escapeshellarg() has been disabled for security reasons
Solution 1:
The @
operator will silence any PHP errors the function could raise. You should never use it!
Solutions:
Remove the
escapeshellarg
string from thedisable_functions
inphp.ini
fileAsk your host provider to remove Remove the
escapeshellarg
string from thedisable_functions
in php.ini file if you don't have an access to thephp.ini
file-
make your own
escapeshellarg
. The function only escapes any single quotes in the given string and then adds single quotes around it.function my_escapeshellarg($input) { $input = str_replace('\'', '\\\'', $input); return '\''.$input.'\''; }
and do something like this:
// $cmd = 'file --brief --mime ' . escapeshellarg($file['tmp_name']) . ' 2>&1'; $cmd = 'file --brief --mime ' . my_escapeshellarg($file['tmp_name']) . ' 2>&1';
But what is best is to extend the
Upload.php
library and override the_file_mime_type
function instead of changing on the core of CodeIgniter so that you will not lose it if you ever want to update CodeIgniter.Helpful links: https://www.codeigniter.com/user_guide/general/core_classes.html
Solution 2:
Try
$cmd = 'file --brief --mime ' . @escapeshellarg($file['tmp_name']) . ' 2>&1';
Open Upload.php file from system/libraries folder and put @
in front of escapeshellarg($file['tmp_name'])
at line 1066
and second thing upload this file under application/libraries folder that will be better, other wise no problem, you can replace system's Upload.php file.