Why is allow_url_fopen disabled?

The PHP parameter allow_url_fopen has been disabled in PHP across our web hosting services as a security measure.

When enabled, allow_url_fopen allows PHP's file functions to retrieve data from remote locations such as an FTP server or website which can lead to code injection vulnerabilities. Typically these code injection vulnerabilities occur from improper input filtering when passing user-provided data to PHP functions. Disabling this function helps considerably in stopping your site from being compromised, as well as help prevent the unauthorised use of our servers for abusive or malicious purposes.

  • 4 Users Found This Useful
Was this answer helpful?

Related Articles

What is the path to Perl?

The path to Perl on our servers is: /usr/bin/perl

Can I run PHP scripts anywhere on my web space?

You can run PHP scripts anywhere on your web space with the exception of the "cgi-bin".

What is PHP's open_basedir restriction?

We have a security measure in place in PHP on all servers called "open_basedir". This is where...

CGI Installation and Server Paths

NOTE: These are general guidelines for installing Perl Scripts. Refer to the readme file that...

How do I parse PHP in HTML pages?

If you wish parse PHP in your HTML pages you need to add the following line you the .htaccess...