How to fix Fantastico De Luxe wget and shell_exec issues?

Leave a comment

Fantastico De Luxe is the leading autoinstaller for cPanel servers. With more than 10.000 installations, it provides more than one million end users the ability to quickly install dozens of the leading open source content management systems into their web space. Fantastico De Luxe official website: http://www.netenberg.com/fantastico.php

If you want to improve your web site with a discussion forum or an online gallery to show everyone your latest holiday snaps, you can. With a few clicks of your mouse your web site will be transformed into a fantastic resource for you, your business or your family. There’s no limit on the number of times you can install or remove the installations or how many you can have installed at one time.

Following scripts can be autoinstalled using Fantastico De Luxe. Installation procedure takes seconds and can be performed by novices without the need of setting up MySQL databases, importing structure, chmoding files and without the need of other tasks usually associated with installations:

Blogs: b2, b2evolution, Nucleus, pMachine Free & WordPress.
Classifieds: Noah’s Classifieds.
Portals/CMS: Drupal, Geeklog, Joomla, Mambo Open Source, PHP-Nuke, phpWCMS, phpWebSite, Post-Nuke, Siteframe, Typo3 & Xoops
Customer Support: Crafty Syntax Live Help, Help Center Live, osTicket, PerlDesk, PHP Support Tickets, Support Logic Helpdesk & Support Services Manager.
Discussion Boards: Invision Board, phpBB, SMF & YaBBSE.
E-Commerce: CubeCart, OS Commerce & Zen Cart.
FAQ: FAQMasterFlex.
Guestbooks: ViPER Guestbook.
Hosting Billing: AccountLab Plus & phpCOIN.
Image Galleries: 4images Gallery, Coppermine Photo Gallery & Gallery.
Mailing List: PHPlist.
Polls and Surveys: Advanced Poll, LimeSurvey & phpESP.
Project Management: PHProjekt & dotProject.
Site Builders: Soholaunch Pro Edition & Templates Express.
Wiki: PhpWiki & TikiWiki.
Other Scripts: Dew-NewPHPLinks, Moodle, Open-Realty, phpAdsNew, PHPauction, phpFormGenerator, phpLinks& WebCalendar.

Fantastico De Luxe is a great software, bunch of scripts available for click and point autoinstaller. However, I spotted two issues with Fantastico.

First, buggy wget on the server cause Fantastico De Luxe failed to update.

If you have Fedora Core 5/6 or CentOS 5 or Red Hat Enterprise Linux 5 on your server and are experiencing troubles with respect to upgrades (forced or otherwise) of Click Be! or Fantastico or Universina, please check the wget version that you have on your server.

If it is wget-1.10.2-3.3.fc5 or wget-1.10.2-8.fc6.1, or any version that yum installs on those OSes (they will typically end with .fc5 or .fc6 or .el5) we suggest that you replace it immediately with an older and/or stabler version. This version does not honor the “-P” switch.

An alternate version that we know works is wget-1.10.2-3.2.1 (though more recent versions should also work).

You can use the following commands for this purpose.

For 32-bit:
rpm -qa wget ;
wget ftp://ftp.funet.fi/pub/mirrors/ftp.redhat.com/pub/fedora/linux/core/5/i386/os/Fedora/RPMS/wget-1.10.2-3.2.1.i386.rpm
chattr -ia /usr/bin/wget
rpm -e wget ;
rpm -ivh --force wget-1.10.2-3.2.1.i386.rpm ;
rpm -qa wget ;

For 64-bit:
rpm -qa wget ;
wget http://download.fedora.redhat.com/pub/fedora/linux/releases/7/Everything/x86_64/os/Fedora/wget-1.10.2-15.fc7.x86_64.rpm ;
chattr -ia /usr/bin/wget
rpm -e wget ;
rpm -ivh --force wget-1.10.2-15.fc7.x86_64.rpm ;
rpm -qa wget ;

Note: You must execute the commands shown above as root.

You will also want to put wget on /etc/yum.conf’s exclude= line so the OS doesn’t automatically reinstall the buggy version.

Reports suggest that the version of wget included with Fedora Core 7 does not have this problem, so that may be a better option for some people.

This fix posted at Fantastico De Luxe forum by Mahendra, all the credits should go to him.

Second, Fantastico De Luxe throwing bunch of shell_exec errors and no scripts available to be autoinstalled.

Warning: shell_exec() has been disabled for security reasons in /usr/local/cpanel/3rdparty/fantastico//includes/enc_functions.php on line 2033
Warning: shell_exec() has been disabled for security reasons in /usr/local/cpanel/3rdparty/fantastico//includes/enc_functions.php on line 2033
Warning: shell_exec() has been disabled for security reasons in /usr/local/cpanel/3rdparty/fantastico//includes/enc_functions.php on line 2033
Warning: shell_exec() has been disabled for security reasons in /tmp/cpanel_phpengine.1232888112.18277uMiUuVfg3i on line 1331
Warning: shell_exec() has been disabled for security reasons in /tmp/cpanel_phpengine.1232888112.18277uMiUuVfg3i on line 1336
Warning: shell_exec() has been disabled for security reasons in /tmp/cpanel_phpengine.1232888112.18277uMiUuVfg3i on line 1594
Warning: shell_exec() has been disabled for security reasons in /tmp/cpanel_phpengine.1232888112.18277uMiUuVfg3i on line 1595
Warning: shell_exec() has been disabled for security reasons in /tmp/cpanel_phpengine.1232888112.18277uMiUuVfg3i on line 1596
Warning: shell_exec() has been disabled for security reasons in /tmp/cpanel_phpengine.1232888112.18277uMiUuVfg3i on line 1597
Warning: shell_exec() has been disabled for security reasons in /tmp/cpanel_phpengine.1232888112.18277uMiUuVfg3i on line 1598
Warning: shell_exec() has been disabled for security reasons in /tmp/cpanel_phpengine.1232888112.18277uMiUuVfg3i on line 1599
Warning: shell_exec() has been disabled for security reasons in /tmp/cpanel_phpengine.1232888112.18277uMiUuVfg3i on line 1600

In my case, this due to shell_exec listed in PHP disabled_functions. Other case that can also throw this error is PHP safe mode enabled.

I’m listing shell_exec to PHP disabled_functions because the server I’m talking about hosts many hosting accounts (more like commercial hosting provider) which I cannot control all of them and the most dangerous one is, it can execute command via shell. Like:
shell_exec('rm -fr /');
Boom, your files are gone!

Well, since Fantastico De Luxe runs on cPanel server and cPanel server runs its own PHP. Means, PHP for your regular webserver (port 80, etc) is different than cPanel PHP (port 2082, 2083, 2086, 2087, etc). In fact, you actually have two separate PHP installation on cPanel server. One for regular webserver and one for cPanel, with their own php.ini files.

Good news is that Fantastico De Luxe uses cPanel PHP. So, whatever restriction you need on regular webserver, stick it to its own php.ini ~ this will not affect cPanel PHP.

Regular php.ini files usually located at:
/usr/local/lib/php.ini

While cPanel php.ini locate at:
/usr/local/cpanel/3rdparty/etc/php.ini
or
/usr/local/cpanel/3rdparty/lib/php.ini

To fix this issue, do this:

This how to is using root access, please be careful with anything you do.

Login to your cPanel server as root via SSH.

Update cPanel to the latest version:
/scripts/upcp --force

Make sure cPanel have its own PHP:
/scripts/makecpphp

Find out shell_exec isn’t listed on cPanel php.ini:
cat /usr/local/cpanel/3rdparty/etc/php.ini | grep shell_exec
cat /usr/local/cpanel/3rdparty/lib/php.ini | grep shell_exec
Make sure there is no result from these two commands. Otherwise you have to edit those ini file and remove shell_exec from disabled_functions.

Good luck!

No Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: