Recent Topics

1 Apr 04, 2008 20:43    

My b2evolution Version: 2.4.1

Hi there,
I hope I can explain this well enough.

In my admin-tools-system. I have this:

PHP allow_url_fopenOn
When enabled, this feature is known to facilitate hacking exploits in any PHP application.

b2evolution includes additional measures in order not to be affected by this. However, for maximum security, we still recommend disabling this PHP feature.

If possible, change this setting to allow_url_fopen = Off in your php.ini or ask your hosting provider about it.

PHP Magic QuotesOn (magic_quotes_gpc)
PHP is adding extra quotes to all inputs. This leads to unnecessary extra processing.
If possible, change this setting to magic_quotes_gpc = Off in your php.ini or ask your hosting provider about it.

I asked my host and got this reply:

None of thos esettings will affect the working of the software, although you can add lines to .htaccess file to manualy disable them if equired.

I tried adding:

allow_url_fopen = Off
magic_quotes_gpc = Off 

to my .htaccess file but it just returns an internal server error and 500 error page.

Did I add them correctly? is there an accessible php.ini file because I couldnt find one?

Any help appreciated.

2 Apr 05, 2008 02:51

This is what i did.
Open a text editor like notepad, paste in your codes:

allow_url_fopen = Off
magic_quotes_gpc = Off

save file as php.ini and upload to your blog directory... (note that some hosts require that you upload this file to a specified directory).

hope that works for you

3 Apr 05, 2008 06:28

Thank you, sounds nice and easy. I'll give that a go later today.

I wasn't sure if the php.ini was a b2e file or a hosts file.

4 Apr 05, 2008 16:14

I tried it, put the file in my blog directory (site root) no difference, then also tried it in a php folder elsewhere on my domain, still no difference.
I guess I'll have to go back and ask my hosts!!

5 Apr 06, 2008 02:00

Sim,

At least with GoDaddy, if you are using PHP 5, then the correct file is php5.ini and not php.ini

Good luck,

RocketDude

6 Apr 06, 2008 02:09

You may not be allowed to edit php.ini (your host would have mentioned that way I presume). In .htaccess put:

# set allow_url_fopen off
php_value allow_url_fopen 0

Good luck

Don't tell EdB. His new random comic generator needs url_fopen.

7 Apr 06, 2008 09:56

I got this reply from my hosts:

As per my previous email you DO NOT need those settings anyway it is not important for the operation of the software however a quick google search will help you add those lines in .htaccess.

php_value magic_quotes_gpc 0
php_value allow_url_fopen 0

These settings may not work as predicted I would post in the b2evolution forums for the correct settings we have the servers setup to allow the use of .htaccess overrides, try php4 and php5 via Cpanel to see which one works.

I tried putting

php_value magic_quotes_gpc 0
php_value allow_url_fopen 0

in my .htaccess and php.ini but with no luck. I tried changing from php5 to php4 but it was the same. I will try php5.ini etc, its worth a go.


Form is loading...