Talk:Allow url fopen
From DreamHost
By disabling allow_url_fopen, DreamHost prevents bloggers from using at least two of WordPress' best plugins: WP Plugin Manager (and its One-Click Install feature) and Spam Karma (its blacklist updater). I'm sure there are more, but I've come to rely on these two.
dt:i missed the one click install so i changed it to use curl insted of fopen and Ive done the same to a few more plugins zipped in the link -> dt's hacked plugins --Dt 07:14, 7 Jun 2005 (PDT)
They also disabled the ability for a user to override their default setting.
For .htaccess, I've tried adding the following:
php_flag Allow_url_fopen On
I also tried creating a php.ini file in my root folder with the following:
allow_url_fopen = On
Neither worked. Does anyone have any other tricks in overriding DreamHost's allow_url_fopen settings?
You shouldn't be trying to get around the current setting - it has been disabled for security reasons. The alternative cURL library is far more secure and sophisticated, and it would be a much better idea to get the original authors to alter their code to work with allow_url_fopen disabled. -- Scjessey 07:53, 7 May 2005 (PDT)
Contents |
Overwrite possibility
I think they should allow a per user overwrite. I was thinking on moving to DreamHost, but I hate hosts that become limiting. Let me be the judge of what's good for me or not. Set it off as a default, but allow knowledgable users to overwrite.
I personally like complete .htaccess overwrite. --DavidCollantes 11:05, 3 Jun 2005 (PDT)
"I think they should allow a per user overwrite."
I have to disagree. Suppose a noob is running a canned script that requires allow_url_fopen to be enabled, and that canned script is poorly written, with security issues. The noob will ask, "how can I get URL file access?" Someone will tell the noob how to do it, and suddenly the security hole gets reopened - the server may become compromised, affecting us all. -- Scjessey 15:12, 3 Jun 2005 (PDT)
RSS Aggregator
I recently asked a Wordpress plugin creator if they intended to rewrite their RSS feed aggregator to address the issue a number of users were having with allow_url_fopen and he replied:
- "Give me a break. The plugin needs to open RSS feeds and read them if it is to aggregate them. To read feeds, it must have permission to open URLs. And,
allow_url_fopenis the permission to read URLs from the internet."
Ignoring this fellow's rather patronising tone, is there really no way to aggregate RSS feeds without allow_url_fopen? Does anyone know of a Wordpress plugin that can aggregate RSS feeds using cURL or somesuch?
-- Emme 12:31, 2 February 2006 (GMT)
There's no reason why "Wordpress plugin creator" can't use cURL. -- theraven 14:52, 27 March 2007 (GMT)
Not only is is possible, Emme, the alternative is better
When the change was first made, a number of my scripts broke -- but honestly, it was only a couple minute fix. Tell the extension developer to give -you- a break, fopen is not necessary to get remote files and is rather weak compared to curl.
Here's a php class I use to get remote files as strings -- feel free to pass it on to that developer.
class curl {
var $timeout;
var $url;
var $file_contents;
function getFile($url,$timeout=0) {
# use CURL library to fetch remote file
$ch = curl_init();
$this->url = $url;
$this->timeout = $timeout;
curl_setopt ($ch, CURLOPT_URL, $this->url);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $this->timeout);
$this->file_contents = curl_exec($ch);
if ( curl_getinfo($ch,CURLINFO_HTTP_CODE) !== 200 ) {
return('Bad Data File '.$this->url);
} else {
return $this->file_contents;
}
}
}
--Terrae 04:43, 2 Feb 2006 (PST)
PHP function getimagesize() ?
Okay I have read through the other stuff here.
I have figured out how to get the height and width of the image without getimagesize:
function dh_getimagesize($url) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
$result = curl_exec($ch);
$img = imagecreatefromstring($result);
$imagesize['width']= imagesx($img);
$imagesize['height']= imagesy($img);
imagedestroy($img);
return $imagesize;
}
Is there anyway to get the other parameters that the normal getimagesize function at http://php.net/getimagesize gets?
FastCGI and custom php.ini files
I will only say this. There is an easier way to enable allow_url_fopen than compiling php5 from scratch if you are using fastcgi. Check the fcgi script in the FastCGI and check php executable switches for a hint on this.
Please note that allow_url_fopen has been disabled for a reason. Alot of scripts fail to check the input and therefore leave vulnerabilities in the code. Only enable if you must. The php site states that it can only be changed within a php.ini file and cannot be altered within a script or a .htaccess file.
Shinji 09:45, 1 December 2007 (PST)
