PHP 8 and exec disabled leads to Fatal Error

Oh my! This error should of course be caught. The code currently only catches if an \Exception is thrown. However, PHP 7 and 8 will throw \Error. It is easily fixed. Thanks for reporting!

It is btw only on the settings page that errors aren’t caught (all converters are tested in order to display if they work or not) – but that is bad enough!

• This reply was modified 3 years ago by rosell.dk.

Just to let you know, it is still happening on the last version 0.24.1

/options-general.php?page=webp_express_settings_page
Critical Error

Bummer… And thanks!

I have been trying to replicate, but can’t.
– I’m running PHP 8.0
– I disabled the exec() function in PHP.ini, by adding “exec” to the “disable_functions” list.

Result:
The options page shows up fine. cwebp converter shows not working. The help text says “exec() is not enabled”. In other words: All is fine.

Can you tell me which host you are using? Maybe they disabled the exec() function in some strange way. My plugin tests if the exec function is available using “function_exists(‘exec’)”, so it seems that on your host, function_exists(‘exec’) will result in true, even though it is disabled! Can you test the following script for me on your host? (create a file “test.php” with the following content, point your browser to the test script and then copy the result here)

<?php

if (function_exists('ini_get')) {
  $disabled = ini_get('disable_functions');
  echo '<p>disabled functions: ' . print_r($disabled, true) . '</p>';
} else {
  echo '<p>ini_get not available</p>';
}
if (function_exists('exec')) {
  echo 'exec() function exists';
  try {
    exec('echo hi');
    echo '<br>exec() function was called successfully';
  }
  catch (\Throwable $e) {
    echo 'Error was catched:' . $e->getMessage();
  }
  catch (\Exception $e) {
    echo 'Exception was catched:' . $e->getMessage();
  }
} else {
  echo 'exec() function does not exist';
}
exit;

• This reply was modified 2 years, 12 months ago by rosell.dk.
• This reply was modified 2 years, 12 months ago by rosell.dk.

@javierdemuga: Did you see my message?

I have fixed another bug and would like to push an update soon.

Hi @roselldk

Result is:

disabled functions: system, exec, passthru, popen, proc_open, shell_exec, dl, set_time_limit, syslog

exec() function does not exist

PHP Fatal error: This function has been disabled for security reasons in /usr/home/ceroresiduo.com/web/wp-content/plugins/webp-express/vendor/rosell-dk/webp-convert/src/Convert/Converters/Cwebp.php on line 577

My hosting told me that they only allow to execute through composer
proc_open (exec) and that they compiled php that way but I am not really sure what do they mean

The fatal error says that it was triggered in Cwebp.php on line 577. Did you include that file in your test php or what is going on?

I bet that this little script will also trigger the fatal error?

<?php
echo 'hi';

• This reply was modified 2 years, 12 months ago by rosell.dk.
• This reply was modified 2 years, 12 months ago by rosell.dk.

Ah no sorry i was just adding again the php error happening at the settings page, the test was only that part:

disabled functions: system, exec, passthru, popen, proc_open, shell_exec, dl, set_time_limit, syslog

exec() function does not exist

Sorry for the misunderstanding

Ah, ok ??
Then it should be possible to avoid the error. I’m quite surprised that you get the error on the settings page, though. But I will see if I can track down what is happening. I could of course simply test for the exec() function right before that line that fails.

Interesting that your host allows proc_open(), but not exec(). If that is what they mean. I don’t get the part about composer either. But we can quickly test if proc_open() works on your setup:

<?php
if (function_exists('proc_open')) {
  echo 'proc_open() function exists<br>';
  $proc = proc_open('echo', array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')), $pipes);
  if (is_resource($proc)) {
    echo 'proc_open seems to work';
  } else {
    echo 'proc_open does not work';
  }
  proc_close($proc);
} else {
  echo 'proc_open() function does not exist';
}
exit;

• This reply was modified 2 years, 12 months ago by rosell.dk.

proc_open also disabled

Result from the code:
proc_open() function does not exist

A shame. Because I just wrote a library for easily falling back to proc_open() and other functions, when exec() is unavailable. I plan to integrate this new library into webp-convert in order to have the exec() based converters (ie cwebp) work on more systems.

• This reply was modified 2 years, 11 months ago by rosell.dk.
• This reply was modified 2 years, 11 months ago by rosell.dk.
• This reply was modified 2 years, 11 months ago by rosell.dk.

Actually i have just talked with hosting support and it seems GD extension is installed and active.

When i use PHP 7.4 everything works smooth, also with exec and proc_open disabled using GD extension but when i switch to PHP 8.0 the images are not generated and the fatal error persists at the settings page so i cannot check if GD is working (that should!)

Hi @roselldk digging in the code i can see that function detectVersion($binary) calls directly exec without controlling if function_exists exec.

From the code I see i could disable try-cwebp option and maybe that could help avoid that Fatal error in PHP8, from what I see with PHP8 it will always return Fatal Error with default configuration if exec function is disabled.

Could you give some guide on how to disable try-cwebp option? The configuration with GD works wonderfully in PHP 7.4 but on PHP 8 disabled functions are giving Fatal Error and every attempt to modify images to webp are giving fatal error, not only settings page (although i have GD option selected, i can see that on PHP7.4)

@javierdemuga: Perhaps it works now. I have implemented the exec() fallback thingie. Although I cannot point to any specific change, that fixes the bug, one of the changes might have, as I mingled with all the exec-stuff. It is released as 0.25.0.

If it doesn’t work, I will deep dive once again. But it is strange. I put in a debugging message, using error_log() where it fails for you. But I don’t get anything in the log when I disable exec(). In the AbstractConverter class, the “doConvertImplementation” method calls checkOperationality() before calling convert. In other words: If operationality check fails, the doActualConvert() method in Cwebp.php will not be called. And doActualConvert() is the only method that calls detectVersion(). The operationality check is done in ExecTrait.php, line 101 (checkOperationalityExecTrait()). It used to be function_exists(‘exec’), but it has just been changed to “ExecWithFallback::anyAvailable()”

• This reply was modified 2 years, 11 months ago by rosell.dk.
• This reply was modified 2 years, 11 months ago by rosell.dk.

Hi @roselldk, I received an error similar to the one pointed by @javierdemuga

I just updated today to the latest version, but still happens when I try to access the settings page.

WordPress version 5.8.2
Current theme: Salient Child Theme (version 1.0)
Current plugin: WebP Express (version 0.25.0)
PHP version 8.0.13

Error Details
=============
An error of type E_ERROR was caused in line 60 of the file /wp-content/plugins/webp-express/vendor/rosell-dk/exec-with-fallback/src/ExecWithFallback.php. Error message: This function has been disabled for security reasons