1
Tandy
Do I have to be concerned about this?
  • 2005/3/21 13:47

  • Tandy

  • Not too shy to talk

  • Posts: 110

  • Since: 2003/8/11


Quote:
We apologize for any inconvenience we may have caused. We were initially hasty when we
announced that allow_url_fopen would be turned off immediately as many of your websites
(many more than we had anticipated) rely on it for their functionality . The security issue for
our servers is still severe and we will still be turning off the allow_url_fopen option soon, but
anyone who is currently relying on it will have some time to make the necessary code changes.
This will be your only announcement regarding this and you must make any necessary code
changes before the deadline.

The deadline for any PHP code changes is March 29, 2005. We will be turning off the
allow_url_fopen option shortly after that date.


I have a number of websites on Dreamhost, who issued this statement. Is this going to morph into a major pain in the ass for me, as all sites on Dreamhost are XOOPS sites?

Shoot. Of course they are all XOOPS sites.

2
tjnemez
Re: Do I have to be concerned about this?
  • 2005/3/21 14:49

  • tjnemez

  • Home away from home

  • Posts: 1594

  • Since: 2003/9/21


i am using gi joe's protector module on my site and it was recommended that allow_url_fopen be set to off. my host turned it off for me and it has had no effect on my site other than making it more secure - as far as i know.

3
Tandy
Re: Do I have to be concerned about this?
  • 2005/3/21 14:55

  • Tandy

  • Not too shy to talk

  • Posts: 110

  • Since: 2003/8/11


Gotcha. Ok, that is helpful information. It appears that XOOPS does not rely on that for any fundimental function.

4
JMorris
Re: Do I have to be concerned about this?
  • 2005/3/21 17:17

  • JMorris

  • XOOPS is my life!

  • Posts: 2722

  • Since: 2004/4/11


XOOPS itself does not rely on allow_url_fopen, but some third-party modules do; just like some require register_globals to be on. This, of course, is shut off as well with many hosting providers.

The only time I've found turning allow_url_fopen to off a problem has been with custom blocks for some advertisements or displaying content from a page hosted on another server. The easy workaround for this is the use of iframes.

As far as core functionality with XOOPS or any of the higher quality modules, turning allow_url_fopen and register_globals to off presents no problems whatsoever.

Login

Who's Online

256 user(s) are online (179 user(s) are browsing Support Forums)


Members: 0


Guests: 256


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits