| Re: [critical] hosting service turning off allow_url_fopen |
| by dejadingo on 2007/12/27 18:10:18 Thanks, especially to Will_H, for the doc pointers. It turns out that the only issue was the one I mentioned, and due to the fact that I used XoopsPartners as a base for my own site-links module. On to the next porting problem ... |
| Re: [critical] hosting service turning off allow_url_fopen |
| by vaughan on 2007/12/16 19:11:15 it is my understanding that if fopen is disabled in php, XOOPS defaults to using the snoopy.php class instead? or would modification be needed for modules that require fopen to use snoopy. but either way, it is best to use snoopy instead of enabling fopen. |
| Re: [critical] hosting service turning off allow_url_fopen |
| by Catzwolf on 2007/12/14 22:37:56 Why don't you just replace each fopen instance with 'cURL' instead? |
| Re: [critical] hosting service turning off allow_url_fopen |
| by Will_H on 2007/12/14 22:31:16 hhttp://phpsec.org/projects/guide/ probably be helpful. None the less its a good read. http://www.php.net You can start with your php version and see what exploits were found since your version was current. I imagine you are still using php4 |
| Re: [critical] hosting service turning off allow_url_fopen |
| by dejadingo on 2007/12/14 22:12:22 No, I don't intend to ask to have it turned back on, even if I could. And no, I don't expect a list of all the modules that once were vulnerable. I'm glad the XOOPS CORE is not a problem, and I am therefore concentrating on the modules. The list of vulnerable php functions is helpful in that search. Any other such functions someone cares to enumerate would be welcome. Thank you. |