Hi Dice! yes indeed, I used the full path to the bin. (it was tesseract) in a protected (private) php function.Don't rely on PATH. Use fully qualified paths, especially in scripts.
Probably because on a lot of Linux distributions everything but the kitchen sink gets dumped in /usr/bin. Still shouldn't rely on that. What if someone placed a (backdoored) executable just a little higher up the PATH chain? That's the main reason why you should not rely on PATH in scripts.This got me investigating since i copied a php script from an ubuntu server to the freebsd12 system and ran it (no dependency issues, identical setups) but on the ubuntu it exec()'s as expected,