PHP exec - check if enabled or disabled
if(function_exists('exec')) {
echo "exec is enabled";
}
Check if exec is disabled
<?php
function exec_enabled() {
$disabled = explode(',', ini_get('disable_functions'));
return !in_array('exec', $disabled);
}
?>
EDIT: Fixed the explode as per Ziagl's comment.
PHP - How to know if server allows shell_exec
First check that it's callable and then that it's not disabled:
is_callable('shell_exec') && false === stripos(ini_get('disable_functions'), 'shell_exec');
This general approach works for any built in function, so you can genericize it:
function isEnabled($func) {
return is_callable($func) && false === stripos(ini_get('disable_functions'), $func);
}
if (isEnabled('shell_exec')) {
shell_exec('echo "hello world"');
}
Note to use stripos
, because PHP function names are case insensitive.
how to test if PHP system() function is allowed? and not turned off for security reasons
Well, there's only two ways it can be disabled: safe_mode
or disable_functions
.
So you can do a check like:
function isAvailable($func) {
if (ini_get('safe_mode')) return false;
$disabled = ini_get('disable_functions');
if ($disabled) {
$disabled = explode(',', $disabled);
$disabled = array_map('trim', $disabled);
return !in_array($func, $disabled);
}
return true;
}
Oh, and function_exists
should return true, since it's a core function (otherwise you could forge a core function and cause some real havoc on a host)... Therefore is_callable
should also return true (since the function does exist). So the only ways to tell, are to check the ini settings, or to actually call it...
Edit: One other thing to note, there are several of ways to execute shell commands. Check out:
- Program Execution Functions
- Backtick Operator
PHP exec enabled?
It was suhosin blacklist and can be checked with following code
if (extension_loaded('suhosin')) { $suhosin = @ini_get("suhosin.executor.func.blacklist"); ..
exec function is not working in PHP
okay, it was a file permission issue. www-data had not the permission to write the file, after changing the permission it's working now.
Safety of having exec() enabled
As long as you are the only one with access to the server, it is secure. The problem however occurs when somebody manages to get access to your server. This can be for several reasons, like stupid mistakes in coding, unknowningly creating holes, you lose your password, etc.
If you have exec enabled and somebody does manage to gain access, he can do almost anything with your server. Thats why its disabled in most environments. And i advise you to keep it that way.
If ping is what you want to do, check out how-to-ping-a-server-with-php
Related Topics
Correct Indentation of HTML and PHP Using Vim
Why, Fatal Error: Class 'Phpunit_Framework_Testcase' Not Found in ...
How to Display Currency in Indian Numbering Format in PHP
How to Skip Invalid Characters in Xml File Using PHP
How to Use Multi Auth in Laravel 5.2
Turn Off Deprecated Errors in PHP 5.3
How to Add Square Braces Around Subarray Data Inside of a JSON Encoded String
A Recursive Remove Directory Function for PHP
Codeigniter Check for User Session in Every Controller
Get Div Content from External Website
How to Export HTML Table to Excel or PDF in PHP
Generating Random Numbers from Skewed Normal Distribution
Calculate the Number of Months Between Two Dates in PHP
Sending Multiple Data Parameters with Jquery Ajax