Putenv exploit


I have a problem with shared hosting providers to enable putenv function for me, they say it is a great security threat. I guess they might be right? See this for example.

I have removed the putenv function from disabled_functions on my own virutal server, but now I’m a little scared about the security issues.

Is it somehow possible to run the bedrock without the need of putenv enabled? It is part of this composer package.

Bedrock uses Dotenv::createUnsafeImmutable which uses putenv under the hood.

Do you mind investigate what are the potential issues of switching to Dotenv::createImmutable send PRs?


This topic was automatically closed after 42 days. New replies are no longer allowed.