Kyle F Posted September 27, 2012 Posted September 27, 2012 Hey guys.... Should these PHP functions be disabled with an IP.Board forum?show_source, system, shell_exec, passthru, phpinfo, popen, proc_open, allow_url_fopen
Dmacleo Posted September 27, 2012 Posted September 27, 2012 support told me they THINK allow_url_fopen is needed.
Kyle F Posted September 27, 2012 Author Posted September 27, 2012 OK, I will remove that from the Disabled PHP Functions in my php.ini file, thanks Dmacleo.
Dmacleo Posted September 27, 2012 Posted September 27, 2012 I never was able to prove it was needed or not needed though, I expect if needed it would be something in downloads or cdn settings,
TSP Posted September 27, 2012 Posted September 27, 2012 support told me they THINK allow_url_fopen is needed. I can't find any mention of either allow_url_fopen or allow_url_include in the files. allow_url_fopen is turned off by default on mediatemple-servers for example, so I know that IPB doesn't require it atleast.
Dmacleo Posted September 27, 2012 Posted September 27, 2012 do you have all the addons? if so thats decent indication not needed.
Kyle F Posted September 27, 2012 Author Posted September 27, 2012 I have removed it, and re-uploaded the php.ini file back to my server with "allow_url_fopen" removed from disabled functions. For some reason I get a driver error when uploading a file to downloads. :blink:Latest SQL Error Today (Today, 09:35 PM) ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Date: Thu, 27 Sep 2012 20:35:12 +0000 Error: 1153 - Got a packet bigger than 'max_allowed_packet' bytes IP Address: - /forums/index.php? ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- mySQL query error: INSERT INTO downloads_filestorage (`storage_file`,`storage_ss`,`storage_thumb`) VALUES('UEsDBBQAAgAIANCLsC7dx5C+tQIAAJMGAAANAAAAUmVhZE1lTk9XLnR4dL1US2/iMBC+I/EfRpzaCiJx7Q1RFlVaAWqhu9pLZewJsZrYke000F+/M3ZogX1oD6vmlMTz+B4znjthFKwLzANMmmBv4UlLhKkOh35vMHeiLrSEqXWuqYO2Br7o/aDf6/dGn/H0ezc3N7Dx6Dy0hYW7JSyWayjEK0IotAf5AWwxm93FU1HX5SEd1yLIAqjGp+Ht96bWBDTB3wJ//dA15LpEGLCuEc/zeJy96XpA4E0Q2mizS7GjqD1L/7w6BuIe+eABhapwsfyWhX2Aq0iOy15z3r3xQZSliDJcMk2FN+atA5KlHyTrcrW+Xy4mX/m9Ei8IghDVB7A5HGzjwDq900aUMF9PRk/TbPZ9lqhc5c5WJDCC0g5lsO4QvygLdMKCCuZ/nqwh5NaRoWiSTdr7BiFS2lNmq0NBYJTTr+igqZUIOASuxh1a25QKSk2AgwWHFBP4jRG8Q6afntS47tg+BkFBv1U366Sf5IGayVLLFzIEDJLOoaWMIWydbX3sFnX5J4on0lydK0W0HZ5q6tBrhf46MowAYvcjMCrfzXGryxJkgRTA+nHZmpLRUE8yjb95H6jPpWUZ3KfzVCjXRnlqB40ZVVbpXDOZ95Qhh3bWRMNj4y12VihWohMYxtl4CJbiXatJI2NTC5ZQUgMrZeOOTKaRm49eUIktklcRVapLZKxE788d+SgXs3GvO2X6PVbGGtr1CFIWwuwI3PZs9+nlRIuWLrP4r6l3TqhfqKS6j3y97ESF0RGPIXB/bkKikXdSOMeKkQmtcN28EvM4xj47gkvzzN1IiM1i9LhZrZYPa7qlOr6hEOHoGOG15WFHME6utBhQCE9SkR --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------. | File | Function | Line No. | |----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------| | amministrazione/applications_addon/ips/downloads/sources/storage/database.php| [db_main_mysql].insert | 70 | '----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------' | amministrazione/applications_addon/ips/downloads/modules_public/post/submit.php| [databaseStorageEngine].store | 1033 | '----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------' | amministrazione/applications_addon/ips/downloads/modules_public/post/submit.php| [public_downloads_post_submit]._mainSave | 138 | '----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------' | amministrazione/sources/base/ipsController.php | [public_downloads_post_submit].doExecute | 306 | '----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------'I could not paste it all, because it said "CONTENT_TOO_LONG". :lol:
Dmacleo Posted September 27, 2012 Posted September 27, 2012 isn't it either a compile with it and leave it allow_url_fopen = On or disabled OR compile w/o it? IOW if compiled with it it needs one of the 2 statements?
Kyle F Posted September 27, 2012 Author Posted September 27, 2012 Fixed. Changed to upload files to server instead of to the database. When I choose to share via Twitter it says "Action Failed" in a popup JS box though... :ph34r:
Grumpy Posted September 29, 2012 Posted September 29, 2012 phpinfo is needed if you want to use that diagnotistic tool in acp. But, allow_url_fopen shouldn't be necessary...
Dmacleo Posted September 30, 2012 Posted September 30, 2012 tapatalk and forum runner will fail with fopen turned off.
Gary. Posted October 1, 2012 Posted October 1, 2012 I would disable it if your playing with your own scripts, Its used to fopen files from remote places, so if you had a script what had a flaw they can use a code to remote it from your own site rather thann using your server. I would say if your using nothing but IPB then disable it, Its better off rather than on
Kyle F Posted October 1, 2012 Author Posted October 1, 2012 I would disable it if your playing with your own scripts, Its used to fopen files from remote places, so if you had a script what had a flaw they can use a code to remote it from your own site rather thann using your server. I would say if your using nothing but IPB then disable it, Its better off rather than onTrue...very true. I am hosting 2 friends on my dedicated server aswell as my own site.
Dmacleo Posted October 2, 2012 Posted October 2, 2012 waiting on answer from tapatalk as to why they seem to need it. turn off, tapatalk users cannot login. turn on they can. reading topics works fine either way, only login function issue. tested 2 boards multiple times today and the effects are instant. would post same question at forumrunner but why bother... it is troubling to me. wondering if they use it for their hybrid (for lack of better term) attachment system.
Gary. Posted October 2, 2012 Posted October 2, 2012 Just enable it on there domain only by giving them there own php.ini file but make sure you have set in the apache that users cannot overide the php.ini.
Dmacleo Posted October 2, 2012 Posted October 2, 2012 all domains are mine on the dedicated so its not huge issue for me, would like to not have to have it on though.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.