This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

Hosting Requirements /

What you need to consider when choosing a hosting provider and plan.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Escapeshellarg() disabled due to security - why is it used?

2574 Views

wedwo

Community Member, 7 Posts

21 January 2010 at 6:11pm

Something I came across after installing SS on 000webhost.com - they don't support the escapeshellarg() function among others 'for security reasons' - but support it if you pay them :)

I noticed this function is used in relation to a geo lookup or something when adding a user in the security section of the admin module / user profile. I imagine it's used to identify the user's location or something like that.

What I want to know is - why is it even used, I don't see any maps on the add user profile at all, I can only guess that it automatically assumes your country when that data is not entered into your profile. It does prevent one from adding a user in the admin module however and is a real issue when hosting on many free providers.

How difficult is it to disable it's use?

Return to top