Does Vanilla v2.1 require allow_url_fopen enabled?

MasterOne

During our hunt for the 2.1 View Count Won't Increment error at one point during testing with logging enabled I got the following DebugLog entries:

    19 May 2014 - 09:30:15 TESTINSTALLATION Garden Exception: file_get_contents() [<a
    href='function.file-get-contents'>function.file-get-contents</a>]: http:// wrapper is
    disabled in the server configuration by allow_url_fopen=0 in /usr/www/users/TESTACCOUNT
    /TESTINSTALLATION/applications/dashboard/controllers/class.utilitycontroller.php on 47819 May
    2014 - 09:30:15 TESTINSTALLATION Garden #0 [internal function]: Gdn_ErrorHandler(2,
    'file_get_conten...', '/usr/www/users/...', 478, Array)19 May 2014 - 09:30:15
    TESTINSTALLATION Garden #1 /usr/www/users/TESTACCOUNT/TESTINSTALLATION/applications
    /dashboard/controllers/class.utilitycontroller.php(478): file_get_contents('http:/
    /vanillaf...')19 May 2014 - 09:30:15 TESTINSTALLATION Garden #2 [internal function]:
    UtilityController->GetFeed('news', '4', 'extended')19 May 2014 - 09:30:15 TESTINSTALLATION
    Garden #3 /usr/www/users/TESTACCOUNT/TESTINSTALLATION/library/core/class.dispatcher.ph
    p(350): call_user_func_array(Array, Array)19 May 2014 - 09:30:15 TESTINSTALLATION Garden
    #4 /usr/www/users/TESTACCOUNT/TESTINSTALLATION/index.php(46): Gdn_Dispatcher->Dispatch()19
    May 2014 - 09:30:15 TESTINSTALLATION Garden #5 {main}19 May 2014 - 09:30:16
    TESTINSTALLATION Garden Exception: file_get_contents() [<a href='function.file-get
    -contents'>function.file-get-contents</a>]: http:// wrapper is disabled in the server
    configuration by allow_url_fopen=0 in /usr/www/users/TESTACCOUNT/TESTINSTALLATION
    /applications/dashboard/controllers/class.utilitycontroller.php on 47819 May 2014 - 09:30:16
    TESTINSTALLATION Garden #0 [internal function]: Gdn_ErrorHandler(2, 'file_get_conten...',
    '/usr/www/users/...', 478, Array)19 May 2014 - 09:30:16 TESTINSTALLATION Garden #1 /usr
    /www/users/TESTACCOUNT/TESTINSTALLATION/applications/dashboard/controllers
    /class.utilitycontroller.php(478): file_get_contents('http://vanillaf...')19 May 2014 -
    09:30:16 TESTINSTALLATION Garden #2 [internal function]: UtilityController->GetFee
    d('announce', '2', 'extended')19 May 2014 - 09:30:16 TESTINSTALLATION Garden #3 /usr/www
    /users/TESTACCOUNT/TESTINSTALLATION/library/core/class.dispatcher.php(350):
    call_user_func_array(Array, Array)19 May 2014 - 09:30:16 TESTINSTALLATION Garden #4 /usr
    /www/users/TESTACCOUNT/TESTINSTALLATION/index.php(46): Gdn_Dispatcher->Dispatch()19 May 2014
    - 09:30:16 TESTINSTALLATION Garden #5 {main}19 May 2014 - 09:31:05: [Garden] /usr/www
    /users/TESTACCOUNT/TESTINSTALLATION/plugins/Tester/default.php, 14, Object.Method(), log
    message does work from the tester plugin

What is this with allow_url_fopen? Does Vanilla need it? I just checked, it was disabled in my hoster's PHP configuration by default, as is allow_url_include, which is the recommended setting due to security concerns.

I had allow_url_fopen enabled on our old server, so I have enabled it on our new server as well, but I'd rather switch it off if not really required.

vrijvlinder

please read this

http://www.php.net/manual/en/filesystem.configuration.php

vrijvlinder

Add this file and run it to see your php info

peregrine

I think he wants to know the security aspect of it. he knows how to add it.

in any event you might want to consider making your log file more readable.

suggestions for line breaks, etc. I thought i filed this in November 2013. nothing happened though. Apparently I only mentioned someone. So i filed it on github as well.

https://github.com/vanilla/vanilla/issues/1931

http://vanillaforums.org/discussion/comment/196492/#Comment_196492

MasterOne

@vrijvlinder‌, yes, @peregrine‌ is right, it's not about how to activate that option in PHP config, but if Vanilla really needs that option enabled.

@R_J‌ mentioned the following in the other discussion:

@R_J said:
At least it is used several times in the core as well as in some plugins. You could replace it with a curl workaround like it is shown here http://snipplr.com/view/4084

But then you have to have curl enabled. I do not know if one of these options is better or if there even is another option.

What I've read about allow_url_fopen isn't conclusive. One one hand it's supposed to be good webmaster practice to keep it disabled due to a possible security risk, on the other hand the default state seems to be "enabled" according to the PHP documentation.

peregrine

but if Vanilla really needs that option enabled.

Q. well do you get news feeds in the dashboard. if it is disabled.

l

 * Grab a feed from the mothership.
    *
    * @since 2.0.?
    * @access public
    * @param string $Type Type of feed.
    * @param int $Length Number of items to get.
    * @param string $FeedFormat How we want it (valid formats are 'normal' or 'sexy'. OK, not really).
    */
    public function GetFeed($Type = 'news', $Length = 5, $FeedFormat = 'normal') {
        echo file_get_contents('http://vanillaforums.org/vforg/home/getfeed/'.$Type.'/'.$Length.'/'.$FeedFormat.'/?DeliveryType=VIEW');
        $this->DeliveryType(DELIVERY_TYPE_NONE);
      $this->Render();
    }

e.g. when you click on dashboard do you see this

Blog Posts By Vanilla Forums
ForumCon: An Event for Forum Owners
May 13

We are delighted to announce that we are sponsors of this year’s ForumCon, being held on June 19th in San Francisco. If you haven’t heard of ForumCon before, then we’re doubly excited to share the news. ForumCon is the only event dedicated to the future and business of forums and online communities, providing a platform Read more...
Off Topic Section: Pitfalls and Problems
May 8

In my previous article I extolled the virtues of chat (or off-topic) forum categories. Now it’s time to talk about some of the pitfalls and problems you can expect. I feel like I should preface this by saying that chat forums are, in my opinion, absolutely worth the hassle. They are a hassle though, there’s Read more...
How to Implement an Off Topic Section in Your Community
May 6

Most people who start a community have a particular topic in mind. Whether it’s devoted to bikes, turtles, magic hats, trains, buckets, ghosts, ninjas, terrapins, hiking, firearms, trucks, BBQ, skeletons or giving tips to pad out your word count in articles; a community needs a starting point. If it doesn’t, interested parties won’t have a Read more...
When Bad Things Happen: How A Forum Can Help
May 1

All technology-based services (cloud software, online games, cell phones) suffer unplanned outages from time to time. While there are always plans in place to avoid such issues, when it happens, you want to make sure your brand-to-customer conversations continue to shine. When catastrophe happens, your blog and social media accounts are great at pushing out Read more... 

MasterOne

@peregrine, you are right, news feeds work with allow_url_fopen enabled, and when I disable it I get the error message Failed to load news feed.

peregrine

there are a few other things that need it as well

if you grep for file_get_contents

you will see it is called in a few places.

MasterOne

Well, so no doubt any more to keep it enabled. Thanks a lot, @peregrine.