Jump to:

559 Posts in 3589 Topics by 245 members

Hosting Requirements

SilverStripe Forums » Hosting Requirements » Escapeshellarg() disabled due to security - why is it used?

What you need to consider when choosing a hosting provider and plan.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1341 Views
  • wedwo
    Community Member
    7 Posts

    Escapeshellarg() disabled due to security - why is it used? Link to this post

    Something I came across after installing SS on 000webhost.com - they don't support the escapeshellarg() function among others 'for security reasons' - but support it if you pay them

    I noticed this function is used in relation to a geo lookup or something when adding a user in the security section of the admin module / user profile. I imagine it's used to identify the user's location or something like that.

    What I want to know is - why is it even used, I don't see any maps on the add user profile at all, I can only guess that it automatically assumes your country when that data is not entered into your profile. It does prevent one from adding a user in the admin module however and is a real issue when hosting on many free providers.

    How difficult is it to disable it's use?

Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.