Articles in this section

How to prevent filesystem browsing with php shell scripts?

Leo Mastropierro
Updated
kb: how-to Plesk for Linux ABT: Group A

Applicable to:

  • Plesk for Linux

Question

PHP shell script was uploaded under the home directory of subscription.

How to prevent filesystem browsing with php shell scripts?

Answer

It's possible to disable shell_exec and other functions in PHP by using the disable_functions directive:

Warning: Applications may rely on these functions and may not work properly when restrictions are applied.

For Plesk Onyx 17.8 and newer

  1. Login to Plesk

  2. Navigate to Domains > example.com > PHP Settings

  3. Set the following value to the disable_functions:

    CONFIG_TEXT: opcache_get_status,exec,passthru,shell_exec,system,proc_open,popen

    Note: To set the restriction to multiple domains at once, this value can be specified in Service Plans > <service_plan> > PHP Settings > disable_functions, or apply it globally for a PHP handler as specified in this article.

For Plesk Onyx 17.5 and older

  1. Login to Plesk

  2. Navigate to Domains > example.com > PHP Settings

  3. Add the following line under Additional configuration directives and apply the changes:

    CONFIG_TEXT: disable_functions=opcache_get_status,exec,passthru,shell_exec,system,proc_open,popen

Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.