Recently, an issue was encountered while running a WordPress site integrated with the BigCommerce plugin. The site experienced a PHP Fatal Error due to the unavailability of the tmpfile() function. This error affected the regular operation of the BigCommerce plugin, potentially disrupting the site's e-commerce functionalities. The issue specifically caused problems updating a users profile information and password in WordPress and properly syncing them back to BigCommerce.
The tmpfile() function is commonly used to create temporary files, a critical requirement for specific plugins, including BigCommerce. Turning off this function can prevent these plugins from operating correctly, leading to errors and a degraded user experience.
Error
Below is the error that leads us to the actual problem in the BigCommerce plugin:
PHP Fatal error: Uncaught Error: Call to undefined function Bigcommerce\Api\tmpfile() in wp-content/plugins/bigcommerce/.../Connection.php
Findings
Current PHP Configuration
Upon investigation, we found that the global PHP tmpfile() function is currently disabled in the PHP environment. This is due to its inclusion in the disable_functions directive within the php.ini file. This specifically happens with the default configuration of Cloudways, but it is perhaps affecting other hosting providers as well.
In Cloudways the disable_functions directive in your PHP configuration includes the following functions:
Disabling functions like tmpfile() is often done to reduce potential security risks, particularly in shared hosting environments. However, disabling such functions on a dedicated server is not essential and can limit the functionality of specific PHP applications and WordPress plugins.
Impact
The recent PHP Fatal Error in the BigCommerce plugin was directly linked to the disabled tmpfile() function. This caused the plugin to fail and posed a risk to the stability and functionality of the entire WordPress site.
Recommendations
Enable the tmpfile() Function:
Access the php.ini file on your server.
Locate the disable_functions directive.
Remove tmpfile from the list of disabled functions.
Save the changes and restart your web server to apply them.
Testing
After enabling the tmpfile() function, perform a test to ensure it functions as expected within your WordPress site, particularly in the BigCommerce plugin. This can be done by running a PHP script that checks for the function's availability or monitoring the site for errors.
Background
Recently, an issue was encountered while running a WordPress site integrated with the BigCommerce plugin. The site experienced a PHP Fatal Error due to the unavailability of the
tmpfile()
function. This error affected the regular operation of the BigCommerce plugin, potentially disrupting the site's e-commerce functionalities. The issue specifically caused problems updating a users profile information and password in WordPress and properly syncing them back to BigCommerce.The
tmpfile()
function is commonly used to create temporary files, a critical requirement for specific plugins, including BigCommerce. Turning off this function can prevent these plugins from operating correctly, leading to errors and a degraded user experience.Error
Below is the error that leads us to the actual problem in the BigCommerce plugin:
PHP Fatal error: Uncaught Error: Call to undefined function Bigcommerce\Api\tmpfile() in wp-content/plugins/bigcommerce/.../Connection.php
Findings
Current PHP Configuration
tmpfile()
function is currently disabled in the PHP environment. This is due to its inclusion in thedisable_functions
directive within thephp.ini
file. This specifically happens with the default configuration of Cloudways, but it is perhaps affecting other hosting providers as well.In Cloudways the
disable_functions
directive in your PHP configuration includes the following functions:getmyuid, passthru, leak, listen, diskfreespace, tmpfile, link, dl, system, highlight_file, source, show_source, fpassthru, virtual, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix_getppid, posix_getpwuid, posix_getrlimit, posix_getsid, posix_getuid, posix_isatty, posix_kill, posix_mkfifo, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, proc_open, proc_close, proc_nice, proc_terminate, escapeshellcmd, ini_alter, popen, pcntl_exec, socket_accept, socket_bind, socket_clear_error, socket_close, socket_connect, symlink, posix_geteuid, ini_alter, socket_listen, socket_create_listen, socket_read, socket_create_pair, stream_socket_server, shell_exec, exec, putenv
Security Implications
tmpfile()
is often done to reduce potential security risks, particularly in shared hosting environments. However, disabling such functions on a dedicated server is not essential and can limit the functionality of specific PHP applications and WordPress plugins.Impact
tmpfile()
function. This caused the plugin to fail and posed a risk to the stability and functionality of the entire WordPress site.Recommendations
Enable the
tmpfile()
Function:php.ini
file on your server.disable_functions
directive.tmpfile
from the list of disabled functions.Testing
After enabling the
tmpfile()
function, perform a test to ensure it functions as expected within your WordPress site, particularly in the BigCommerce plugin. This can be done by running a PHP script that checks for the function's availability or monitoring the site for errors.