Joomla, popen() and security.

quill1959 · #1 (**permalink**) 24-10-11, 01:06 PM

I would like to use a component and plugin called PDF Indexer v3.3 to index the PDFs on my Joomla site and make them available to the search function.

Unfortunatley it dos not work because popen() is one of the disabled functions in php.ini.

This function is needed to open the pdf files from within the Joomla admin console so that they can be indexed. I have read various articles about the security risks using popen(), but these all appear to relate to it's use with information filled in by users on web forms and the ability to trick the command to do something nasty. As popen() won't be interfaced with the public, I don't think this will be a problem, but not being even an intermediate user, I could be wrong.

So, is it possible to have popen() removed from the discabled_functions list?

Regards,
Simon.

**Ross** · #2 (**permalink**) 24-10-11, 01:26 PM

Quote:

Originally Posted by quill1959

I would like to use a component and plugin called PDF Indexer v3.3 to index the PDFs on my Joomla site and make them available to the search function.

Unfortunatley it dos not work because popen() is one of the disabled functions in php.ini.

This function is needed to open the pdf files from within the Joomla admin console so that they can be indexed. I have read various articles about the security risks using popen(), but these all appear to relate to it's use with information filled in by users on web forms and the ability to trick the command to do something nasty. As popen() won't be interfaced with the public, I don't think this will be a problem, but not being even an intermediate user, I could be wrong.

So, is it possible to have popen() removed from the discabled_functions list?

Regards,
Simon.

Allow me some time to check this. I will post a update shortly.

**Ross** · #3 (**permalink**) 24-10-11, 01:36 PM

Hello Simon,

Please check the Ticket: USB-781-75121. You can update the same ticket if you have any issues.