New strange error - "escapeshellcmd() has been disabled for security reasons"

3 posts by 3 authors in: Forums > CMS Builder
Last Post: May 25, 2021   (RSS)

By Codee - May 15, 2021

Just received CMSB notification with this error:

"E_WARNING: escapeshellcmd() has been disabled for security reasons
/home/xxxxxxxxxxx/public_html/cmsbadmin/3rdParty/SwiftMailer5/classes/Swift/Transport/MailTransport.php (line 260)
https://xxxxxxxx.com/ordering.php"

This came in at the same time a legitimate order processed on the website.  Interactive Tools: can you coach me to understanding on this one?

Thank you in advance.

By mark99 - May 20, 2021

I believe escapeshellcmd() has some inherent problems that make it worth disabling for best security. The workaround is usually to adopt SMTP for email instead of the PHP method, although CMSB should really ensure their 3rd Party stuff is up-to-date (they're using the massively out of date SwiftMailer v5, but the latest release is on the 6.2 branch). I'm not sure how to update this ourselves.

Hopefully somebody will reply to say how this can be addressed as we really shouldn't be having such out of date libraries in the system.