SMF, suhosin and shell_exec()

[jakes_t]

Hi

My host moved servers. After that everybody got a blank white page, multiple refreshes sometimes brought it up until the next click which would be a blank white page again.

Commenting out the following code from subs.php that contains shell_exec() as per this blog post : (google "Suhosin  smf comment subs.php") made the site responsive again.

Code Select Expand

// Try the Linux host command, perhaps?
if (!isset($host) && (strpos(strtolower(PHP_OS), 'win') === false || strpos(strtolower(PHP_OS), 'darwin') !== false) && mt_rand(0, 1) == 1)
    {
        if (!isset($modSettings['host_to_dis']))
            $test = @shell_exec('host -W 1 ' . @escapeshellarg($ip));
        else
            $test = @shell_exec('host ' . @escapeshellarg($ip));

        // Did host say it didn't find anything?
        if (strpos($test, 'not found') !== false)
            $host = '';
        // Invalid server option?
        elseif ((strpos($test, 'invalid option') || strpos($test, 'Invalid query name 1')) && !isset($modSettings['host_to_dis']))
            updateSettings(array('host_to_dis' => 1));
        // Maybe it found something, after all?
        elseif (preg_match('~\s([^\s]+?)\.\s~', $test, $match) == 1)
            $host = $match[1];
    }

My host keeps putting the ball in my court and won't disable anything just for my domain. Are there any repercussions to commenting out the code in question and is there maybe a more elegant solution? 

(commenting out random code is not my favorite pastime..  )

This is a stock install no mods.

[margarett]

shell_exec is only used in this function:

Code Select Expand


// Lookup an IP; try shell_exec first because we can do a timeout on it.
function host_from_ip($ip)
{

You can live without it, no worries

[Arantor]

Just turn off host name lookups.

[jakes_t]

Thank you Arantor, that fixed it