[HH#300547] php settings

[HelioHost]

Username: astron, Server: Tommy, Main domain: astron.heliohost.org

 

Some of the things that I have discovered and that could be changed or

given the possibility of changing to the user through cpanel.

The firstirst - Public Display of PHP Errors Enabled

The server is set to display PHP errors. This is not recommended for

production environments as it may cause sensitive information to be

publicly disclosed. You should contact your hosting provider or system

administrator and ask them to set the display_errors PHP setting to Off.

 

The second - it appears if to use php 7.2...

There are enabled such a functions, what would be better, if they are

disabled by default and there is possible turn on if they are really

needed. Here are these functions:

exec, system, pcntl_exec, popen, proc_open, shell_exec

If possible, please add them to the disable_functions PHP setting.

Sorry, if I'm wrong.

 

*Kalju kaljukass@gmail.com *

[wolstech]

The display_errors is intentionally enabled because the default is a very confusing and generic 500 error that most people can’t figure out. Users who really don’t want them shown can add error_reporting(0); to their scripts to suppress them.

 

As for the system functions not being disabled, they should be...we’ll take a look.

[Krydos]

See https://www.helionet.org/index/topic/35190-hh191578-fwd-php-settings/?p=156428