fopen() has been disabled for security reasons (5 posts)

  1. LaurenceB
    Posted 9 years ago #


    Sorry in advance for the long post.

    My web host company said they did this:
    We have disabled the allow_url_fopen PHP config variable in php.ini. The effect of this is that files residing on foreign webservers cannot be opened as if they are files residing on our webserver.

    An example of this is the fopen command. The fopen command opens a file so it can be read from or written to. Normally you would call it like this:

    fopen("fun.txt", "r");

    That would open fun.txt on our server. However, prior to disabling allow_url_fopen, it could also be called like this:

    fopen("http://www.foreignwebsite.com/maliciouscode.txt", "r");

    Disabling this makes us more secure as malicious code residing on foreign webservers can't be inserted into an insecure PHP document on our server.

    I have upgraded to WordPress 2.1.2 and still get the error below when trying to edit any theme (the default, another one i downloaded) on my site - by the way I am in Australia and so is my host company.

    There are two errors:
    Warning: fopen() has been disabled for security reasons in /home/laurence/public_html/wordpress/wp-admin/theme-editor.php on line 73

    Warning: fread(): supplied argument is not a valid stream resource in /home/laurence/public_html/wordpress/wp-admin/theme-editor.php on line 74

    In reponse to my help desk query, the web host company says:
    To edit your site you really should not need fopen !
    All other WordPress sites are working fine on our servers.

    So what am I to do? Is there another setting in WordPress I have missed, is this a web host company issue or mine?

    I'm not really up with PHP so I'm not sure what my next course of action should be.

    Can someone please advise me?


  2. whooami
    Posted 9 years ago #

    what you do is download the theme file you want to edit, make the change in a text editor, save the changed file, and upload it.

  3. TimoK
    Posted 9 years ago #

    Umm, judging from your error messages your Host has not only disabled allow_url_fopen, but fopen completely (in the php.ini, see php.net/features.safe-mode). Either get them to enable fopen for local files again or find a better host. Personally I would opt for the latter, if only for the reason that they either are clueless about PHP or lie to there customers about how they configured PHP.

  4. JohnA
    Posted 9 years ago #

    Find a better host. There are hundreds out there that welcome WordPress installations.

  5. whooami
    Posted 9 years ago #

    disallowing fopen doesnt mean a host isnt wordpress friendly. It means they're security conscious.

    the fact that a user cant edit a theme in the backend is hardly an earth shattering event, and doesnt break any WP installation that I know of.

Topic Closed

This topic has been closed to new replies.

About this Topic