Why is allow_url_fopen disabled?

The PHP parameter allow_url_fopen has been disabled in PHP across our web hosting services as a security measure.

When enabled, allow_url_fopen allows PHP's file functions to retrieve data from remote locations such as an FTP server or website which can lead to code injection vulnerabilities. Typically these code injection vulnerabilities occur from improper input filtering when passing user-provided data to PHP functions. Disabling this function helps considerably in stopping your site from being compromised, as well as help prevent the unauthorised use of our servers for abusive or malicious purposes.

  • 4 Users Found This Useful
Was this answer helpful?

Related Articles

Do you have any banned scripts?

Yes, for a number of reasons certain scripts and types of script are banned. It's extremely...

How do I use the Ioncube loaders?

The Ioncube loaders are installed and ready for use so you don't need to do anything to use them.

How do I parse PHP in HTML pages?

If you wish parse PHP in your HTML pages you need to add the following line you the .htaccess...

Do you know of any PHP resources?

An excellent resource for users of PHP is http://www.devshed.com/c/b/php/ They also have a nice...

How can I check whether a script available on the internet is insecure?

Using scripts in your account that are insecure (vulnerabilities unpatched) is very dangerous....