I have a couple of Protector module security advisories I am not sure how to resolve.

ITEM 1
'allow_url_fopen' : on Not secure
This setting allows attackers to execute arbitrary scripts on remote servers.
Only administrator can change this option.
If you are an admin, edit php.ini or httpd.conf.
Sample of httpd.conf:
php_admin_flag allow_url_fopen off
Else, claim it to your administrators.

I edited my php.ini (php5.1.6) I found allow_url_fopen and turned it OFF but I do not have an entry for php_admin_flag and the security advisory still reports this as Not Secure


ITEM 2
'mainfile.php' : missing precheck Not secure
You should edit your mainfile.php like written in README.

The instructions do not say where to paste the code in the mailfile.php and if the code brackets should be included. I tried it without the code brackets and got an error and had to use the rescue.php to get back in.


After XOOPS Protector is installed, edit your mainfile.php like this:


Thanks - technobia

if u turned it off in php.ini then you have to restart the apache service or IIS server for the changes to take effect.

php_admin_flag is a command used in .htaccess files only.. if u edit php.ini directly there's no need to add it to htaccess etc

unless you're using a php.ini file on your server under CGI mode, then that means you need to place that same file in every folder you want protected.

as for editing mainfile, the answer is above in your post.. edit mainfile as it states adding the lines in red where they are shown in the example.