• From: Vancouver BC
  • Registered: 2004-11-25
  • Posts: 7

Topic: "Warning: main(): URL file-access is disabled..."

"Warning: main(): URL file-access is disabled in the server configuration in /home/gccbfm/www/www/en/news/bb/incBbRecentPosts.php on line 3"

This is the error I got when I went to a site I recently put together ( www.gccbfm.org ).
The following is my exchange with the webhost online support after I enquired about server config changes:

my post:
"Has there been a server configuration change? This site was working fine last time I checked but I am getting this error now:

"Warning: main(): URL file-access is disabled in the server configuration in /home/gccbfm/www/www/en/news/bb/incBbRecentPosts.php on line 3"

The punBB (www.punbb.org) template file in the includes directory is used to customize the bb and any include files used must be kept in the root directory of the bb and included on the template using punBB custom tags (<pun_include "fileName.php">). In order to call recent posts, the bb uses a php file called 'extern.php' . That file requires actions appended to it though, so you end up with '...extern.php?action=online' or '...extern.php?action=new' etc. So, an absolute url is required in the include file to have a 'recent posts' box on other pages in the site.
Please help..."

The response from www.icdsoft.com tech support:
"The Zend Optimizer has been upgraded today, and url file opening has been disabled due to recent exploits, found in the PHP. You can enable this for your site by placing a php.ini file in the folder where your script resides with these lines in it:

allow_url_fopen=On
register_globals=On

See http://www.radwin.org/michael/blog/2003 … ample.html for an in-depth discussion of the issue.

If you need more information, do not hesitate to contact us again."

I did place the ini file in the directory and the error has gone away, but is this something that I should be worried about from a security stand point?
Thanks,

  • From: 127.0.0.1
  • Registered: 2001-11-02
  • Posts: 9,167

Re: "Warning: main(): URL file-access is disabled..."

No, I don't believe you should worry about that. However, you do not have to enable register_globals in order for PunBB to work. I recommend that you disable it unless you have other scripts that require it.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Rickard's Website

  • From: Vancouver BC
  • Registered: 2004-11-25
  • Posts: 7

Re: "Warning: main(): URL file-access is disabled..."

Will do, thanks!

  • Registered: 2004-08-16
  • Posts: 577

Re: "Warning: main(): URL file-access is disabled..."

Rickard wrote:

I recommend that you disable it unless you have other scripts that require it.

Why is it that everyone says to disable register_globals? I know I need to fix it, but my game needs it on to run.

Indocron
$theQuestion = (2*b) || !(2*b);
  • Connorhd
  • Connorhd
  • Former PunBB Developer
  • Offline
  • From: Leeds, UK
  • Registered: 2004-06-13
  • Posts: 4,195

Re: "Warning: main(): URL file-access is disabled..."

because say you get data from a cookie with just $username all they have to do it open the url with ?username=admin and the game thinks their username is admin, just a simple example

FluxBB.
Connorhd.co.uk.

Connorhd's Website

  • Frank H
  • Former PunBB Developer
  • Offline
  • Registered: 2003-03-16
  • Posts: 1,423

Re: "Warning: main(): URL file-access is disabled..."

same for GET and POST variables ... so you have at least 3 ways to get variables to the server, and if the order of those are in a way you don't want (like cookie, Get, post ... and you use something in get or cookie, a user submitting a variable through post will override the other two)