Shared hosts often disable exec/shell_exec and many related functions (annoyingly including escapeshellarg). In prior versions a disabled function emits a warning and returns null, and the places we use these tend to tolerate that kind of silent failure.
In PHP 8+, a disabled function is seen as not being defined at all. This is easier to detect but means that blindly using the function is a fatal error now, and we have some places where we just use these functions without checking or providing a configuration to avoid their use.
Minimally we should guard these with checks that the function exists, though some of them could potentially be removed entirely.
Shared hosts often disable exec/shell_exec and many related functions (annoyingly including escapeshellarg). In prior versions a disabled function emits a warning and returns null, and the places we use these tend to tolerate that kind of silent failure.
In PHP 8+, a disabled function is seen as not being defined at all. This is easier to detect but means that blindly using the function is a fatal error now, and we have some places where we just use these functions without checking or providing a configuration to avoid their use.
Minimally we should guard these with checks that the function exists, though some of them could potentially be removed entirely.
See https://forum.omeka.org/t/switching-from-php74-to-8-0-causes-file-uploading-problem/16451 for an example of this problem in action.