This warning is displayed on every SQL result page (see attachment). This wasn't happening before - why it needs to run shell_exec at all?
Where did you download your 4.2.3 version? The error lines you are showing, do not match the code in the official 4.2.3 release.
Directly from your sorceforge site - i still have the bz2 archive (attaching). According to modification time, it wasn't modified since i downdloaded it on 9.6. at 00:47 (also all phpmyadmin files).
I tried to redownload and reinstall phpmyadmin and warnings persists.
Is your server SunOS ? The only place we are calling shell_exec() is in libraries/sysinfo.lib.php, which is called from Monitor. You may try to deactivate the lines inside the _kstat() function of this file.
However, you can have a look at DisplayResults.class.php line 2044, which does not call shell_exec().
Debian Wheezy 64bit. I tried to comment it and warninigs are still there. This is line 2044 from ./libraries/DisplayResults.class.php:
$clause2 = $sort_tbl . str_replace('`', ``, $clause);
This is really strange. I also tried to grep 'shell_exec' and it was found only in libraries/sysinfo.lib.php as you said (but it can be encoded somewhere so it cannot be grepped). Any hints?
Try closing all browser windows, open the browser, log in via phpMyAdmin and only try to browse the table in question.
Didn't help, i also tried to remove all cookies and use different browser.
Maybe disable any opcode caching or unusual PHP extension.
The strange it that when i include this in phpmyadmin apache config:
php_admin_flag log_errors on
php_admin_value error_log /usr/share/phpmyadmin/PHP_errors.log
php_admin_value error_reporting 32767
nothing is logged as no warnings were raised from PHP (yes, file permissions are ok).
There is no opcode cache, attaching phpinfo. I also tried to restart memcached server, didn't help.
Are you sure that the directory where you installed phpMyAdmin is the one from which you are running it? You may try adding some message to index.php, to see if it shows up.
yes, i'm 100% sure (but i also checked it)
The problem is happening from 4.2.0, it's NOT happening in 4.1.14.
still a problem in 4.2.4
As an extreme test, if you rename libraries/DisplayResults.class.php to something else, is there still an error coming from this script?
yes but this:
Warning in ./libraries/sql.lib.php#2270
include(libraries/DisplayResults.class.php): failed to open stream: No such file or directory
the error is really raised by that line - if i replace it with:
$clause2 = '';
no errors are displayed. really strange
i fixed the error with this:
$clause2 = $sort_tbl . str_replace('`', '', $clause);
i replaced "``" with "''". looks really strange, characters "`" are used in the shell to execute commands (everything between them are executed as commands in bash and replaced by output). maybe a PHP bug?
hah, here it is:
why are you using backquotes instead of quotes?
You're right, this looks like a typo.
i suggest to check if there isn't somewhere something like `$user_input`, it could be really dangerous.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.