From 9eda9c1e21e61363461dc23c967e855f86dacc3e Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Wed, 12 May 2021 19:55:16 +0200
Subject: [PATCH] Enhance setup

---
 htdocs/admin/system/security.php | 33 +++++++++++++++++++++++++++++++-
 htdocs/langs/en_US/admin.lang    |  4 +++-
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php
index d8dd21719fd..36f08309e02 100644
--- a/htdocs/admin/system/security.php
+++ b/htdocs/admin/system/security.php
@@ -40,6 +40,8 @@ if (GETPOST('action', 'aZ09') == 'donothing') {
 	exit;
 }
 
+$execmethod = empty($conf->global->MAIN_EXEC_USE_POPEN) ? 1 : $conf->global->MAIN_EXEC_USE_POPEN;
+
 
 /*
  * View
@@ -74,7 +76,13 @@ print "<strong>PHP allow_url_include</strong> = ".(ini_get('allow_url_include')
 print "<strong>PHP disable_functions</strong> = ";
 $arrayoffunctionsdisabled = explode(',', ini_get('disable_functions'));
 $arrayoffunctionstodisable = explode(',', 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals');
-$arrayoffunctionstodisable2 = explode(',', 'exec,passthru,shell_exec,system,proc_open,popen');
+if ($execmethod == 1) {
+	$arrayoffunctionstodisable2 = explode(',', 'passthru,shell_exec,system,proc_open,popen');
+	$functiontokeep = 'exec';
+} else {
+	$arrayoffunctionstodisable2 = explode(',', 'exec,passthru,shell_exec,system,proc_open');
+	$functiontokeep = 'popen';
+}
 $i = 0;
 foreach ($arrayoffunctionsdisabled as $functionkey) {
 	if ($i > 0) {
@@ -115,6 +123,13 @@ if ($todisabletext) {
 	print '<br>';
 }
 
+print $langs->trans("PHPFunctionsRequiredForCLI").': ';
+if (in_array($functiontokeep, $arrayoffunctionsdisabled)) {
+	print img_picto($langs->trans("PHPFunctionsRequiredForCLI"), 'warning');
+}
+print '<span class="opacitymedium">'.$functiontokeep.'</span>';
+print '<br>';
+
 print '<br>';
 
 // XDebug
@@ -245,6 +260,22 @@ print '<strong>MAIN_SECURITY_ANTI_SSRF_SERVER_IP</strong> = '.(empty($conf->glob
 print '<br>';
 
 
+print '<strong>MAIN_EXEC_USE_POPEN</strong> = ';
+if (empty($conf->global->MAIN_EXEC_USE_POPEN)) {
+	print '<span class="opacitymedium">'.$langs->trans("Undefined").'</span> &nbsp; ';
+} else {
+	print $conf->global->MAIN_EXEC_USE_POPEN.' &nbsp; ';
+}
+if ($execmethod == 1) {
+	print ' --> "exec" PHP method will be used for shell commands.';
+}
+if ($execmethod == 2) {
+	print ' --> "popen" PHP method will be used for shell commands.';
+}
+print "<br>";
+print '<br>';
+
+
 print '<strong>'.$langs->trans("AntivirusEnabledOnUpload").'</strong>: ';
 print empty($conf->global->MAIN_ANTIVIRUS_COMMAND) ? '' : img_picto('', 'tick').' ';
 print yn($conf->global->MAIN_ANTIVIRUS_COMMAND ? 1 : 0);
diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
index 9f4bcfcfbd4..467fba89199 100644
--- a/htdocs/langs/en_US/admin.lang
+++ b/htdocs/langs/en_US/admin.lang
@@ -2127,7 +2127,8 @@ ConfFileIsReadableOrWritableByAnyUsers=The conf file is readable or writable by
 MailToSendEventOrganization=Event Organization
 AGENDA_EVENT_DEFAULT_STATUS=Default event status when creating a event from the form
 YouShouldDisablePHPFunctions=You should disable PHP functions
-IfCLINotRequiredYouShouldDisablePHPFunctions=Except if you need to run system commands (for the module Scheduled job, or to run the external command line Anti-virus for example), you shoud disable PHP functions
+IfCLINotRequiredYouShouldDisablePHPFunctions=Except if you need to run system commands in custom code, you shoud disable PHP functions
+PHPFunctionsRequiredForCLI=For shell purpose (like scheduled job backup or running an anitivurs program), you must keep PHP functions
 NoWritableFilesFoundIntoRootDir=No writable files or directories of the common programs were found into your root directory (Good)
 RecommendedValueIs=Recommended: %s
 NotRecommended=Not recommanded
@@ -2137,3 +2138,4 @@ CheckForModuleUpdateHelp=This action will connect to editors of external modules
 ModuleUpdateAvailable=An update is available
 NoExternalModuleWithUpdate=No updates found for external modules
 SwaggerDescriptionFile=Swagger API description file (for use with redoc for example)
+YouEnableDeprecatedWSAPIsUseRESTAPIsInstead=You enabled deprecated WS API. You should use REST API instead. 
\ No newline at end of file