Opened 3 years ago
Closed 15 months ago
#54780 closed defect (bug) (invalid)
Site Health Info => Returns a fatal error in php 8.0
Reported by: | alfredo49 | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 5.8.3 |
Component: | Site Health | Keywords: | needs-patch php80 |
Focuses: | administration | Cc: |
Description
Hi:
When i click in info tab inside Site Health screen, fatal error is returned in php 8.0
Fatal error: This function has been disabled for security reasons in /usr/home/xxx/web/wp-admin/includes/class-wp-debug-data.php on line 663
When i roll back to php 7.4, works fine
Attachments (2)
Change History (13)
#2
@
3 years ago
hi!
I try with default wordpress theme and all the plugins deactivate and Fatal error persists.
It happen to me in different wordpress pages.
My php versión is PHP 8.0.13
#4
@
3 years ago
- Keywords php8 added
@alfredo49 This sounds like your webhost is doing something non-standard with the php.ini
configuration.
There is nothing which can be done until we know the name of the function which the host has disabled.
Could you check in your hosting admin panel what the value if for the disable_functions
ini parameter in the php.ini
applicable to your hosting account ?
You may also be able to see this by (temporarily) uploading a file with the following contents to your hosting account:
<?php phpinfo();
Please do make sure you remove that file from your server again as soon as you finished checking.
#5
@
3 years ago
Hi!
No disable_functions in php.ini
disable_functions no value no value
Line 663 of class-wp-debug-data.php is:
$gs = exec( 'gs --version' );
#6
@
3 years ago
@alfredo49 That's weird. I'd recommend contacting your hosting company as they appear to be doing something iffy in that case.
#7
@
3 years ago
Hi @jrf
They confirm me "exec" function has been disabled in the server for security reasons in php 8.
Thxs!
#8
follow-up:
↓ 9
@
3 years ago
That's strange. There's a function_exists( 'exec' )
condition to prevent line 663 being hit if exec
has been disabled. However, a quick google search suggests that on some hosts, a disabled function can return true
for function_exists()
, yet cannot be called.
@alfredo49 as a test, can you try adding the following to a file and let us know what the output is?
<?php echo function_exists( 'exec' ) ? 'Function exists.<br>' : 'Function does not exist.<br>'; echo is_callable( 'exec' ) ? 'Function is callable.' : 'Function is not callable.';
#9
in reply to:
↑ 8
@
3 years ago
Replying to costdev:
That's strange. There's a
function_exists( 'exec' )
condition to prevent line 663 being hit ifexec
has been disabled. However, a quick google search suggests that on some hosts, a disabled function can returntrue
forfunction_exists()
, yet cannot be called.
Related: comment:116:ticket:51857:
Per the comments in the PHP manual,
function_exists()
should returnfalse
for functions disabled viadisable_functions
setting.
As also noted in comment:3:ticket:42085, it is possible for the
function_exists()
check to returntrue
if Suhosin is in use. However, that would be an edge case, as Suhosin was only officially available for PHP 5.4 to 5.6, and its development was discontinued in 2015.
It's also worth noting that as of PHP 8, disabled functions can be redeclared. Unless the function is redeclared,
function_exists()
still returnsfalse
.
It looks like most of the instances in core where we need to check for a function that might be disabled just use a simple
function_exists()
check
#11
@
15 months ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
As previously noted by @costdev and @SergeyBiryukov, the code is guarded by function_exists()
and thus should be protected against running exec()
when the hosting company disables it.
What about the edge case where function_exists()
might return true
. As @SergeyBiryukov noted:
As also noted in comment:3:ticket:42085, it is possible for the
function_exists(
) check to returntrue
if Suhosin is in use. However, that would be an edge case, as Suhosin was only officially available for PHP 5.4 to 5.6, and its development was discontinued in 2015.
Core bumped the minimum PHP version to 7.0 during 6.3. Suhosin is for PHP 5, not 7.0.
I think this ticket can be closed. It seems the issue is likely due to something other than Core. Given the age of this ticket and no other reports of the same issue, I'll go ahead and close it.
If however the issue persists today, @alfredo49 please reopen this ticket and share any additional information including some of the tips asked previously. Any information you can provide is helpful for contributors to continue investigating.
Hello,
Thank you for reporting.
I unfortunately do not reproduce on PHP 8.0.14.
Do you reproduce with a built-in theme and non plugins?