Since updating to v20.09-c70e26db3 the feed update process is no longer working. I am using the cron method which is decribed here: Tiny Tiny RSS – Updating Feeds
Running: /usr/bin/php /web/ttrss/update.php --feeds
→ Seems to run without any issues.
System Log shows errors: passthru() has been disabled for security reasons
it doesn’t make a lot of sense to me to disable exec family of functions for the command line but i guess that’s shared hosting for you.
if there’s a way to check for this at runtime i could add back a fallback mechanism (which is commented out at the moment right after the passthru in rssutils.php) for when passthru() is not available.
I’m afraid this didn’t work for me. I also ran into this problem a few days ago (also using shared hosting), so I updated my installation from the master branch. I think that function_enabled("passthru") is returning true even though passthru is disabled. I know no PHP, but I tried running the following two commands on the server (via a cron job, which seems to be my only means of access to a shell):
(As suggested above): "<?php header(\"Content-type: text/plain\"); print_r(explode(\",\", ini_get('disable_functions')));" | php -- – this printed an array including [2] => passthru.
(Copying the function function_enabled in rssutils.php): "<?php header(\"Content-type: text/plain\"); print_r(!in_array(\"passthru\", explode(\",\", (string)ini_get('disable_functions'))));" | php -- – this printed “1”.
I was wondering about those ‘dangerous’ php functions as I will probably move to a new shared webhosting provider.
So can you disable these php functions separately for CLI and http (scripts)?
(@fox your comment about how you saw little/no sense in disabling these functions for CLI gave me that impression.)
So - if the webhoster supports/allows this - I could ask them to disable those functions for http only and tt-rss (updating via cron) should be have no problems with that?
BTW which functions do you think you should be disabled (for http)? Here’s a list I found: exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source,fsockopen,socket_create,mail,putenv
Any advice is gretly appreciated. Thank you very much.
if they decide to play along, sure. they might have their own ideas though.
maybe it would be better idea to check lowendtalk instead, and get a cheap vds?
e: i wonder if its possible to run tt-rss on a free tier on AWS or something like that, i wonder if some cheapskate have tried that. it can’t be worse than dealing with, uhhh, peculiarities of shared hosting.
AWS seems interesting but probably/definitely beyond what I can achieve with my ‘skills’. Should I ever find detailled instructions and the time I’d give it a try for sure.