fopen() has been disabled for security reasons
« on: October 10, 2009, 11:51:10 PM »
Hello,

I am still under 2.9 because 3.0 refused to work on our server.
However, the script doesn't anymore update the sitemaps and rather return the following error.

Code: [Select]
Warning: fopen() has been disabled for security reasons in /home/XXXX/public_html/XXXXX/pages/class.grab.inc.php(2) : eval()'d code on line 96
How can we make it works?

Beside this, are you planning to release a future version which will use Curl?
Re: fopen() has been disabled for security reasons
« Reply #1 on: October 11, 2009, 03:26:14 PM »
Hello,

looks like file functions (like fopen()) are disabled in your PHP configuration, please contact your host to correct that.

cURL is already supported by sitemap generator, there is a special checkbox setting at the bottom of configuration page.
Re: fopen() has been disabled for security reasons
« Reply #2 on: November 27, 2009, 01:52:09 PM »
Hello,
Thank you for your answer.
I am the host.

However, not matter if I set manually the config file to use curl:
Code: [Select]
'xs_usecurl' => '1',
The server still return the same error.

Beside this, PHP is correctly configured to allow fopen:
Code: [Select]
allow_url_fopen = Onand the domain name has been whitelisted in mod_security config.

Unfortunately, your script is ioncubed so I can't check exactly the piece of code where this error is reported.
Any further help would be greatly appreciated as long as I can't use at all anymore the script.

Thanks.
Re: fopen() has been disabled for security reasons
« Reply #3 on: November 27, 2009, 11:26:17 PM »
Hello,

you should make sure that these functions are NOT listed in disable_functions seting in php.ini: fopen, fwrite, fclose.

Also, curl settings should be enabled on configuration page insetad of directly modifying config file (the structure of config file has changed in latest version, it is stored in data/generator.conf file now)
Re: fopen() has been disabled for security reasons
« Reply #4 on: November 28, 2009, 11:59:40 AM »
Thank you Oleg,

I forgot to mention it in my previous message. Of course, these functions are not listed in disable_functions.

Beside this, I have no other way to modify the config file than manually because the script returns this error just after logging in!
I don't have access to the control panel or any other features of the script.
Only a blank page with the reported error message.
Re: fopen() has been disabled for security reasons
« Reply #5 on: November 28, 2009, 01:56:22 PM »
Hello,

please send me your generator URL/login so that I can reproduce the issue and a link to phpinfo() page on your server.
Re: fopen() has been disabled for security reasons
« Reply #6 on: November 28, 2009, 08:40:12 PM »
Sent per PM.
Re: fopen() has been disabled for security reasons
« Reply #7 on: November 30, 2009, 11:01:39 AM »
Update: file functions should be removed from "suhosin.executor.eval.blacklist" setting as well.
Re: fopen() has been disabled for security reasons
« Reply #8 on: November 30, 2009, 12:51:57 PM »
Oooops.
My mistake.
It works perfectly now. Thank you very much for your assistance.