Weblog offline due to PHP issue...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Bruce77
Forum Newbie
Posts: 1
Joined: Fri Nov 27, 2009 4:24 pm

Weblog offline due to PHP issue...

Post by Bruce77 »

I have a nice little blog that's Hosted on Yahoo and uses WordPress and PHP.
I'm having a PHP problem that I need help with.

Recently I was alerted by friends that when you go to my site you get this:

Yahoo! - Help
Sorry, the page you requested was not found.
Additionally, a 410 Gone error was encountered while trying to use an ErrorDocument to handle the request.

I called Yahoo and was told I have a PHP problem.

They claim that the global php community requires that the following commands be
removed from the blog source code.

Register_Global

Allow_Url_Fopen

Allow_Url_Include

I've looked through considerable source code recently and haven't seen these commands but I don't know much about PHP.

I know this is about a security update but don't know how to handle it.

I'd appreciate your help regarding this problem.
Thanks.

Bruce77
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Weblog offline due to PHP issue...

Post by requinix »

They're all php.ini settings:
- register_globals creates variables for you so you don't need $_GET or $_POST (security risk)
- allow_url_fopen lets you open (like with fopen) remote URLs and has many legitimate uses
- allow_url_include lets you include/require remote files (security risk)

Not sure why you're getting 404s though.
cpetercarter
Forum Contributor
Posts: 474
Joined: Sat Jul 25, 2009 2:00 am

Re: Weblog offline due to PHP issue...

Post by cpetercarter »

You say that your site is running on WordPress. My guess is that you have an old version of WordPress. If so, you should consider updating, because older WordPress versions have been shown to have significant security holes.
Post Reply