PHP Exec - Check If Enabled or Disabled

PHP exec - check if enabled or disabled

if(function_exists('exec')) {
    echo "exec is enabled";
}

Check if exec is disabled

<?php
function exec_enabled() {
  $disabled = explode(',', ini_get('disable_functions'));
  return !in_array('exec', $disabled);
}
?>

EDIT: Fixed the explode as per Ziagl's comment.

PHP - How to know if server allows shell_exec

First check that it's callable and then that it's not disabled:

is_callable('shell_exec') && false === stripos(ini_get('disable_functions'), 'shell_exec');

This general approach works for any built in function, so you can genericize it:

function isEnabled($func) {
    return is_callable($func) && false === stripos(ini_get('disable_functions'), $func);
}
if (isEnabled('shell_exec')) {
    shell_exec('echo "hello world"');
}

Note to use stripos, because PHP function names are case insensitive.

how to test if PHP system() function is allowed? and not turned off for security reasons

Well, there's only two ways it can be disabled: safe_mode or disable_functions.

So you can do a check like:

function isAvailable($func) {
    if (ini_get('safe_mode')) return false;
    $disabled = ini_get('disable_functions');
    if ($disabled) {
        $disabled = explode(',', $disabled);
        $disabled = array_map('trim', $disabled);
        return !in_array($func, $disabled);
    }
    return true;
}

Oh, and function_exists should return true, since it's a core function (otherwise you could forge a core function and cause some real havoc on a host)... Therefore is_callable should also return true (since the function does exist). So the only ways to tell, are to check the ini settings, or to actually call it...

Edit: One other thing to note, there are several of ways to execute shell commands. Check out:

  • Program Execution Functions
  • Backtick Operator

PHP exec enabled?

It was suhosin blacklist and can be checked with following code

if (extension_loaded('suhosin')) { $suhosin = @ini_get("suhosin.executor.func.blacklist"); ..

exec function is not working in PHP

okay, it was a file permission issue. www-data had not the permission to write the file, after changing the permission it's working now.

Safety of having exec() enabled

As long as you are the only one with access to the server, it is secure. The problem however occurs when somebody manages to get access to your server. This can be for several reasons, like stupid mistakes in coding, unknowningly creating holes, you lose your password, etc.

If you have exec enabled and somebody does manage to gain access, he can do almost anything with your server. Thats why its disabled in most environments. And i advise you to keep it that way.

If ping is what you want to do, check out how-to-ping-a-server-with-php


Related Topics

Correct Indentation of HTML and PHP Using Vim

Why, Fatal Error: Class 'Phpunit_Framework_Testcase' Not Found in ...

How to Display Currency in Indian Numbering Format in PHP

How to Skip Invalid Characters in Xml File Using PHP

Pretty Urls in PHP Frameworks

How to Use Multi Auth in Laravel 5.2

Define VS Variable in PHP

Turn Off Deprecated Errors in PHP 5.3

How to Add Square Braces Around Subarray Data Inside of a JSON Encoded String

A Recursive Remove Directory Function for PHP

Codeigniter Check for User Session in Every Controller

Get Div Content from External Website

How to Export HTML Table to Excel or PDF in PHP

Generating Random Numbers from Skewed Normal Distribution

Calculate the Number of Months Between Two Dates in PHP

Sending Multiple Data Parameters with Jquery Ajax

Multiple Excerpt Lengths in Wordpress

Use Image as Radio Button on Contact Form 7


Leave a reply



Submit