Announcement

Collapse
No announcement yet.

PHP_uname() Error message

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • PHP_uname() Error message

    Hi,

    I'm having an issue with Joomla and PHP_uname() as this is disabled on my hosting server.

    The problem stems from issues I have installing components in Joomla and also uploading .zip files. When I try to install a component or upload a .zip I get the following error:

    php_uname() has been disabled for security reasons in includes/pcl/pclzip.lib.php on line 4964

    However, upon further investigation, this seems to be a common problem and the solution is for me to move to an unsecure server. I opened a ticket and spoke to Tech Support who listed all the PHP functions which are disabled on my hosting server and PHP_uname is listed on there.

    I know that Joomla has its fair share of security issues, but I was wondering if anyone can tell me what the risks are in moving to an unsecure server. Does it leave me more open to attack?

    I have searched this forum and a few people have had the same issue and have moved to an insecure server to solve the problem. I have also tried to find a workaround where I can just disable php_uname or replace it with something else with little success. If I can't find any workaround then I will have to migrate to an unsecure server.

    Would moving to an unsecure server compromise the SSL certificate and/or leave me more vulnerable as I have an online shopping cart? or is the SSL completely unrelated?

    Any information would be greatly appreciated.

    Thanks

    Larry

  • #2
    If you're prepared to edit some PHP files there is a workaround.

    1. This comes from Tyrael on another site:
    I had the similar problem with mediawiki, I had to edit my files and add a few lines, where the script checks the critical functions (posix_uname, php_uname, dl, exec) presents in the suhosin blacklist, and if they do, then not let the functions run, because thats kills the mediawiki script.

    So I suggest you, to do the same.
    Find the lines, where your script invoke this functions, and edit this lines.
    The php_uname is not really important functions, so if you comment it out, your script will working correctly, imho.
    2. The files which use PHP_uname are listed here - just find php_uname and click on it and you get
    • /administrator/includes/pcl/pclzip.lib.php -> line 4964
    • /modules/mod_stats.php -> line 26
    • /administrator/components/com_admin/admin.admin.html.php -> line 111


    WARNING: Although I have some experience with PHP I have no idea about the security aspects of Joomla. For that you need to seek the guidance of eUKHost.

    Comment


    • #3
      The error_reporting() function sets the error_reporting directive at runtime. PHP has many levels of errors, using this function sets that level for the duration (runtime) of your script.
      Last edited by Ben Stones; 06-08-2008, 07:37. Reason: spam links

      Comment

      Working...
      X