Hi all,
For security reason I've disabled exec() function in my php.ini but some customers using ImageMagick are complaining. Ok, I can tell them to use GD2 but what to say to user using RS2PDF or other functions ?
I'm searching something to avoid this problem, having a secure PHP but allowing user to exec some commands (mysqldump, rs2pdf, imagemagick). I've found a patch for PHP that would solve my problem :
http://kyberdigi.cz/projects/execdir/english.html
It add "exec_dir" directive in php.ini which is similar to safe_mode_exec_dir execept that safe_mode can be off. With this I can create a dir where I put all the command that I want to allow to my users..
Have you other solutions ? Scott, what do you think about that ?
Regards,
Kilgore