Why is allow_url_fopen disabled? Print

  • 0

The PHP parameter allow_url_fopen is disabled by default in our PHP environment.

If enabled, allow_url_fopen allows PHP's file functions to retrieve data from remote locations such as an FTP server or web site, and could lead to code injection vulnerabilities. Typically, these code injection vulnerabilities occur from improper input filtering when passing user-provided data to PHP functions. Disabling this function will help considerably in stopping your site(s) from being compromised, as well as help thwart the unauthorized use of our servers for abusive or malicious purposes.

We would highly suggest further researching and examining aspects of your site's code that depend on this functionality. There are many safer methods to accomplish the same desired results without this possible security issue.

  • Use a relative path to the file stored locally.
  • Using the PHP environment variable $_SERVER['DOCUMENT_ROOT'], which returns the absolute path to the web root directory.
  • cURL is another method that could be used. (This method is beyond the scope of this article. For more information, please see: http://php.net/manual/en/book.curl.php.)

If this software was obtained from a third-party, we suggest contacting their developer. These developers can usually be contacted via forums, email or other methods.

If you still need allow_url_fopen enabled, you can do so by following these steps:

1. Log into your Action Global Cloud Billing Portal by going to https://www.wsigenesis.com and click Login

2. Navigate to Services > My Services

3. A list of your services will be displayed including hosting plan type, domain name, price, billing cycle, next due date, and status

4. Click on the service you wish to access

5. Click Open control panel

6. Ensure the desired website is selected on the Subscription drop down list located on top right

7. Navigate to Websites

8. Click on the down arrow to show all available features

9. Click PHP Settings

10. Find allow_url_fopen and change to on

11. Click OK


Byla tato odpověď nápomocná?

<< Zpět