Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We're retiring the forums!

The SilverStripe forums have passed their heyday. They'll stick around, but will be read only. We'd encourage you to get involved in the community via the following channels instead:

Hosting Requirements /

What you need to consider when choosing a hosting provider and plan.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Escapeshellarg() disabled due to security - why is it used?


Go to End


1949 Views

Avatar
wedwo

Community Member, 7 Posts

21 January 2010 at 6:11pm

Something I came across after installing SS on 000webhost.com - they don't support the escapeshellarg() function among others 'for security reasons' - but support it if you pay them :)

I noticed this function is used in relation to a geo lookup or something when adding a user in the security section of the admin module / user profile. I imagine it's used to identify the user's location or something like that.

What I want to know is - why is it even used, I don't see any maps on the add user profile at all, I can only guess that it automatically assumes your country when that data is not entered into your profile. It does prevent one from adding a user in the admin module however and is a real issue when hosting on many free providers.

How difficult is it to disable it's use?