Koozali.org: home of the SME Server

Allow PHP scripts to open distant files

batosai

Allow PHP scripts to open distant files
« on: April 29, 2006, 08:21:48 PM »
Hi,

If I try to get the content of a distant file in a PHP page with
Code: [Select]
file_get_contents("http://www.server.net/file.txt");
I get the folowing error :
Code: [Select]
Warning: file_get_contents(): URL file-access is disabled in the server configuration in /home/e-smith/files/ibays/Primary/html/test.php on line 3
The problem is the same if I use open() instead.

Do someone know how I can enable that feature on SME7 RC1 ?

Offline dsemuk

  • ****
  • 269
  • +0/-0
Allow PHP scripts to open distant files
« Reply #1 on: April 30, 2006, 09:08:14 PM »
The best place to post your request would be in the bug tracker, the developers will be able to see your question and help you if possible.

Dave
--
Esmith/Mitel/SME server  :-D...

batosai

Allow PHP scripts to open distant files
« Reply #2 on: April 30, 2006, 11:47:58 PM »
Ok, I was just asking in case of it was something to enable in SME's config.

Can someone with a bugzilla account submit it ? Or shall I create my own ?

Offline JonB

  • *
  • 351
  • +0/-0
Allow PHP scripts to open distant files
« Reply #3 on: May 04, 2006, 03:40:33 PM »
batosi,

I gave you duff information.

It should be

Code: [Select]
# config setprop php AllowUrlFopen on
# expand-template /etc/php.ini
# service httpd-e-smith sigusr1


However this is a huge security risk. As Gordon pointed out look at using the "php_admin_flag" in httpd.conf for the Ibay in question.

Check out how it done for Horde in httpd.conf.

You will need to create a custom template.

Jon
...

batosai

Allow PHP scripts to open distant files
« Reply #4 on: May 04, 2006, 07:07:43 PM »
That solution didn't work for me. The working on was in front of my eyes since the beginning, and in French !

http://sme-fr.homelinux.net/astuces.php?astuce=php_url_fopen
Code: [Select]
config php setprop AllowUrlFopen On
signal-event console-save

Offline crazybob

  • ****
  • 894
  • +0/-0
    • Stalzer R&D
Allow PHP scripts to open distant files
« Reply #5 on: May 05, 2006, 05:42:53 AM »
A safer way is to set allowurlfopen on a per ibay basis
Quote
/sbin/e-smith/db accounts setprop <ibayname> PHPBaseDir /home/e-smith/files/ibays/<ibayname>/:/tmp
/sbin/e-smith/signal-event ibay-modify <ibayname>


from the trouble shooting FAQ

Bob
If you think you know whats going on, you obviously have no idea whats going on!

Offline JonB

  • *
  • 351
  • +0/-0
Allow PHP scripts to open distant files
« Reply #6 on: May 05, 2006, 04:40:22 PM »
Crazybob,

Incorrect. They are two totally different parameters and have different actions.


Code: [Select]
allow_url_fopen

This option enables the URL-aware fopen wrappers that enable accessing URL object like files. Default wrappers are provided for the access of remote files using the ftp or http protocol, some extensions like zlib may register additional wrappers.






Code: [Select]
open_basedir

Limit the files that can be opened by PHP to the specified directory-tree, including the file itself. This directive is NOT affected by whether Safe Mode is turned On or Off.

When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it. All symbolic links are resolved, so it's not possible to avoid this restriction with a symlink.

...

Offline crazybob

  • ****
  • 894
  • +0/-0
    • Stalzer R&D
Allow PHP scripts to open distant files
« Reply #7 on: May 05, 2006, 05:16:23 PM »
JonB,
 Sorry about that. I had the wrong thing in mind. Here is the way for allow_url_fopen.

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf

pico /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/99allow_url_fopen

<Directory /home/e-smith/files/ibays/ibay-name/html>
    php_admin_flag      allow_url_fopen on
</Directory>

Bob

/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf

apachectl restart
If you think you know whats going on, you obviously have no idea whats going on!

Offline judgej

  • *
  • 375
  • +0/-0
Allow PHP scripts to open distant files
« Reply #8 on: June 27, 2006, 03:11:41 PM »
Quote from: "batosai"
That solution didn't work for me. The working on was in front of my eyes since the beginning, and in French !

http://sme-fr.homelinux.net/astuces.php?astuce=php_url_fopen
Code: [Select]
config php setprop AllowUrlFopen On
signal-event console-save


From SME 6.5, this is now:

Code: [Select]
db configuration setprop php AllowUrlFopen On
signal-event console-save
-- Jason

Offline crazybob

  • ****
  • 894
  • +0/-0
    • Stalzer R&D
Allow PHP scripts to open distant files
« Reply #9 on: June 27, 2006, 05:57:03 PM »
I think I remember something about security concerns doing it that way. The way I did it it allows on a per i-bay basis, which was recommended to me.
If you think you know whats going on, you obviously have no idea whats going on!

Offline judgej

  • *
  • 375
  • +0/-0
Allow PHP scripts to open distant files
« Reply #10 on: June 27, 2006, 06:13:24 PM »
Quote from: "crazybob"
I think I remember something about security concerns doing it that way. The way I did it it allows on a per i-bay basis, which was recommended to me.


Sure - your mileage will vary. It all depends on how you use the server, who has acecss to it, what applications are installed etc.

It would be great to see a range of checkboxes for each i-bay, enabling and disabling certain features. Options that are often asked for and could be enabled per i-bay:

- Webdav
- Remote fopen
- safe mode
- .htaccess over-ride levels

...any more?

I tend to find I need to go through the same sequence of procedures and custrom templates on each installation, just to run the same common set of applications.

-- JJ
-- Jason

Offline crazybob

  • ****
  • 894
  • +0/-0
    • Stalzer R&D
Allow PHP scripts to open distant files
« Reply #11 on: June 27, 2006, 06:58:59 PM »
As long as you are looking to build a list,

open_basedir

Bob
If you think you know whats going on, you obviously have no idea whats going on!