Disabled php functions and whmcs

[raamee]

Hello,

 

I planning to disable some php functions in my server for saftey. So, will this affect whmcs any way?

 

Thanks.

 

Functions to be disabled:

 

"apache_child_terminate, apache_setenv, define_syslog_variables, escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode" 

[GORF]

I don't know the answer, but you should host your WHMCS on another server or VPS anyway. What if someone gained root acces to your clients' server? They would have all of your WHMCS data!

[raamee]

yes, but what are the consequences if we disable those ?

[minadreapta]

why don't you disable those and see if it still works?

[WHMCS John]

If you're using the server status script then disabling shell_exec and exec will stop that from working.

[GGWH-James]

Unless something has changed with the status script, it should work even with the exec family disabled as it checks for disabled functions and uses alternate methods to get the stats if they're in the disabled list. We're still using an older version of the status script because we'd customized it's output, but the function checking and alternate methods came built-in though; we didn't have to add them.

[Lawrence]

Unless something has changed with the status script, it should work even with the exec family disabled as it checks for disabled functions and uses alternate methods to get the stats if they're in the disabled list. We're still using an older version of the status script because we'd customized it's output, but the function checking and alternate methods came built-in though; we didn't have to add them.

 

The default WHMCS ones used to rely on those functions (not sure if it is still the case). I posted a modified version that did not. Perhaps that is the one you are using?

[GGWH-James]

The default WHMCS ones used to rely on those functions (not sure if it is still the case). I posted a modified version that did not. Perhaps that is the one you are using?

Just taking a look, the one we have in-use is from v3.8.1 Stable, but still works just fine for us with the later versions of WHMCS though. The only thing that we modified was the output of out of phpinfo.

[Lawrence]

Just taking a look, the one we have in-use is from v3.8.1 Stable, but still works just fine for us with the later versions of WHMCS though. The only thing that we modified was the output of out of phpinfo.

 

3.8.1 seems to have been released after my changed version

 

See this thread

http://forum.whmcs.com/showthread.php?t=12597

 

My changes were made on July 7th 2008 and 3.8.1 was released December 12th 2008

 

You will hear no complaints from me. It's one less addon to worry about