Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: batosai on April 29, 2006, 08:21:48 PM

Title: Allow PHP scripts to open distant files
Post by: batosai on April 29, 2006, 08:21:48 PM

Hi,

If I try to get the content of a distant file in a PHP page with

Code: [Select]

file_get_contents("http://www.server.net/file.txt");
I get the folowing error :

Code: [Select]

Warning: file_get_contents(): URL file-access is disabled in the server configuration in /home/e-smith/files/ibays/Primary/html/test.php on line 3
The problem is the same if I use open() instead.

Do someone know how I can enable that feature on SME7 RC1 ?

Title: Allow PHP scripts to open distant files
Post by: dsemuk on April 30, 2006, 09:08:14 PM

The best place to post your request would be in the bug tracker, the developers will be able to see your question and help you if possible.

Dave

Title: Allow PHP scripts to open distant files
Post by: batosai on April 30, 2006, 11:47:58 PM

Ok, I was just asking in case of it was something to enable in SME's config.

Can someone with a bugzilla account submit it ? Or shall I create my own ?

Title: Allow PHP scripts to open distant files
Post by: JonB on May 04, 2006, 03:40:33 PM

batosi,

I gave you duff information.

It should be

Code: [Select]

# config setprop php AllowUrlFopen on
# expand-template /etc/php.ini
# service httpd-e-smith sigusr1


However this is a huge security risk. As Gordon pointed out look at using the "php_admin_flag" in httpd.conf for the Ibay in question.

Check out how it done for Horde in httpd.conf.

You will need to create a custom template.

Jon

Title: Allow PHP scripts to open distant files
Post by: batosai on May 04, 2006, 07:07:43 PM

That solution didn't work for me. The working on was in front of my eyes since the beginning, and in French !

http://sme-fr.homelinux.net/astuces.php?astuce=php_url_fopen

Code: [Select]

config php setprop AllowUrlFopen On
signal-event console-save

Title: Allow PHP scripts to open distant files
Post by: crazybob on May 05, 2006, 05:42:53 AM

A safer way is to set allowurlfopen on a per ibay basis

Quote

/sbin/e-smith/db accounts setprop <ibayname> PHPBaseDir /home/e-smith/files/ibays/<ibayname>/:/tmp
/sbin/e-smith/signal-event ibay-modify <ibayname>

from the trouble shooting FAQ

Bob

Title: Allow PHP scripts to open distant files
Post by: JonB on May 05, 2006, 04:40:22 PM

Crazybob,

Incorrect. They are two totally different parameters and have different actions.

Code: [Select]

allow_url_fopen

This option enables the URL-aware fopen wrappers that enable accessing URL object like files. Default wrappers are provided for the access of remote files using the ftp or http protocol, some extensions like zlib may register additional wrappers.



Code: [Select]

open_basedir

Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.

When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink.



Title: Allow PHP scripts to open distant files
Post by: crazybob on May 05, 2006, 05:16:23 PM

JonB,
 Sorry about that. I had the wrong thing in mind. Here is the way for allow_url_fopen.

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf

pico /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/99allow_url_fopen

<Directory /home/e-smith/files/ibays/ibay-name/html>
    php_admin_flag      allow_url_fopen on
</Directory>

Bob

/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf

apachectl restart

Title: Allow PHP scripts to open distant files
Post by: judgej on June 27, 2006, 03:11:41 PM

Quote from: "batosai"

That solution didn't work for me. The working on was in front of my eyes since the beginning, and in French !

http://sme-fr.homelinux.net/astuces.php?astuce=php_url_fopen

Code: [Select]

config php setprop AllowUrlFopen On
signal-event console-save

From SME 6.5, this is now:

Code: [Select]

db configuration setprop php AllowUrlFopen On
signal-event console-save

Title: Allow PHP scripts to open distant files
Post by: crazybob on June 27, 2006, 05:57:03 PM

I think I remember something about security concerns doing it that way. The way I did it it allows on a per i-bay basis, which was recommended to me.

Title: Allow PHP scripts to open distant files
Post by: judgej on June 27, 2006, 06:13:24 PM

Quote from: "crazybob"

I think I remember something about security concerns doing it that way. The way I did it it allows on a per i-bay basis, which was recommended to me.

Sure - your mileage will vary. It all depends on how you use the server, who has acecss to it, what applications are installed etc.

It would be great to see a range of checkboxes for each i-bay, enabling and disabling certain features. Options that are often asked for and could be enabled per i-bay:

- Webdav
- Remote fopen
- safe mode
- .htaccess over-ride levels

...any more?

I tend to find I need to go through the same sequence of procedures and custrom templates on each installation, just to run the same common set of applications.

-- JJ

Title: Allow PHP scripts to open distant files
Post by: crazybob on June 27, 2006, 06:58:59 PM

As long as you are looking to build a list,

open_basedir

Bob