Kyle F Posted September 27, 2012 Share Posted September 27, 2012 Hey guys.... Should these PHP functions be disabled with an IP.Board forum?show_source, system, shell_exec, passthru, phpinfo, popen, proc_open, allow_url_fopen Link to comment Share on other sites More sharing options...
Dmacleo Posted September 27, 2012 Share Posted September 27, 2012 support told me they THINK allow_url_fopen is needed. Link to comment Share on other sites More sharing options...
Kyle F Posted September 27, 2012 Author Share Posted September 27, 2012 OK, I will remove that from the Disabled PHP Functions in my php.ini file, thanks Dmacleo. Link to comment Share on other sites More sharing options...
Dmacleo Posted September 27, 2012 Share Posted September 27, 2012 I never was able to prove it was needed or not needed though, I expect if needed it would be something in downloads or cdn settings, Link to comment Share on other sites More sharing options...
TSP Posted September 27, 2012 Share Posted September 27, 2012 support told me they THINK allow_url_fopen is needed. I can't find any mention of either allow_url_fopen or allow_url_include in the files. allow_url_fopen is turned off by default on mediatemple-servers for example, so I know that IPB doesn't require it atleast. Link to comment Share on other sites More sharing options...
Dmacleo Posted September 27, 2012 Share Posted September 27, 2012 do you have all the addons? if so thats decent indication not needed. Link to comment Share on other sites More sharing options...
Kyle F Posted September 27, 2012 Author Share Posted September 27, 2012 I have removed it, and re-uploaded the php.ini file back to my server with "allow_url_fopen" removed from disabled functions. For some reason I get a driver error when uploading a file to downloads. :blink:Latest SQL Error Today (Today, 09:35 PM) ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Date: Thu, 27 Sep 2012 20:35:12 +0000 Error: 1153 - Got a packet bigger than 'max_allowed_packet' bytes IP Address: - /forums/index.php? ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- mySQL query error: INSERT INTO downloads_filestorage (`storage_file`,`storage_ss`,`storage_thumb`) VALUES('UEsDBBQAAgAIANCLsC7dx5C+tQIAAJMGAAANAAAAUmVhZE1lTk9XLnR4dL1US2/iMBC+I/EfRpzaCiJx7Q1RFlVaAWqhu9pLZewJsZrYke000F+/M3ZogX1oD6vmlMTz+B4znjthFKwLzANMmmBv4UlLhKkOh35vMHeiLrSEqXWuqYO2Br7o/aDf6/dGn/H0ezc3N7Dx6Dy0hYW7JSyWayjEK0IotAf5AWwxm93FU1HX5SEd1yLIAqjGp+Ht96bWBDTB3wJ//dA15LpEGLCuEc/zeJy96XpA4E0Q2mizS7GjqD1L/7w6BuIe+eABhapwsfyWhX2Aq0iOy15z3r3xQZSliDJcMk2FN+atA5KlHyTrcrW+Xy4mX/m9Ei8IghDVB7A5HGzjwDq900aUMF9PRk/TbPZ9lqhc5c5WJDCC0g5lsO4QvygLdMKCCuZ/nqwh5NaRoWiSTdr7BiFS2lNmq0NBYJTTr+igqZUIOASuxh1a25QKSk2AgwWHFBP4jRG8Q6afntS47tg+BkFBv1U366Sf5IGayVLLFzIEDJLOoaWMIWydbX3sFnX5J4on0lydK0W0HZ5q6tBrhf46MowAYvcjMCrfzXGryxJkgRTA+nHZmpLRUE8yjb95H6jPpWUZ3KfzVCjXRnlqB40ZVVbpXDOZ95Qhh3bWRMNj4y12VihWohMYxtl4CJbiXatJI2NTC5ZQUgMrZeOOTKaRm49eUIktklcRVapLZKxE788d+SgXs3GvO2X6PVbGGtr1CFIWwuwI3PZs9+nlRIuWLrP4r6l3TqhfqKS6j3y97ESF0RGPIXB/bkKikXdSOMeKkQmtcN28EvM4xj47gkvzzN1IiM1i9LhZrZYPa7qlOr6hEOHoGOG15WFHME6utBhQCE9SkR --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------. | File | Function | Line No. | |----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------| | amministrazione/applications_addon/ips/downloads/sources/storage/database.php| [db_main_mysql].insert | 70 | '----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------' | amministrazione/applications_addon/ips/downloads/modules_public/post/submit.php| [databaseStorageEngine].store | 1033 | '----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------' | amministrazione/applications_addon/ips/downloads/modules_public/post/submit.php| [public_downloads_post_submit]._mainSave | 138 | '----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------' | amministrazione/sources/base/ipsController.php | [public_downloads_post_submit].doExecute | 306 | '----------------------------------------------------------------------------+-------------------------------------------------------------------------------+-------------------'I could not paste it all, because it said "CONTENT_TOO_LONG". :lol: Link to comment Share on other sites More sharing options...
Dmacleo Posted September 27, 2012 Share Posted September 27, 2012 isn't it either a compile with it and leave it allow_url_fopen = On or disabled OR compile w/o it? IOW if compiled with it it needs one of the 2 statements? Link to comment Share on other sites More sharing options...
Kyle F Posted September 27, 2012 Author Share Posted September 27, 2012 Fixed. Changed to upload files to server instead of to the database. When I choose to share via Twitter it says "Action Failed" in a popup JS box though... :ph34r: Link to comment Share on other sites More sharing options...
Grumpy Posted September 29, 2012 Share Posted September 29, 2012 phpinfo is needed if you want to use that diagnotistic tool in acp. But, allow_url_fopen shouldn't be necessary... Link to comment Share on other sites More sharing options...
Dmacleo Posted September 30, 2012 Share Posted September 30, 2012 tapatalk and forum runner will fail with fopen turned off. Link to comment Share on other sites More sharing options...
Gary. Posted October 1, 2012 Share Posted October 1, 2012 I would disable it if your playing with your own scripts, Its used to fopen files from remote places, so if you had a script what had a flaw they can use a code to remote it from your own site rather thann using your server. I would say if your using nothing but IPB then disable it, Its better off rather than on Link to comment Share on other sites More sharing options...
Kyle F Posted October 1, 2012 Author Share Posted October 1, 2012 I would disable it if your playing with your own scripts, Its used to fopen files from remote places, so if you had a script what had a flaw they can use a code to remote it from your own site rather thann using your server. I would say if your using nothing but IPB then disable it, Its better off rather than onTrue...very true. I am hosting 2 friends on my dedicated server aswell as my own site. Link to comment Share on other sites More sharing options...
Dmacleo Posted October 2, 2012 Share Posted October 2, 2012 waiting on answer from tapatalk as to why they seem to need it. turn off, tapatalk users cannot login. turn on they can. reading topics works fine either way, only login function issue. tested 2 boards multiple times today and the effects are instant. would post same question at forumrunner but why bother... it is troubling to me. wondering if they use it for their hybrid (for lack of better term) attachment system. Link to comment Share on other sites More sharing options...
Gary. Posted October 2, 2012 Share Posted October 2, 2012 Just enable it on there domain only by giving them there own php.ini file but make sure you have set in the apache that users cannot overide the php.ini. Link to comment Share on other sites More sharing options...
Dmacleo Posted October 2, 2012 Share Posted October 2, 2012 all domains are mine on the dedicated so its not huge issue for me, would like to not have to have it on though. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.