncommunity.com/forum...us-php-function/?tab=comments#comment-2736224

If you are on shared hosting and your host will not disable them for you, you can add a php.ini file to disable them - however, and this is the nasty bit, you need to upload the php.ini file to every folder for it to be fully effective (that's if your host does not allow recursive files). Adding the file to the admin folder only will stop the warning showing, but that doesn't mean those extensions are fully disabled.

Hope that helps.

So That Means I'll Have To Upload/Place A php.ini File To Every Folder Of My IPS Main Dir And That Will Do The Job??

 

[KnownHost]

So That Means I'll Have To Upload/Place A php.ini File To Every Folder Of My IPS Main Dir And That Will Do The Job??

You can use just the top-level directory.

So say you have public_html/ips/stuff

If you place the file in public_html/ips/ then anything under that folder is already covered. The higher up you go the more folders are covered/impacted by those settings.

 

[Maddox]

You can use just the top-level directory.

That doesn't work on some shared hosting if they do not allow recursive files that affect all folders. My own host does not allow this so a php.ini file needs to go into every folder for total effectiveness; this is a pain as there are hundreds of folders. Placing the php.ini file in the top directory has no effect unless recursive.