You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.
My ISP keeps disabling my CCP7 site because of the ini_set function.
They tell me this is a huge security hole in php.
This has cost me lots of money as they keep shutting down my store as a general precaution.
Does version 8 have this issue as well?
Can anyone elaborate on the security hole ini_set function opens?
Thanks.
Offline
All PHP versions of ClickCartPro and EuropaCart use ini_set() to change the environment variables on-the-fly so the software can run properly. I've never heard of a host disabling that option, as most scripts use it. PHP has built in security which limits the damage you can do with ini_set() functions. I think your host is being a bit overzealous and it might be time to look for a new one. If you want to stick with them, perhaps you could request that they simply disable ini_set() in their php.ini. As long as the server config is appropriate, ClickCartPro and EuropaCart will not try to use ini_set() to set any variables.
Offline