Is there any function in PHP that I can use to detect whether or not the exec function is available?
Asked
Active
Viewed 2.6k times
5 Answers
46
<?php
function exec_enabled() {
$disabled = explode(',', ini_get('disable_functions'));
return !in_array('exec', $disabled);
}
?>
EDIT: Fixed the explode as per Ziagl's comment.
Brent
- 23,354
- 10
- 44
- 49
-
1
-
1that's why the function is called exec_enabled, it's just not exactly what he asked for. – Brent Jan 13 '11 at 20:48
-
3this might work or it might not - unfortunately, in my case, I found that `ini_get()` was in the list of disabled functions along with `exec` and other file-system functions; a likely scenario, given that hosting providers might be concerned about exposing information in the INI file. – mindplay.dk Oct 23 '13 at 12:49
-
2works for me, but only with explode(',' ... instead of explode(', ' ...there are no blanks in ini_get string – Ziagl Dec 02 '13 at 10:19
-
I had to post process the return of explode with trim to strip off blanks. – Scott C Wilson Oct 04 '17 at 13:23
14
The following function is more robust. It deals with the disabled_functions value having 0 or more spaces between function names, checks the suhosin patch's blacklist setting, covers safe_mode, and stores the answer for future reference.
function is_exec_available() {
static $available;
if (!isset($available)) {
$available = true;
if (ini_get('safe_mode')) {
$available = false;
} else {
$d = ini_get('disable_functions');
$s = ini_get('suhosin.executor.func.blacklist');
if ("$d$s") {
$array = preg_split('/,\s*/', "$d,$s");
if (in_array('exec', $array)) {
$available = false;
}
}
}
}
return $available;
}
Community
- 1
- 1
Daniel Convissor
- 323
- 2
- 12
-
For the record, the edit adding the suhosin blacklist check was by me. After submitting it, I realized my authentication session was somehow out of whack. Alas. – Daniel Convissor Oct 20 '12 at 00:32
2
You can search the ini setting disable_functions for the exec() function.
if( false !== strpos(ini_get("disable_functions"), "exec") ) {
// exec() is disabled
Just for completeness, note that PHP Safe Mode puts some restrictions on the function too.
svens
- 11,438
- 6
- 36
- 55
-
-
8This will return the wrong answer if a function like `shell_exec` has been placed in `disable_functions` but `exec` has not. Best to use explode or regex to make sure it matches a complete function name. – webbiedave Oct 14 '10 at 22:54
1
You also need to check whether safe_mode is active as exec is unavailable if safe_mode is on
function is_exec_available() {
// Are we in Safe Mode
if ( $safe_mode = ini_get( 'safe_mode' ) && strtolower( $safe_mode ) != 'off' )
return false;
// Is shell_exec disabled?
if ( in_array( 'exec', array_map( 'trim', explode( ',', ini_get( 'disable_functions' ) ) ) ) )
return false;
return true;
}
Tom Willmot
- 85
- 5
0
A one-line compilation of safe mode, function exists, and disabled exec using some of the techniques found on various SO posts.
This will check that exec is available and enabled BEFORE trying to run it. If you run exec() and the function does not exist or is disabled a warning will be generated. Depending on the server settings that may render to the browser and will almost-always write a line to a log file = performance hit.
// Exec function exists.
// Exec is not disabled.
// Safe Mode is not on.
$exec_enabled =
function_exists('exec') &&
!in_array('exec', array_map('trim',explode(', ', ini_get('disable_functions')))) &&
!(strtolower( ini_get( 'safe_mode' ) ) != 'off')
;
if ($exec_enabled) { exec('blah'); }
Lance Cleveland
- 3,098
- 1
- 33
- 36