Project

General

Profile

Actions

Bug #93221

open

Environment status: error message for disable_functions ist not helping

Added by Andreas Kiessling about 3 years ago. Updated about 2 months ago.

Status:
Accepted
Priority:
Should have
Assignee:
-
Category:
Install Tool
Target version:
-
Start date:
2021-01-05
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

My hoster currently has proc_open included in the disable_functions, this causes errors with the new Symfony mailer.

They do show up in the error log:
Core: Error handler (FE): PHP Warning: proc_open() has been disabled for security reasons in /var/www/foo/bar/vendor/symfony/mailer/Transport/Smtp/Stream/ProcessStream.php line 41

However, the error message from the Environment module does not help at all

Some PHP functions disabled
disable_functions=passthru shell_exec system proc_open popen parse_ini_file show_source These function(s) are disabled. TYPO3 uses some of those, so there might be trouble. TYPO3 is designed to use the default set of PHP functions plus some common extensions. Possibly these functions are disabled due to security considerations and most likely the list would include a function like exec() which is used by TYPO3 at various places. Depending on which exact functions are disabled, some parts of the system may just break without further notice.

I'd expect to get a more detailed information, so i can tell my hoster what to change and why that setting is needed, before i get the first error in the log


Files

93221_fake.png (168 KB) 93221_fake.png Oliver Hader, 2024-01-31 09:54

Related issues 2 (1 open1 closed)

Related to TYPO3 Core - Feature #91783: Add "allow list" for php.ini setting disable_functionsUnder Review2020-07-11

Actions
Related to TYPO3 Core - Feature #46219: Central system environment checkClosed2013-03-12

Actions
Actions #1

Updated by Andreas Kiessling about 3 years ago

  • Description updated (diff)
Actions #2

Updated by Andreas Kiessling about 3 years ago

I just checked the code for that error, and it just checks if there are any functions disabled, even if they are not needed at all.
There is already an allowlist config #91783, but imho we should do better here or ship with a default config for #91783 to filter out the usual suspects

Actions #3

Updated by Andreas Kiessling about 3 years ago

  • Related to Feature #91783: Add "allow list" for php.ini setting disable_functions added
Actions #4

Updated by Oliver Hader about 2 months ago

  • Status changed from New to Accepted
Actions #5

Updated by Oliver Hader about 2 months ago

The corresponding code at https://github.com/TYPO3/typo3/blob/v13.0.0/typo3/sysext/install/Classes/SystemEnvironment/Check.php#L364-L383 just checks for the existence of the disable_functions PHP setting. It lacks filtering for PHP functions that are actually required by TYPO3.

The following screenshot shows random words that were configured for testing purposes - actually none of these "functions" is a real PHP function, and none of them is used/required by TYPO3.

Actions #6

Updated by Oliver Hader about 2 months ago

  • Category changed from Reports to Install Tool
Actions #7

Updated by Oliver Hader about 2 months ago

  • Related to Task #82257: Install tool: Use ext:core messaging added
Actions #8

Updated by Oliver Hader about 2 months ago

  • Related to deleted (Task #82257: Install tool: Use ext:core messaging)
Actions #9

Updated by Oliver Hader about 2 months ago

Actions

Also available in: Atom PDF