Announcement

Collapse
No announcement yet.

Joomla, popen() and security.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Joomla, popen() and security.

    I would like to use a component and plugin called PDF Indexer v3.3 to index the PDFs on my Joomla site and make them available to the search function.

    Unfortunatley it dos not work because popen() is one of the disabled functions in php.ini.

    This function is needed to open the pdf files from within the Joomla admin console so that they can be indexed. I have read various articles about the security risks using popen(), but these all appear to relate to it's use with information filled in by users on web forms and the ability to trick the command to do something nasty. As popen() won't be interfaced with the public, I don't think this will be a problem, but not being even an intermediate user, I could be wrong.

    So, is it possible to have popen() removed from the discabled_functions list?

    Regards,
    Simon.

  • #2
    Originally posted by quill1959 View Post
    I would like to use a component and plugin called PDF Indexer v3.3 to index the PDFs on my Joomla site and make them available to the search function.

    Unfortunatley it dos not work because popen() is one of the disabled functions in php.ini.

    This function is needed to open the pdf files from within the Joomla admin console so that they can be indexed. I have read various articles about the security risks using popen(), but these all appear to relate to it's use with information filled in by users on web forms and the ability to trick the command to do something nasty. As popen() won't be interfaced with the public, I don't think this will be a problem, but not being even an intermediate user, I could be wrong.

    So, is it possible to have popen() removed from the discabled_functions list?

    Regards,
    Simon.
    Allow me some time to check this. I will post a update shortly.
    Webhosting UK :: Reseller Hosting | Fully Managed Dedicated Server | Webhosting UK Affiliate

    Follow us on social networks Facebook, Twitter and LinkedIn

    Comment


    • #3
      Hello Simon,

      Please check the Ticket: USB-781-75121. You can update the same ticket if you have any issues.
      Webhosting UK :: Reseller Hosting | Fully Managed Dedicated Server | Webhosting UK Affiliate

      Follow us on social networks Facebook, Twitter and LinkedIn

      Comment

      Working...
      X