1 (edited by lament 2005-04-21 00:18)

Topic: For All Those Using Dreamhost

Hi guys,

Just a heads up to anyone hosting with Dreamhost: today they turned off allow_url_fopen on all servers, which will affect any extern.php includes you may be running (the "Guests and Registered Users Online" and "Recent/Active Discussions" are the ones I'm using. see the left sidebar labeled Latest Discussions on my site for an example. Rickard has it on the home page under Recent Posts).

This site will tell you how to fix the situation by using $curl.

Here's Dreamhost's official memo about it:

As previously announced on March 18, 2005, the allow_url_fopen PHP configuration has now
been turned off on all servers.

If you are currently using this functionality in your PHP code, there is a more powerful and
flexible option available.  PHP provides excellent support for curl library and its associated
functions.

One of our own users has written a short article describing how it is used and that can be found
here:
http://blog.unitedheroes.net/archives/p/1630/

The official PHP documentation for it is here:
http://us2.php.net/manual/en/ref.curl.php


This change will significantly improve the security of PHP-based applications running on our
servers so we can spend more time giving you more features!


Happy DreamHost PHP Security Team

Re: For All Those Using Dreamhost

Rickard,

Thought you might like to know that I can't check to see if an upgrade is available either (through my forum), now that "'allow_url_fopen' is disabled on this system."

Re: For All Those Using Dreamhost

lament wrote:

Rickard,

Thought you might like to know that I can't check to see if an upgrade is available either (through my forum), now that "'allow_url_fopen' is disabled on this system."

Yes, I know. PunBB does give you an error message about that, right?

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: For All Those Using Dreamhost

Rickard wrote:
lament wrote:

Rickard,

Thought you might like to know that I can't check to see if an upgrade is available either (through my forum), now that "'allow_url_fopen' is disabled on this system."

Yes, I know. PunBB does give you an error message about that, right?

Yes it does.

Re: For All Those Using Dreamhost

Because of the overhead in doing an HTTP request, how about modifying the extern.php script so that it can be included via file system more easilly (as well as over HTTP)? What needs to be done is declaring variables (in the top of the file, preferably) and then initializing them based on either $_GET[] or other variables (or a keyed array) defined outside of extern.php. This way, extern.php can be included like this:

$extern_params = array(
  "action"  => "new",
  "show"    => 8,
  "fid"     => array(8, 9, 10, 11)
);

include("./forum/extern.php");

Then extern.php can check if $extern_params exists and if it does, get the values from it instead of from the $_GET[] array. Should be an easy fix and I would love to provide the code myself, but I don't know how to contribute. smile

Re: For All Those Using Dreamhost

asbjornu wrote:

Because of the overhead in doing an HTTP request, how about modifying the extern.php script so that it can be included via file system more easilly (as well as over HTTP)? What needs to be done is declaring variables (in the top of the file, preferably) and then initializing them based on either $_GET[] or other variables (or a keyed array) defined outside of extern.php. This way, extern.php can be included like this:

$extern_params = array(
  "action"  => "new",
  "show"    => 8,
  "fid"     => array(8, 9, 10, 11)
);

include("./forum/extern.php");

Then extern.php can check if $extern_params exists and if it does, get the values from it instead of from the $_GET[] array. Should be an easy fix and I would love to provide the code myself, but I don't know how to contribute. smile

Yeah, I've been talking about something like that for 1.3

Re: For All Those Using Dreamhost

$_GET values aren't read-only. You can just assign to $_GET and have extern.php use it later when included, no?

Re: For All Those Using Dreamhost

Yes, but that seems rather like a hack. I'd rather see something easier to use.

Re: For All Those Using Dreamhost

Well yes, but it's still possible tongue

Re: For All Those Using Dreamhost

Good to see that it's planned. I could provide a patch that implemented it, if I could just receive instructions on how to contribute it. wink And I agree that modifying $_GET is a hack.

Re: For All Those Using Dreamhost

asbjornu wrote:

Good to see that it's planned. I could provide a patch that implemented it, if I could just receive instructions on how to contribute it. wink And I agree that modifying $_GET is a hack.

Well, I think extern.php is going to stay the way it is and we'll provide other methods for integrating PunBB stuff with other stuff on a site

Re: For All Those Using Dreamhost

Okay, looking forward to seeing how it'll work.