[nycphp-talk] allow_url_fopen
inforequest
sm11szw02 at sneakemail.com
Fri Aug 20 14:32:53 EDT 2004
That's funny. Pear is hosted on Pair, no?
David Mintz dmintz-at-davidmintz.org |nyphp 04/2004| wrote:
>On Thu, 19 Aug 2004, George Schlossnagle wrote:
>
>
>>>Ouput:
>>>
>>>Current value: disabled ....now: enabled
>>>
>>>Followed by our phpinfo which says allow_url_fopen: master value off,
>>>local value on. (PHP 4.3.4 running as an Apache 1.3.29 module)
>>>
>>>
>>Your clients are running a version 4 point releases and nearly a year
>>old. You should upgrade, for the sake of this security issue as well
>>as others.
>>
>>George
>>
>>p.s. the issue you describe was fixed in 4.3.5, over half a year ago.
>>
>>
>
>
>Oh my. Thanks for the enlightenment. I think these guys (pair Networks)
>are running the version they're running for reasons of their own other
>than laziness/cluelessness, but who knows.
>
>Their customer newsletter recently said, hey, we are now setting
>allow_url_fopen = off in our php.ini (because of all the carelessly
>written stuff that had been hacked on their servers), so if you need it,
>you better ini_set() it yourself.
>
>I guess whenever they do upgrade, and if they do keep that setting, I can
>either run in CGI mode and write my own damn php.ini, or use cURL. Or...
>what would you suggest, if you need to go out and fetch a web page
>somewhere once in a while?
>
>Oops, reading again I see: "you should upgrade." Maybe I'll try compiling
>my own 4.3.8 and using CGI mode.
>
>
>---
>David Mintz
>http://davidmintz.org/
>
> "Anybody else got a problem with Webistics?" -- Sopranos 24:17
>_______________________________________________
>New York PHP Talk
>Supporting AMP Technology (Apache/MySQL/PHP)
>http://lists.nyphp.org/mailman/listinfo/talk
>http://www.newyorkphp.org
>
>
>
--
CONSERVATIVE, n. A statesman who is enamored of existing evils, as distinguished from the Liberal, who wishes to replace them with others.Ambrose Bierce
More information about the talk
mailing list