fixes #149

[timelsass]

to test you need to disable shell_exec in your environment.

These are instructions for using the latest VVV running php7.2-fpm, which may or may not be how you do it in your own environment:

1. Disable Theme Sniffer
2. run this command:

   vagrant ssh && echo "disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source" | sudo tee --append /etc/php/7.2/fpm/conf.d/99-security.ini && sudo service php7.2-fpm restart

   The disabled_functions is just a common set of disabled functions hosts usually add to make it more realistic of an environment.

3. After you've sshed into vagrant, written the security rule, and php-fpm has restarted, go back to dashboard and activate Theme Sniffer.

As a result you should see an admin notice with the fatal displayed:

Afterwards, you may want to remove this and restart php-fpm to go back to how things were:

sudo rm -rf /etc/php/7.2/fpm/conf.d/99-security.ini && sudo service php7.2-fpm restart

[dingo-d]

This looks good to me :+1: I tried to make a prettier error messages, but the activation ones (I think) are out of our control. We can look into it but for now this is good 🙂