EWWW Image Optimizer requires exec(). Your system administrator has disabled thi

Create a file called info.php with these contents on your server:

<?php phpinfo(); ?>

Then post the url to that file here.

https://meraneed.com/phpinfo.php

Yeah, look at this setting on that url you just posted at the very end:

suhosin.executor.func.blacklist = passthru, show_source, shell_exec,
system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate,
proc_get_status, proc_close, leak, apache_child_terminate, posix_kill,
posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd,
escapeshellarg, exec

Did you restart your webserver (apache, nginx, etc.) after you made that file change?

Yes, restarted the web service and also rebooted the server. No change.

If I remember correctly, you have to actually set ‘suhosin.executor.func.blacklist’ to something, it can’t just be blank. So you could have it be something simple like this:

suhosin.executor.func.blacklist = passthru

then restart your web service (you should never need to reboot the server unless you’ve upgraded the kernel).

Ok, I had added the passthru there and enter service httpd restart to restart service. But still not working.

According to this post: https://stackoverflow.com/questions/3335187/phpinfo-difference-between-master-and-local-value

The value in question is being set somewhere in your apache config, or in a .htaccess file in your web root.

If you look at your phpinfo.php file above, you’ll see under the suhosin settings that the value you set in your php configuration is shown on the right-hand column, whereas the value set by apache that is overriding this is on the left side.

Find where that is set, and you’ll be able to solve the problem.

I found this here

/etc/zpanel/configs/apache/http-vhost.conf

################################################################
# ZPanel generated VHOST configurations below…..
################################################################

# DOMAIN: meraneed.com
<virtualhost *:80>
ServerName meraneed.com
ServerAlias meraneed.com https://www.meraneed.com
ServerAdmin zadmin@localhost
DocumentRoot “/var/zpanel/hostdata/zadmin/public_html/meraneed_com”
php_admin_value open_basedir “/var/zpanel/hostdata/zadmin/public_html/meraneed_com:/var/zpanel/temp/”
php_admin_value suhosin.executor.func.blacklist “passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec”

Just replace php_admin_value suhosin.executor.func.blacklist “passthru”

enough?

Ok just commented the line

php_admin_value suhosin.executor.func.blacklist “passthru, show_source, shell_exec, system, pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, escapeshellcmd, escapeshellarg, exec”

and it worked ??

good deal, I think that information will help some other folks too, because I know we had one a while back that was being quite difficult to track down with suhosin.

Thanks for your great support. Love this plugin ??

This is pretty much what is happening to me. (I can’t do a thing about it because of godaddy’s shared hosting)

good work around is to do 20 images at a time. It seems the blacklist caps out at 22 images.

@vermino, if you want help, please post a new thread.

Is it safe to keep that line commented?

suhosin is obsolete, and isn’t even included in newer versions of php. If you are worried about security, I would look into upgrading your PHP version (if possible).