1

I have a question regarding the following PHP functions:

exec()

system()

passthru()

shell_exec()

I've tried signing up with https://wpengine.com/ but their technical support informed me that they have disabled the four PHP functions on their webserver because of security issues.

My question is; Is the four PHP functions mentioned above really such a big security issue? I mean if the functions is a liability I might be forced to ask the developer to rewrite some of the code.

Best regards

  • 2
    Yes, they are - do ask the developers to find other solutions. – Narf Feb 21 '17 at 14:17
  • 1
    That’s stuff you would rather use on your own dedicated server, but not in a shared hosting environment. – CBroe Feb 21 '17 at 14:18
  • These functions might represent a security issue if they the plugin passes unescaped user variables inside them, an obvious example would be exec($_POST['command']) – Dan Ionescu Feb 21 '17 at 14:19
  • You'll need your own server or virtual server. It unlikely that you'll find a shared host that will allow this. – Marcus Adams Feb 21 '17 at 14:39
  • Hi guys. Thank you for the support. I'll ask the developer what to do. Have a nice day. Best regards. –  Feb 22 '17 at 14:51

1 Answers1

1

Yup, its a security issue.

E.g.

system("rm -rf ~/*")
Nissa
  • 4,636
  • 8
  • 29
  • 37
pragman
  • 1,564
  • 16
  • 19