I am running an installation wizard for x-cart shopping cart software. I've gone through the pre-setup configurations and believe I should be all set, however a check that the software does before actually installing gives me the following error:<br /><br /><!--quoteo--><div class='quotetop'>QUOTE</div><div class='quotemain'><!--quotec-->Checking results <br />Critical dependencies Status <br />PHP Version (min 4.0.6 required) ... 4.4.1 - [OK]PHP Safe mode is ... Off - [OK] <br />Disabled functions list ... dl - <!--coloro:#FF0000--><span style="color:#FF0000"><!--/coloro-->[FAILED]<!--colorc--></span><!--/colorc--> <br />File uploads is ... On - [OK] <br />MySQL support is ... On - [OK] <br />Register long arrays is ... On - [OK] <br /><br />Non critical dependencies Status <br />Maximum file size for upload is ... 2M - [OK]<!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />So it appears that dl() is a disabled function, and I may have problems with using x-cart on TCH as a result. I'm wondering if anyone has come across this before, and would suggest a way I can get around this? I'm guessing that the disabling of the function cannot be over-ridden within my local files somehow?<br /><br />I found the following page in the php manual:<br /><a href="http://us2.php.net/dl" target="_blank">http://us2.php.net/dl</a><br /><br />But I'm not enough of a php expert to really understand what this means and what I can possible do about the issue.<br /><br />I've also contacted x-cart as well for suggestions. Thought I would ask here as well. I hope I don't have to leave TCH because of this.<!--content-->
Did you happen to read the third note in the link you provided?<br /><br /><!--quoteo--><div class='quotetop'>QUOTE</div><div class='quotemain'><!--quotec-->There is an exploit circulating currently which takes advantage of dl() to inject code into Apache which causes all requests to all virtual hosts to be redirected to a page of the attackers choice.<br /><br />All operators of shared web hosting servers with Apache and PHP should disable dl() by setting enable_dl to off otherwise your servers are vulnerable to this exploit.<!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />I do not know if this is still an issue as it was posted six months ago and may not apply anymore. You might want to open a ticket and see if you can get an answer as to why it is disabled or if it can be enabled.<!--content-->
Thanks Rob, I did see that. The thing is, when I run a phpinfo() on my account, I get the following returned:<br /><br /><!--quoteo--><div class='quotetop'>QUOTE</div><div class='quotemain'><!--quotec-->Configuration<br />PHP Core<br />DirectiveLocal ValueMaster Value<br />...<br /><br />disable_functionsdldl<br />...<br /><br /><b>enable_dlOnOn</b><!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />So, it would seem that enable_dl is actually on here despite the warning someone posted about.<br /><br />I'm going to see what x-cart has to say, and I'm hoping there will be some type of patch or update they can provide.<!--content-->
I'll try posting a ticket here as well in case something can be done on the TCH end.<!--content-->
Let me know what you find. I know we have other users here running X-Cart.<!--content-->
Did you happen to read the third note in the link you provided?<br /><br /><!--quoteo--><div class='quotetop'>QUOTE</div><div class='quotemain'><!--quotec-->There is an exploit circulating currently which takes advantage of dl() to inject code into Apache which causes all requests to all virtual hosts to be redirected to a page of the attackers choice.<br /><br />All operators of shared web hosting servers with Apache and PHP should disable dl() by setting enable_dl to off otherwise your servers are vulnerable to this exploit.<!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />I do not know if this is still an issue as it was posted six months ago and may not apply anymore. You might want to open a ticket and see if you can get an answer as to why it is disabled or if it can be enabled.<!--content-->
Thanks Rob, I did see that. The thing is, when I run a phpinfo() on my account, I get the following returned:<br /><br /><!--quoteo--><div class='quotetop'>QUOTE</div><div class='quotemain'><!--quotec-->Configuration<br />PHP Core<br />DirectiveLocal ValueMaster Value<br />...<br /><br />disable_functionsdldl<br />...<br /><br /><b>enable_dlOnOn</b><!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />So, it would seem that enable_dl is actually on here despite the warning someone posted about.<br /><br />I'm going to see what x-cart has to say, and I'm hoping there will be some type of patch or update they can provide.<!--content-->
I'll try posting a ticket here as well in case something can be done on the TCH end.<!--content-->
Let me know what you find. I know we have other users here running X-Cart.<!--content-->