Elxis CMS Forum
Support => General => Topic started by: forgetms on November 12, 2009, 09:49:10
-
http://wiki.elxis.org/wiki/PHP_settings
suggets popen() be disabled:
disable_functions = "system, exec, passthru, shell_exec, suexec, dbmopen, popen, proc_open, disk_free_space, diskfreespace, set_time_limit, leak"
I blindly did it as it suggests and lost countless number of hours digging com_contacts for the cause of mulfunction. Com_contacts calls popen() to sendmail.
Com_contact (or elxis) silently discards the error message from the failed popen() call. If you include "popen" in disable_functions as this wiki entry suggests, you will never get emails from your visitors but your visitors believe you do! >:(
Regards,
CN
-
Com_contact (or elxis) silently discards the error message from the failed popen() call. If you include "popen" in disable_functions as this wiki entry suggests, you will never get emails from your visitors but your visitors believe you do!
WHO TOLD YOU THIS?
what is your elxis version?
-
popen is being used by a third party class (phpmailer) when you send e-mails via sendmail (Elxis core does not uses popen).
Besides this, our security recommendation is still the same: add popen to the disable_functions directive. If you do that select to send e-mails via SMTP or PHP mail. The mail function is 100% safe but popen except from sending e-mails can also be used to execute commands on the web server and this is something that it might be unsafe. So, our recommendation for having a safer site environment is to keep it disabled. If you search elxis you will also find the dl function which I also recommended you to keep it disabled (if I remember correctly the dl function will soon be removed from php). The dl function is used is a very special case, very rare to be executed (loading of extension GD2 by a specific feature on servers with no GD support).
The wiki article was updated.