Why is allow_url_fopen disabled?

The PHP parameter allow_url_fopen has been disabled in PHP across our web hosting services as a security measure.

When enabled, allow_url_fopen allows PHP's file functions to retrieve data from remote locations such as an FTP server or website which can lead to code injection vulnerabilities. Typically these code injection vulnerabilities occur from improper input filtering when passing user-provided data to PHP functions. Disabling this function helps considerably in stopping your site from being compromised, as well as help prevent the unauthorised use of our servers for abusive or malicious purposes.

  • 4 Users Found This Useful
Was this answer helpful?

Related Articles

Is NetPBM installed?

NetPBM is not installed in a central location on the server because ImageMagick can usually be...

What is the path to Sendmail?

The path to Sendmail on our servers is: /usr/sbin/sendmail

How do I test Python to make sure it is working for my account?

The following will allow you to create a test script to ensure Python is working on your account...

Is Zend Optimizer installed (for encoded scripts)?

Yes, we have Zend Optimizer installed on all our servers which allows all clients to use scripts...

CGI Installation and Server Paths

NOTE: These are general guidelines for installing Perl Scripts. Refer to the readme file that...