PHP 8 and exec disabled leads to Fatal Error

Same error for me, the error has changed but seems exec is still trying to execute at some point.

PHP Fatal error: This function has been disabled for security reasons in /wp-content/plugins/webp-express/vendor/rosell-dk/exec-with-fallback/src/ExecWithFallback.php on line 60

@javierdemuga, @javiercabezas: Is there a stack trace? That would be really helpful

A-ha.
It fails in ExecWithFallback.php, line 60.
This means ExecWithFallback::runExec() was run.
It is only called from ExecWithFallback::exec().
However, that method checks function_exists() before calling runExec.
So function_exists('exec') *must* be returning true on your systems, even though exec is disabled.

This contradicts the test I asked @javierdemuga to perform. Could it be that you mistakenly ran that test on PHP 7 ?

If I am right about function_exists('exec') returning true on your systems, I guess the solution is to also check ini_get('disable_functions') before calling exec().

Which platforms are you on, I wonder?

To find out, run:

<?php
echo php_info();

Anyway, I’m assuming that I’m right about function_exists('exec') returning true on your systems, and I have implemented a check for ini_get(‘disable_functions’) in the library that does the exec. I will soon have a development version ready for you to test

I think it is fixed now. But I would like to be sure before I push out a new release. Can you please test it, by downloading the latest development version?

To install the development version:
1) Go to https://www.ads-software.com/plugins/webp-express/advanced/
2) Find the place where it says “Please select a specific version to download”
3) Click “Download”
4) Browse to /wp-admin/plugin-install.php (ie by going to the the Plugins page and clicking “Add new” button in the top)
5) Click “Upload plugin” (button found in the top)
6) The rest is easy

@javierdemuga, @javiercabezas

• This reply was modified 2 years, 11 months ago by rosell.dk.

@roselldk,

Problem continues with the latest development version, now the error is in line 111

When seeking help with this issue, you may be asked for some of the following information:
WordPress version 5.8.2
Current theme: Salient Child Theme (version 1.0)
Current plugin: WebP Express (version 0.25.0)
PHP version 8.0.13

Error Details
=============
An error of type E_ERROR was caused in line 111 of the file /wp-content/plugins/webp-express/vendor/rosell-dk/exec-with-fallback/src/ExecWithFallback.php. Error message: This function has been disabled for security reasons

`PHP Environment PHP version, important PHP extensions.
PHP version = PHP
8.0.13

Checking for OpenSSL support OK
Checking OpenSSL version OpenSSL 1.1.0l 10 Sep 2019 (0x101000cf)
Checking for cURL support 7.52.1 (0x73401)
cURL Features Code 0x3fc79d
cURL Host x86_64-pc-linux-gnu
cURL Support Protocols dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, ldaps, pop3, pop3s, rtmp, rtsp, scp, sftp, smb, smbs, smtp, smtps, telnet, tftp
cURL SSL Version OpenSSL/1.0.2u
cURL libz Version 1.2.8

The library is tested in a wide range of configurations (Linux, Windows, Mac – PHP 7.0, 7.1, 7.2, 7.3, 7.4, 8.0, 8.1):
https://github.com/rosell-dk/exec-with-fallback/actions/runs/1553812091

I also created a test especially for PHP 8.0.13:
https://github.com/rosell-dk/exec-with-fallback/actions/runs/1557605755

All tests are passing.

It seems there is something very special going on your server.
I’m working behind blinds.

Could you per chance grant me ftp access or WordPress admin access to your server?
If yes: THANKS! – and you can email me credentials to [email protected]. I use protonmail, which is a secure email. Otherwise: can you please tell me which provider you are using. Perhaps I can get an account there.

Regards, and thank you for your patience!

• This reply was modified 2 years, 11 months ago by rosell.dk.
• This reply was modified 2 years, 11 months ago by rosell.dk.
• This reply was modified 2 years, 11 months ago by rosell.dk.
• This reply was modified 2 years, 11 months ago by rosell.dk.
• This reply was modified 2 years, 11 months ago by rosell.dk.

Hi @roselldk in my case the provider is CDMON https://www.cdmon.com/en/ it is quite big in Spain, I will ask their support how did they disabled the exec function. I was told at some point that they recompiled PHP without exec functions, maybe that is the problem.

My provider is also CDMON.

So, it might be the case that there is absolutely nothing wrong with the plugin.

Do yo still think it′s a good idea to take a look with ftp? I can give you access if needed.

@javiercabezas: Yes please! ?? I guess it is a rare problem, but others might experience it too, so I would like to solve it. With FTP, I can run some PHP tests and see if I can find a way to avoid the problem.

@roselldk I think i found what is the problem and opened a case for them to solve it.

From phpinfo() i could check that in PHP 7.4 they use parameter
disable_functions system, exec, passthru, popen, proc_open, shell_exec, dl, set_time_limit, syslog

But in PHP 8.0 they disabled functions (i don’t know how) but disable_functions parameter is empty.

Hope they fix the config soon.

@javierdemuga: Yes, it looks like a misconfiguration that disable_functions is empty although some methods are actually disabled.

From the phpinfo(), I can also see that the use an old tool called “phpfarm” for running multiple versions of PHP on the same server. The tool seems to be abandoned.

I have not found a way to detect that exec() isn’t working. function_exists(‘exec’) returns true. Reading ini_get(‘disable_functions’) returns empty string. is_callable(‘exec’) returns true. And worst of all: running exec() results in a FATAL error. As it is fatal, there is no way to catch it.

I’m going to implement a workaround so you can define a constant or set up an environment variable which will turn off attempts to run exec().

I have implemented the workaround.

To disable exec, put the following line in your wp-config.php:
define('EXEC_WITH_FALLBACK_DISABLE_ALL', true);

It is not released as a real release yet, but it is in the development version that you can download here: https://www.ads-software.com/plugins/webp-express/advanced/

You will also have to move the working converter to the top (I should be able to fix that in the real release)

@javierdemuga @javiercabezas

• This reply was modified 2 years, 11 months ago by rosell.dk.
• This reply was modified 2 years, 11 months ago by rosell.dk.

Thank you for your efforts @roselldk that is amazing support from your side.

The hosting finally changed the configuration of PHP 8 and now everything is working wonderfully, the workaround is nice to solve other wrong hosting configurations.

Best