Warning: escapeshellarg() has been disabled for security reasons

Fragment of a discussion from Project:Support desk
Jump to: navigation, search

My ISP has disabled some php functions, a.o. passthru() and escapeshellarg(). This has to do with the risk of running these functions in combination with user-supplied arguments. So, in my case, this warning has nothing to do with the safe_mode setting in php.ini. My ISP claims that most security breaches could be traced back to the misuse of these functions. Security is, of course, also in our interest. I wonder how other ISP's can guarantee security, while leaving commands like passthru(), shell_exec(), and exec() open for user-supplied arguments.

82.169.100.5109:22, 10 April 2012

Other hosts configure their systems properly. Maybe they can also invest more money into qualified personal, maybe because their customers pay more or because they work more efficiently; reasons may vary.

88.130.101.24611:15, 10 April 2012