Handle commonly-disabled functions more gracefully #1001
Comments
zerocrates
added a commit
that referenced
this issue
Mar 24, 2023
PHP 8+ makes disabled functions act as if not defined at all. To account for this and the increased likelihood of hosts to disable functions associated with process execution, check for function existence before running mandatory calls to exec, shell_exec, or escapeshellarg. Other calls like those in the default ExternalImageMagick derivative creator can be avoided through configuration. (#1001)
kimisgold
pushed a commit
that referenced
this issue
Jun 26, 2024
PHP 8+ makes disabled functions act as if not defined at all. To account for this and the increased likelihood of hosts to disable functions associated with process execution, check for function existence before running mandatory calls to exec, shell_exec, or escapeshellarg. Other calls like those in the default ExternalImageMagick derivative creator can be avoided through configuration. (#1001)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Shared hosts often disable exec/shell_exec and many related functions (annoyingly including escapeshellarg). In prior versions a disabled function emits a warning and returns null, and the places we use these tend to tolerate that kind of silent failure.
In PHP 8+, a disabled function is seen as not being defined at all. This is easier to detect but means that blindly using the function is a fatal error now, and we have some places where we just use these functions without checking or providing a configuration to avoid their use.
Minimally we should guard these with checks that the function exists, though some of them could potentially be removed entirely.
See https://forum.omeka.org/t/switching-from-php74-to-8-0-causes-file-uploading-problem/16451 for an example of this problem in action.
The text was updated successfully, but these errors were encountered: