Fresh Install Prestashop 1.7.0.2 Error Add "phar" to suhosin.executor.include.whitelist in php.ini*

[gulaly]

i try to make fresh install of prestashop 1.7.0.2 on internet, i got error when "checking PrestaShop compatibility with your system environment"

 

Error :

 

1. Add "phar" to suhosin.executor.include.whitelist in php.ini*.

2. Install and/or enable a PHP accelerator (highly recommended).

3, Set short_open_tag to off in php.ini*.

 

I Already contact my hosting and they said my hosting plan have Prestashop 1.7.0.2 system requirement

 

Prestashop 1.7.0.2 System Requirement :

 

Web server: Apache 1.3, Apache 2.x, Nginx or Microsoft IIS

PHP 5.4+

MySQL 5.0+ installed with a database created

SSH or FTP access (ask your hosting service for your credentials)

 

OPTIONAL REQUIREMENT

 

In the PHP configuration ask your provider to set memory_limit to "128M" and upload_max_file_size to "16M"

SSL certificate if you plan to process payments internally (not using PayPal for instance)

Optional PHP extensions: GD, cURL, SimpleXML, SOAP

To improve performances: MemCached, mcrypt PHP extension

 

Any suggest or solution for this error?

Edited December 13, 2016 by gulaly (see edit history)

[andyfick]

Hi, I have exactly the same problem, but my host has added phar to suhosin.executor.include.whitelist (I can see it showing in phpinfo, so I know they've done it), however the installer is still saying it's missing!

 

Is there anything else I should be looking for in the config that's missing?

 

Cheers,

 

Andrew

[andyfick]

Anybody know anything about this?

[Eduardo de Souza Dia]

Hi,

 

I had the same problem and I fixed it adding to the end of the php.ini the follow:

 

extension = suhosin.so

suhosin.executor.include.whitelist="phar"

Edited February 5, 2017 by Eduardo de Souza Dia (see edit history)

[andyfick]

Thanks Eduardo,

 

I'm pretty sure I have these settings already, but I'll check again.

 

Thanks,

 

Andrew

[andyfick]

OK - I've just downloaded 1.7.0.4 and run the installer, and I still get stuck at the 'Add "phar" to suhosin.executor.include.whitelist in php.ini' message.

 

Running info.php on my domain shows the following (see attached).

 

I'm completely stuck! HELP!

 

Andrew

 

 

[GreyGhost]

Hi all, I know this topic is a little old now but I'm trying to install  v1.7.1.1 on a shared hosting server and getting the "Add "phar" to suhosin.executor.include.whitelist in php.ini*." error on the compatibility check.

 

I have contacted my host and they say they can't change the php.ini on a shared hosting server (more like they won't than can't). This is a reseller hosting account and I have more than 25 sites running on it so changing hosts isn't really an option at this stage.

 

Now, I can fix the issue in cPanel/WHM by turning off suhosin in php extensions, but I'm wondering just how much effect will this have on security.

 

Should I simply turn it off or are the security risks too great.

 

Cheers,

8-)

[andyfick]

Did you get any further with this GreyGhost?

 

In the end I had my hosting provider install 1.7 for me as nothing I could do would fix the above problem. Unfortunately, I don't know what they did to make it work as all the PHP settings I could see were set correctly anyway.

 

Be interested to know if you managed to get it installed.

Andrew

[GreyGhost]

Did you get any further with this GreyGhost?

 

In the end I had my hosting provider install 1.7 for me as nothing I could do would fix the above problem. Unfortunately, I don't know what they did to make it work as all the PHP settings I could see were set correctly anyway.

 

Be interested to know if you managed to get it installed.

Andrew

 

I ended up just turning off Suhosin to get it installed.

After some discussions with my provider I got this reply/explanation...

 

 

 

Suhosin is designed to prevent unknown PHP exploits proactively. Most of what it guards against is exploits which send out spam, inject fake advertising pages, etc. Thankfully, with WordPress being by far the biggest target for hackers, this is far less of an issue for Prestashop.

 

One thing I recommend you strongly do when disabling Suhosin is look over the official hardening article (most CMS's have one if you google, for example, Prestashop hardening). The latest one for Prestashop is here: http://doc.prestashop.com/display/PS16/Making+your+PrestaShop+installation+more+secure

 

All seemed to work fine and Prestashop was running as it should, unfortunately I found I needed a system that would easily integrate with Retail Express POS system my client used in their retail shop so ended up going with a system that already had an API for Retail Express.

 

8-)

[Nguyen]

Thank GreyGhost, look like your solution still is the best way to now.  

My php server is 5.4 and it dont have that setting on php.ini files, i see they are ON in PHP extension setting, so i have to turn  suhosin to off to install Prestashop, may we will switch it on after install, not sure that will be ok, lol

[FletchSys]

We faced the same issue and we resolved it by adding.

The below code in php.ini file

suhosin.executor.include.whitelist=phar

and placing the php.ini file in the below path

/public_html/Domain/PrestashopInstallationFolder/src

So in short i have placed the php.ini (after adding the code in the file) in src folder and it worked.

Hope this helps.

Thanks.