New strange error - "escapeshellcmd() has been disabled for security reasons"

3 posts by 3 authors in: Forums > CMS Builder
Last Post: May 25, 2021   (RSS)

By Codee - May 15, 2021

Just received CMSB notification with this error:

"E_WARNING: escapeshellcmd() has been disabled for security reasons
/home/xxxxxxxxxxx/public_html/cmsbadmin/3rdParty/SwiftMailer5/classes/Swift/Transport/MailTransport.php (line 260)"

This came in at the same time a legitimate order processed on the website.  Interactive Tools: can you coach me to understanding on this one?

Thank you in advance.

By Dave - May 25, 2021

Hi guys, 

Web hosts can arbitrarily disable any PHP functions they want with the PHP disable_functions directive in a system php.ini file:

This is often an issue with low-cost hosts.  Check the price of the hosting package and see if they have alternatives that aren't limited.  It can also be an issue on cloud hosting.  We try to "work-around" a lot of these issues, but if your host disables too much of PHP's functionality it's just not possible to do certain things.

There are often many instances where being able to call linux commands or binaries is very useful to extend the functionality of the web software in ways that you can't with pure PHP.    SMTP for example is more secure in the sense that you can connect with pure PHP, but be able to securely send mail through the servers built-in mail server by calling the sendmail binary or equivalent is magnitudes faster which can be important if you've got a lot of mail to send.  And, in fact, this is exactly what the default PHP mail() function does.   

And regarding versions, SwiftMailer is due for an upgrade, but there was a compatibility issue last time we checked.  We tend to favour security fixes, stability of the release, and new functionality (in that order).  

Hope that helps, let me know any questions or anything else we can do to assist.

Dave Edis - Senior Developer