[nycphp-talk] allow_url_fopen (was: parse file, return as string)
George Schlossnagle
george at omniti.com
Thu Aug 19 15:35:00 EDT 2004
On Aug 19, 2004, at 3:24 PM, David Mintz wrote:
>>
> I realize that's what the docs say, yet interestingly enough, I can
> ini_set this value on at least one of the hosts I use.
>
> <?php
> echo "Current value: " ;
> echo ini_get('allow_url_fopen') ? 'enabled' : 'disabled' ;
> ini_set('allow_url_fopen',1);
> echo " ....and now: ";
> echo ini_get('allow_url_fopen') ? 'enabled' : 'disabled' ;
> phpinfo();
> ?>
>
> Ouput:
>
> Current value: disabled ....now: enabled
>
> Followed by our phpinfo which says allow_url_fopen: master value off,
> local value on. (PHP 4.3.4 running as an Apache 1.3.29 module)
Your clients are running a version 4 point releases and nearly a year
old. You should upgrade, for the sake of this security issue as well
as others.
George
p.s. the issue you describe was fixed in 4.3.5, over half a year ago.
More information about the talk
mailing list