kiwi64ajs
Forum Replies Created
-
Forum: Plugins
In reply to: [BackUpWordPress] Warning: exec() has been disabled for security reasonsHi Guys,
I just checked version 3.4.5 and neither the space or comma delimited handling or the extra protections around the exec call made it into the 3.4.5 release as both were really required.
However I just went and checked the code-base again and it looks like you’ve removed the exec() code and moved to the process() variants to better resolve the issue anyway, so I guess my question is do you have any idea of when this new approach will be ready for release?
Currently I’m manually editing the code to include the space+comma separate line change which solved my immediate issue but be good to get it resolved “properly”
Thanks for all your work
Regards
Alex Shepherd
Forum: Plugins
In reply to: [BackUpWordPress] Warning: exec() has been disabled for security reasonsOk, I confirmed the problem was the missing comma delimiters in the disable_functions line in the INI file.
Replacing the space delimiters with commas fixed the warning as the library calls can correctly find “exec” in the disable_functions list now. The sys admins are now working to resolve this but this will have been a bug that has been there for many years…
Alex
Forum: Plugins
In reply to: [BackUpWordPress] Warning: exec() has been disabled for security reasonsOk here is some more info:
The file /etc/php5/cgi does NOT define any functions – here is the sections:
; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/disable-functions
disable_functions =The file: /etc/php5/virtual/ajsystems.co.nz.ini DOES define several functions:
disable_functions = exec shell_exec system passthru popen virtual show_source pclose
However, I do note the comment says ” receives a comma-delimited list of function names” whereas this list is space delimited. So I’m now following up on this as it may well be the cause of the problem?
Forum: Plugins
In reply to: [BackUpWordPress] Warning: exec() has been disabled for security reasonsOk, I made the change to:
$output = $return_status = null;
And yes the errors have gone now.
I’ll need to check with our system admins to know how the exec() function is being disabled. It’s on a shared Linux hosting cluster so I expect it will be a global setting for all virtual hosts on the servers.
Looking at the output from one of the WordPress phpinfo plugins it lists info about the INI files and it looks like its loading: /etc/php5/virtual/ajsystems.co.nz.ini
Here is the full output:
System Linux shark 3.13.0-77-generic #121~precise1-Ubuntu SMP Wed Jan 20 18:02:20 UTC 2016 x86_64
Build Date Oct 28 2015 01:39:33
Server API CGI/FastCGI
Virtual Directory Support disabled
Configuration File (php.ini) Path /etc/php5/cgi
Loaded Configuration File /etc/php5/virtual/ajsystems.co.nz.ini
Scan this dir for additional .ini files /etc/php5/cgi/conf.d
Additional .ini files parsed /etc/php5/cgi/conf.d/apc.ini, /etc/php5/cgi/conf.d/curl.ini, /etc/php5/cgi/conf.d/gd.ini, /etc/php5/cgi/conf.d/imagick.ini, /etc/php5/cgi/conf.d/imap.ini, /etc/php5/cgi/conf.d/ioncube.ini, /etc/php5/cgi/conf.d/ldap.ini, /etc/php5/cgi/conf.d/mcrypt.ini, /etc/php5/cgi/conf.d/mysql.ini, /etc/php5/cgi/conf.d/mysqli.ini, /etc/php5/cgi/conf.d/odbc.ini, /etc/php5/cgi/conf.d/pdo.ini, /etc/php5/cgi/conf.d/pdo_mysql.ini, /etc/php5/cgi/conf.d/pdo_odbc.ini, /etc/php5/cgi/conf.d/pdo_pgsql.ini, /etc/php5/cgi/conf.d/pdo_sqlite.ini, /etc/php5/cgi/conf.d/pgsql.ini, /etc/php5/cgi/conf.d/pspell.ini, /etc/php5/cgi/conf.d/recode.ini, /etc/php5/cgi/conf.d/suhosin.ini, /etc/php5/cgi/conf.d/tidy.ini, /etc/php5/cgi/conf.d/xmlrpc.ini, /etc/php5/cgi/conf.d/xsl.iniI’ll confirm what is going on with the system admins as yes it would be good of this could be detected correctly using the library calls.
Regards
Alex Shepherd
Forum: Plugins
In reply to: [BackUpWordPress] Warning: exec() has been disabled for security reasonsOk, I grabbed the changed fixed file from github and it was still complaining so I had to change the code to add the line to set the $return_status variable and set it to 0 and renamed your $return variable to $return_status to make it a bit more obvious
// Can we issue a simple echo command?
Added-> $output = $return_status = 0;
@exec( ‘echo backupwordpress’, $output, $return_status );if ( 0 !== $return_status ) {
return false;
}Now that Warning has gone away but now I have another exec related warning showig in the box at the top of the screen. error :
BackUpWordPress detected issues with your last backup.
php: exec() has been disabled for security reasons, <virtual_host_dir>/wp-content/plugins/backupwordpress/classes/backup/class-backup-engine-file-zip.php, 93So not out of the exec() woods yet 😉
Regards Alex Shepherd
Thanks for the quick reply.
I guess I was thinking more of doing a SQL update query that:
1) took orders with the meta_type record of _pip_invoice_number and renamed that meta_type to _wcpdf_formatted_invoice_number but keep the same meta_value, which is the formatted invoice number.
2) create another post_meta record with the meta_type of: _wcpdf_invoice_number and set the meta_value to be the same as the _wcpdf_formatted_invoice_number value with the leading ‘W’ removed.
3) create another record with the _wcpdf_invoice_date set to the value in the _paid_date record
4) create another record with the _wcpdf_invoice_exists set to 1
Is there anything else I need to do to convert the old invoices to new ones?
Regards
Alex Shepherd