PHP_uname() Error message

[Retrocustom]

Hi,

I'm having an issue with Joomla and PHP_uname() as this is disabled on my hosting server.

The problem stems from issues I have installing components in Joomla and also uploading .zip files. When I try to install a component or upload a .zip I get the following error:

php_uname() has been disabled for security reasons in includes/pcl/pclzip.lib.php on line 4964

However, upon further investigation, this seems to be a common problem and the solution is for me to move to an unsecure server. I opened a ticket and spoke to Tech Support who listed all the PHP functions which are disabled on my hosting server and PHP_uname is listed on there.

I know that Joomla has its fair share of security issues, but I was wondering if anyone can tell me what the risks are in moving to an unsecure server. Does it leave me more open to attack?

I have searched this forum and a few people have had the same issue and have moved to an insecure server to solve the problem. I have also tried to find a workaround where I can just disable php_uname or replace it with something else with little success. If I can't find any workaround then I will have to migrate to an unsecure server.

Would moving to an unsecure server compromise the SSL certificate and/or leave me more vulnerable as I have an online shopping cart? or is the SSL completely unrelated?

Any information would be greatly appreciated.

Thanks

Larry

[stevem]

If you're prepared to edit some PHP files there is a workaround.

1. This comes from Tyrael on another site:

Quote:

I had the similar problem with mediawiki, I had to edit my files and add a few lines, where the script checks the critical functions (posix_uname, php_uname, dl, exec) presents in the suhosin blacklist, and if they do, then not let the functions run, because thats kills the mediawiki script.

So I suggest you, to do the same.
Find the lines, where your script invoke this functions, and edit this lines.
The php_uname is not really important functions, so if you comment it out, your script will working correctly, imho.

2. The files which use PHP_uname are listed here - just find php_uname and click on it and you get

• /administrator/includes/pcl/pclzip.lib.php -> line 4964
• /modules/mod_stats.php -> line 26
• /administrator/components/com_admin/admin.admin.html.php -> line 111

WARNING: Although I have some experience with PHP I have no idea about the security aspects of Joomla. For that you need to seek the guidance of eUKHost.

[aliyassa]

The error_reporting() function sets the error_reporting directive at runtime. PHP has many levels of errors, using this function sets that level for the duration (runtime) of your script.