[TYPO3-install] Calling exec() function even if im and exec disabled in config
Benoît Terradillos
benoit at terradillos.ch
Wed Aug 29 19:44:01 CEST 2007
Hello,
I'm installing typo3 (v4.1.2) on a server where the exec() function call
has been disabled due to security issues.
when displaying the "Install => 1. Basic configuration" page, I get lots
of php warning stating that:
Warning: exec() has been disabled for security reasons in
./typo3/sysext/install/mod/class.tx_install.php on line 1927
so I disabled calls to exec() function and imageMagick in "All
Configuration" page:
[BE][disable_exec_function] = 0
[GFX][im] = 0
my problem (more a frustration than a problem in fact ;-) ) is that even
if I think the warnings should disappear then, they don't!
in fact, according to the [disable_exec_function] option comments:
Boolean. Don't use exec() function (except for ImageMagick which is
disabled by [GFX][im]=0) (...)
the exec() function should not be used if [GFX][im] is set to 0.
looking at the code (file "typo3/sysext/install/mod/
class.tx_install.php", lines 413 and 430) I can see that the checkIM is
set to true in all circumstances ($this->checkIM=1)! So a call to exec()
is done anyway, which seems to me not to be quite satisfactory.
I suggest this change in the code:
instead of $this->checkIM=1:
$this->checkIM=$GLOBALS['TYPO3_CONF_VARS']['GFX']['im'];
So the IM check will be done only if IM is enabled (because this check
doesn't really seem to be useful if im is disabled).
thanks to tell me if this suggestion is logical and sensed. If so could
you tell me who I must contact?
Best Regards,
Benoît Terradillos (CH)
Benoît Terradillos
______________________________________________________________________
Avenue du Carroz 1
CH-1110 Morges
026 465 28 72
benoit at terradillos.ch
Skype: benoit.terradillos
More information about the TYPO3-install
mailing list