Escapeshellcmd() has been disabled for security reasons

Kirby 3 Solved ✅
1

Hello, few days ago I changed the hosting for my Kirby page, from DoDaddy to Neubox, and my mailer controller stopped working. This is the message I receive when I try to use the contact form in my page:

escapeshellcmd() has been disabled for security reasons

return function($kirby, $page) {

    if ($kirby->request()->is('POST') && get('submit')) {

        // initialize variables
        $alerts      = null;

        // check the honeypot
        if (empty(get('website')) === false) {
            go($page->url());
            exit;
        }

        // get the data and validate the other form fields
        $data = [
            'name'      => get('name'),
            'email'     => get('email'),
            'message'   => get('message')
        ];

        $rules = [
            'name'      => ['required', 'min' => 3],
            'email'     => ['required', 'email']
        ];

        $messages = [
            'name'      => 'Por favor escriba un nombre válido.',
            'email'     => 'Por favor escriba un correo válido.'
        ];

        // some of the data is invalid
        if ($invalid = invalid($data, $rules, $messages)) {
            $alerts = $invalid;
        }

        // the data is fine, let's send the email
        if (empty($alerts)) {
            try {
                $kirby->email([
                    'template' => 'email',
                    'from'     => 'hey@goldensub.com',
                    'to'       => 'jhserna.b@gmail.com',
                    'subject'     => 'Contacto',
                    'data'        => [
                        'name'      => esc($data['name']),
                        'email'      => esc($data['email']),
                        'message'   => esc($data['message'])
                    ]
                ]);
            } catch (Exception $error) {
                $alerts[] = $error->getMessage();
            }

            // no exception occurred, let's send a success message
            if (empty($alerts) === true) {
                // store reference and name in the session for use on the success page
                $kirby->session()->set([
                    'name' => esc($data['name'])
                ]);
                // redirect to the success page
                go('success');
            }
        }
    }

     // return data to template
    return [
        'alerts' => $alerts ?? null,
        'data'   => $data   ?? false,
    ];
};
2

Looks like your web hoster disabled the PHP function escapeshellcmd() on their servers. This is sometimes done citing security risks, and causes sending e-mails through PHP’s own mail() function (which your use of $kirby->email() invokes) to fail with above error.

To work around this, try using SMTP to send e-mail instead of the default configuration, as described here; you will have to find the correct SMTP server settings (and probably set up an SMTP account for sending) from your hoster.

1 Like
3

Hello,

I encountered the exact same problem.

Perhaps @jahasielserna can share the settings that worked in their case?

Thank you

4

Hi @plagasul!

This solution worked for me. I just had to create an email account from which I could send emails.

5

Ah, I see, thank you.

May I ask where did you obtain host and port ?

Thanks

6

They are given by your email provider, in my case it was zoho mail, which smtp.zoho.com and port 465 is the standard port to use smtp securely.

1 Like
7

That did work :slight_smile:

1 Like