How to prevent filesystem browsing with php shell scripts?

Created:

2016-11-16 13:01:46 UTC

Modified:

2017-04-24 11:59:56 UTC

0

Was this article helpful?


Have more questions?

Submit a request

How to prevent filesystem browsing with php shell scripts?

Applicable to:

  • Plesk 12.5 for Linux
  • Plesk 10.4 for Linux
  • Plesk 11.0 for Linux
  • Plesk 11.5 for Linux
  • Plesk 12.0 for Linux

Question

PHP shell script was uploaded under home directory of subscription.

How to prevent filesystem browsing with php shell scripts?

Resolution

You can disable shell_exec and other functions in PHP by using the disable_functions directive:

  1. Login to Plesk and check PHP settings:

    Plesk > Domains > Example.com > Website Scripting and Security > PHP settings
  2. Add the following line under Additional configuration directives

    disable_functions =exec,shell_exec,proc_open,popen,curl_exec,show_source
  3. Also correct disable_functions in server php.ini file /etc/php.ini .

    Check PHP documentation if you need more disabled functions.

Have more questions? Submit a request
Please sign in to leave a comment.