Core:archive command: php_uname() has been disabled for security reasons


#1

Hi,

Since upgrading to the 2.8 piwik series, I’ve been getting cron emails when it runs the archive function. The full message is:


PHP Warning:  php_uname() has been disabled for security reasons in /var/www/html/piwik/vendor/symfony/console/Symfony/Component/Console/Output/ConsoleOutput.php on line 111.

I do have php_uname disabled ( from /etc/php.ini: disable_functions = “[…], php_uname, […]” ) so I understand why the warning is displayed.

On inspecting the Symfony ConsoleOutput.php class, the method in question is :


protected function hasStdoutSupport()
{
        return ('OS400' != php_uname('s'));
}

Since I’m not on OS400, I’ve just patched it to always return true. This works without a problem. However, I need to keep patching when I upgrade piwik.

The alternative for me would be to remove php_uname from the disable_functions list. However, I’d rather not do that unless I was experiencing a fatal error.

The issue is present in current Symfony github, so probably not anything that piwik can do to fix it; I assume that it only surfaced about recently with a change in piwik to use the Console\Output\OutputInterface class.

This is not a high priority issue, but thought I’d pass it on in case anyone else experiences the same.

Andy


(Matthieu Aubry) #2

Hi there, sure, can you please create an issue on Issues · matomo-org/piwik · GitHub ? thanks