expose_php

8 posts by 3 authors in: Forums > CMS Builder
Last Post: December 9, 2014   (RSS)

I have upgraded my CMS to the latest version and have changed settings as instructed in General Settings but I get this warning:

These tips are custom generated and apply to the current server and connection:

  • expose_php is currently enabled, disable it in php.ini.

In the php.ini it says that expose_php is off.

Can you help please?

By claire - December 5, 2014

What version of PHP are you running?

I'll refer this to Dave, but I suspect you've got another php.ini file around that's overriding the settings in CMSB. If you're on shared hosting, you can also ask your hosting provider for help with this.

--------------------

Claire Ryan
interactivetools.com

Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

By Dave - December 5, 2014

Hi MercerDesign,

That recommendation isn't critical, so if you can't follow it it's ok, but it is ideal to have it disabled as it makes it so your website exposes less information to potentially malicious attackers.

There's several places where php setting can be set.  If you take a look in: Admin > General > Server Info (at the bottom), you'll see a line like this which shows which php.ini is being loaded:

php.ini path: C:\wamp\bin\apache\apache2.2.22\bin\php.ini

It could be that the php.ini that is being loaded is different from the one you were looking at.  

Can you let me know if those match up?  Also if you click the phpinfo link and look at the first page of info it will often tell you additional config files that may have been loaded.

Help that helps!

Dave Edis - Senior Developer
interactivetools.com

By claire - December 8, 2014

That looks like the general settings for the server. You can definitely have more than one php.ini file around.

If you go to Admin -> General Settings and scroll down to Server Info, you should see a link next to the PHP version that looks like this: phpinfo >>

Click on that and it'll give you the full config settings. What you're looking for is a few lines down:

  • Loaded Configuration File
  • Scan this dir for additional .ini files
  • Additional .ini files parsed

That should tell you what's going on, and whether the additional php.ini file in the cmsAdmin directory is being loaded.

--------------------

Claire Ryan
interactivetools.com

Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

By Dave - December 8, 2014

Hi Guys, 

I just wanted to add that we include a "php.ini" (and a .htaccess file as well) in the CMS folder for servers that load it automatically, but not all do.  So that might be part of the confusion.  That file is there in case the server supports it, but in this case it looks like it doesn't.  

So the solution is likely to ask your web host to change that setting.

Dave Edis - Senior Developer
interactivetools.com

The details once I click on th ephpinfo link is:

Configuration File (php.ini) Path    /usr/local/lib
Loaded Configuration File    /usr/local/lib/php.ini
Scan this dir for additional .ini files    (none)
Additional .ini files parsed    (none)

Does that mean I have to ask the hosting company to change it?

By Dave - December 9, 2014

Yep, those are files that likely only the hosting company can change.

Dave Edis - Senior Developer
interactivetools.com