PHPMailer and function escapeshellcmd()

Question

I use new version of PHPMailer. On the server, I get an error:

Warning: escapeshellcmd() has been disabled for security reasons in /public_html/library/e

Answer 1

You can use an older version. I used Version: 5.2.6 and it works.

Answer 2

No, escapeshellcmd() has some inherent problems which make it worth disabling for many, but you can work around it a different way: use SMTP to localhost instead.

By default PHPMailer uses the PHP mail() function for sending, which calls a local sendmail binary via a shell (requiring the use of escapeshellcmd()), which in turn opens a synchronous SMTP connection to your mail server on localhost. You can skip much of this by sending directly to localhost yourself, bypassing the shell overhead. Do this:

$mail->isSMTP();
$mail->Host = 'localhost';

Other settings should work with defaults. Two advantages of using SMTP to localhost are that you can get much better feedback on the submission process (with $mail->SMTPDebug = 2;), and it's also faster than using mail().