Warning: escapeshellarg() has been disabled for security reasons

Fragment of a discussion from Project:Support desk
Jump to: navigation, search

My ISP has disabled some php functions, a.o. passthru() and escapeshellarg(). This has to do with the risk of running these functions in combination with user-supplied arguments. So, in my case, this warning has nothing to do with the safe_mode setting in php.ini. My ISP claims that most security breaches could be traced back to the misuse of these functions. Security is, of course, also in our interest. I wonder how other ISP's can guarantee security, while leaving commands like passthru(), shell_exec(), and exec() open for user-supplied arguments., 10 April 2012

Other hosts configure their systems properly. Maybe they can also invest more money into qualified personal, maybe because their customers pay more or because they work more efficiently; reasons may vary., 10 April 2012