set_time_limit() has been disabled for security reasons

Fix released in build 8831

This bug is still present in 1.0 of webtrees. For some reason set_time_limit is not in disabled_functions. The front page fails with the following message (sans last part about headers already being sent):

ERROR 2: set_time_limit() [function.set-time-limit]: Cannot set time limit due to system policy
0 Error occurred on in function set_time_limit
1 called from line 232 of file session.php in function require
2 called from line 32 of file index.php

Warning: set_time_limit() [function.set-time-limit]: Cannot set time limit due to system policy in /customers/linuxadmin.dk/linuxadmin.dk/httpd.www/webtrees-1.0/includes/session.php on line 232

Michael,

Does your server run PHP in "safe mode"?

The server does not run in safe mode. I think the problem might be that my host(one.com) uses the Suhosin Patch. I have, however, not been able to find a way to detect the Suhosin Patch. See phpinfo at http://linuxadmin.dk/info.php

The suhosin patch can be detected by capturing the output from phpinfo().

However, I do not believe this is the problem, because

1) the suhosin documentation (http://www.hardened-php.net/) does not mention restrictions on the execution time
2) my own live site runs with the suhosin patch, and this runs webtrees without problem

OK I have found out some other weirdness about my host(one.com). They say that they have disabled set_time_limit, see https://www.one.com/en/support/faq/what-is-php-safe-mode-and-open-basedir. The information does, however, not show in either phpinfo() or ini_get('disable_functions').

I'll contact my host to hear what they have to say about it.

The support team at one.com does not see problem. I can't convince them that there is something really strange about their setup. I don't know if other hosts have done similar things that will also make webtrees fall over. I could not get a try-catch block to catch it nor could I get set_error_handler to work right :-(

Just out of interest, what do you get for

if (function_exists('set_time_limit')) {
 echo 'yes';
} else {
 echo 'no';
}

Perhaps they removed the function from the source code, and have compiled a custom binary?

It says yes. So the function does exist.

OK - what I will probably do is change the system so that the default is not to set the time limit. If you specify a value in the site config page, it is used, otherwise no action is taken.

This should work around your restrictions.

These changes have been made in SVN 9669.

Our default behaviour has changed from

"setting these values to the defaults" to "not setting these values".

In other words, if you leave these configuration settings empty, no attempt will be made to set them.

You should be able to test this using tomorrow's snapshot build.