2

Is there any way to rewrite codeigniter's Upload.php library because I keep facing

escapeshellarg() has been disabled for security reasons

I've tried solution in this thread with putting @ in front of escapeshellarg but still cannont upload my images, thats just ignore the warning.

I've tried to contact the administrator of my hosting provide but for security reason they cannot enable it.

Is there I can do to trick this so i can upload images?

Community
  • 1
  • 1
chipz
  • 704
  • 1
  • 6
  • 11

4 Answers4

5

You can make your own escapeshellarg, it is a very simple function that only escapes any single quotes in the given string and then adds single quotes around it.

function my_escapeshellarg($input)
{
  $input = str_replace('\'', '\\\'', $input);

  return '\''.$input.'\'';
}

If your provider has however disabled other functions that Upload.php requires, you may be out of luck after all.

You can look up what functions are disabled by creating a simple .php file with the call phpinfo() in it. (search for disable_functions in the generated output)

dualed
  • 10,262
  • 1
  • 26
  • 29
3

Try replacing escapeshellarg with @escapeshellarg in system/libraries/Upload.php file.

vivex
  • 2,496
  • 1
  • 25
  • 30
0

This does not have anything to do with CI. The function has been disabled in the php.ini file. It is quite common to disable various insecure functions (seen from the perspective of a server administrator).

If you are using shared hosting then there is probably not much you can do about it. Try asking your provider.

If you can edit php.ini then open it, find the disable_functions field, and remove escapeshellarg from the list. Then restart the server. That should enable the function.

If you still have problems then ask your provider if it is at all possible to upload stuff. I mean, if your provider has intentionally removed all upload functionality then you would be wasting your time looking for a way to do it.

Sverri M. Olsen
  • 13,055
  • 3
  • 36
  • 52
  • 1
    I've tried to ask my provider administrator, but for some security reason they resist not to enable the escapeshellarg function, can i trick it, like change to code so i can still upload my images? – chipz Dec 30 '12 at 22:49
  • I think it would be easier to just find another way. For instance, is the cURL extension enabled? – Sverri M. Olsen Dec 30 '12 at 22:58
0

Go to system/libraries/Upload.php

Replacing

escapeshellarg with @escapeshellarg

if (DIRECTORY_SEPARATOR !== '\\') 
{ $cmd = 'file --brief --mime ' . @escapeshellarg ($file['tmp_name']) . ' 2>&1'; 
  • can you please share full link of Upload.php file.because i cant't find system/libraries/Upload.php file – msayubi76 Apr 16 '21 at 19:46