How to prevent filesystem browsing with php shell scripts?

Refers to:

  • Plesk 12.5 for Linux
  • Plesk 10.4 for Linux
  • Plesk 11.0 for Linux
  • Plesk 11.5 for Linux
  • Plesk 12.0 for Linux

Created:

2016-11-16 13:01:46 UTC

Modified:

2016-12-21 19:47:16 UTC

0

Was this article helpful?


Have more questions?

Submit a request

How to prevent filesystem browsing with php shell scripts?

Question

PHP shell script was uploaded under home directory of subscription.

How to prevent filesystem browsing with php shell scripts?

Resolution

You can disable shell_exec and other functions in PHP by using the disable_functions directive:

  1. Login to Plesk and check PHP settings:

    Plesk > Domains > Example.com > Website Scripting and Security > PHP settings
  2. Add the following line under Additional configuration directives

    disable_functions =exec,shell_exec,proc_open,popen,curl_exec,show_source
  3. Also correct disable_functions in server php.ini file /etc/php.ini .

    Check PHP documentation if you need more disabled functions.

Have more questions? Submit a request
Please sign in to leave a comment.