Allow url fopen Has been turned off
Posted: Mon May 01, 2006 1:37 pmThe allow_url_fopen is now set to off on all our servers to increase security.
allow_url_fopen allows a programmer to open/include a remote file using a url rather than a local file path.
You can still use this function in the form of cURL library.
Many programmers include files by pointing to remote url, even if the file is on the local system.
For example:
<?php include("http://example.com/includes/example_include.php"); ?>
With allow_url_fopen set to Off, this method will no longer work. Instead, the file must be included with the local path by doing either one the following three methods:
1. Using relative path, such as ../includes/example_include.php
2. Using absolute path, such as /home/username/public_html/includes/exampe_include.php
3. Using PHP environment variable $_SERVER['DOCUMENT_ROOT'], which returns the absolute path to the web root directory.
For example:
<?php include($_SERVER['DOCUMENT_ROOT']."/includes/example_include.php"); ?>
Passing Variables to an include file:
It is worth mentioning that the alternative solutions presented here will result in a difference in the way the include() function is handled. The alternative solutions all return the PHP code from the included page; however, the now-unavailable remote URL method returns the result from the included page. One result of this behavior is that you cannot pass a querystring using the alternative solutions. You define the variables locally before performing the include.
For example:
<?php include("http://example.com/includes/example_include.php?var=example"); ?>
must be changed to:
<?php
$var = "example";
include($_SERVER['DOCUMENT_ROOT']."/includes/example_include.php");
?>
For maximum flexibility when using multiple includes, it's easier to create a variable:
<?php
$doc_root = $_SERVER['DOCUMENT_ROOT'];
include("$doc_root/includes/example_include.php");
include("$doc_root/includes/example_include2.php");
include("$doc_root/includes/example_include3.php");
include("$doc_root/includes/example_include4.php");
?>
Note: The technique works in the same way, regardless of whether you are using include() or require().
allow_url_fopen allows a programmer to open/include a remote file using a url rather than a local file path.
You can still use this function in the form of cURL library.
Many programmers include files by pointing to remote url, even if the file is on the local system.
For example:
<?php include("http://example.com/includes/example_include.php"); ?>
With allow_url_fopen set to Off, this method will no longer work. Instead, the file must be included with the local path by doing either one the following three methods:
1. Using relative path, such as ../includes/example_include.php
2. Using absolute path, such as /home/username/public_html/includes/exampe_include.php
3. Using PHP environment variable $_SERVER['DOCUMENT_ROOT'], which returns the absolute path to the web root directory.
For example:
<?php include($_SERVER['DOCUMENT_ROOT']."/includes/example_include.php"); ?>
Passing Variables to an include file:
It is worth mentioning that the alternative solutions presented here will result in a difference in the way the include() function is handled. The alternative solutions all return the PHP code from the included page; however, the now-unavailable remote URL method returns the result from the included page. One result of this behavior is that you cannot pass a querystring using the alternative solutions. You define the variables locally before performing the include.
For example:
<?php include("http://example.com/includes/example_include.php?var=example"); ?>
must be changed to:
<?php
$var = "example";
include($_SERVER['DOCUMENT_ROOT']."/includes/example_include.php");
?>
For maximum flexibility when using multiple includes, it's easier to create a variable:
<?php
$doc_root = $_SERVER['DOCUMENT_ROOT'];
include("$doc_root/includes/example_include.php");
include("$doc_root/includes/example_include2.php");
include("$doc_root/includes/example_include3.php");
include("$doc_root/includes/example_include4.php");
?>
Note: The technique works in the same way, regardless of whether you are using include() or require().