| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | User manuals | Login |
PHP Settings & Secure Server for XC5 | |||
|
|
Thread Tools | Search this Thread |
#1
|
|||||||
|
|||||||
PHP Settings & Secure Server for XC5
Can the X-Cart Dev Team and/or X-Cart Support Team please confirm that by following this (Non-X-Cart) server user's group technical recommendation, XC5 will still run like normal i.e. 100% unaffected. We think the answer is yes, but regardless of the current status of our own setup, confirmation from a team with a much better XC5 product knowledge than us, will help other XC5 store owners too when they read this thread
Quote:
__________________
Dev Store & Live Store XC Business 5.4.1.35 Server; Ubuntu 22.04.2 LTS (HWE 6.2.0.26.26 Kernel)) / Plesk Obsidian Nginx 1.20.4 / Apache 2.4.52 (Ubuntu Backported) / MariaDB 10.11.4 / PHP 7.4.33 |
|||||||
|
#2
|
|||||||||
|
|||||||||
Re: PHP Settings & Secure Server for XC5
At least exec() is in the list of functions that should not be disabled on the server.
You can find the full list in \Includes\Requirements::getRequiredFunctions(). I'm not sure about the other functions. I see that some of them are not listed as required, but are called in source files (for example, popen() is used by PHPMailer library). Perhaps, it is because PHPMailer is an optional feature, so X-Cart technically can work without it.
__________________
Alex Solovev, Qualiteam --- User manual Video tutorials X-Cart FAQ You are welcome to press "Thanks" button if you find this post useful Click here to learn how to apply patches X-Cart Extensions |
|||||||||
|
#3
|
|||||||
|
|||||||
Re: PHP Settings & Secure Server for XC5
Quote:
Code:
__________________
Dev Store & Live Store XC Business 5.4.1.35 Server; Ubuntu 22.04.2 LTS (HWE 6.2.0.26.26 Kernel)) / Plesk Obsidian Nginx 1.20.4 / Apache 2.4.52 (Ubuntu Backported) / MariaDB 10.11.4 / PHP 7.4.33 |
|||||||
#4
|
|||||||
|
|||||||
Re: PHP Settings & Secure Server for XC5
The feedback relates to server admin, but specifically when dealing with shared space and/or VPS customers etc. Allowing free, uncontrolled access to all of the PHP functions shown in our first post may give rise to vulnerability, especially exec() or shell_exec() in PHP, where it can be easy to create a symlink and thus unchecked FollowSymLinks availability can arise.... No problem for us, as we're not involved with any shared space / VPS etc but others might be.
__________________
Dev Store & Live Store XC Business 5.4.1.35 Server; Ubuntu 22.04.2 LTS (HWE 6.2.0.26.26 Kernel)) / Plesk Obsidian Nginx 1.20.4 / Apache 2.4.52 (Ubuntu Backported) / MariaDB 10.11.4 / PHP 7.4.33 |
|||||||
#5
|
|||||||||
|
|||||||||
Re: PHP Settings & Secure Server for XC5
I just had this in admin on a client's site
Quote:
and the description for missing functions is Quote:
Latest 5.3.4.4 - so this is a bug? All ok but for some reason XC lists this error message? If not where is the list of disabled function(s) in here?
__________________
Steve Stoyanov CFLSystems.com Web Development |
|||||||||
#6
|
|||||||
|
|||||||
Re: PHP Settings & Secure Server for XC5
Never, ever seen that message ourselves. Interesting! The (lack of) information which is then provided :missedFunctions etc isn't very helpful XC?
__________________
Dev Store & Live Store XC Business 5.4.1.35 Server; Ubuntu 22.04.2 LTS (HWE 6.2.0.26.26 Kernel)) / Plesk Obsidian Nginx 1.20.4 / Apache 2.4.52 (Ubuntu Backported) / MariaDB 10.11.4 / PHP 7.4.33 |
|||||||
|
|||
X-Cart forums © 2001-2020
|