Page 1 of 1
warning file() disabled security purposes
Posted: Tue Jun 14, 2005 3:54 pm
by justlearnin
justlearning here was playing with a news article script and...
I get this error " warning file() has been disabled for security purposes in my path to public html on line .....
from what i understand this is some setting in php.ini
disable_functions = ini_set, exec, popen, passthru, file, system, shell_exec
if i remove [ file ] from the list above will i put my server at risk and is there a workaround to my prob...(happens on alot of scripts i try)
Also is anything missing i should add to this line...
disable_functions = ini_set, exec, popen, passthru, file, system, shell_exec
thanks in advance from a php noob ....
Posted: Tue Jun 14, 2005 6:28 pm
by Buddha443556
Speaking generally... if your users are not in some sort of sandbox, such as safe mode or phpsuexec, then you would what to disable file system access. This way they can't read files that don't belong to them, such as /etc/passwd.
Would need a lot more info to comment on your situation.
Oh ... and welcome to phpDN.
file() disabled
Posted: Wed Jun 15, 2005 2:33 pm
by justlearnin
Hey thanks for the reply , Im html/css literate but new to php so forgive anything ignorant i might say... I just setup a web server using a preconfigured package referred to as mini-apache [apache2 php5].
First purpose was to set a php locally just so i can make an attempt to learn it ...... I grabed a few simple scripts for reading and writing to a file (txt file), like a news script or something and i kept getting the warning file() has been disable for security reasons.... I figured it had something to do with permissions ...
looked in php.ini and saw file was in the diabled function group.... And i understand if i eventually got users other than myself it could be a prob with passwords and such like you said but untill then can i just yank it out the diabled group in php.ini or is there a better way of doing such a thing(filesystem access)....
Windows/apache2/php5
and thanks for the welcome, i think im over my head with this php stuff and im glad i found this place ... good place to read other people problems/solutions....
Re: file() disabled
Posted: Wed Jun 15, 2005 4:12 pm
by Buddha443556
Glade to see you setting up a development server. I think that's a great first step.
justlearnin wrote:untill then can i just yank it out the diabled group in php.ini or is there a better way of doing such a thing(filesystem access)....
Yeah just yank those out of php.ini, those are for a production server.
As for a better way of doing that? Well yeah ... use Linux instead of Windows when you set it up your production server. You'll have many more options with Linux, IMHO.
file() warning
Posted: Sun Jun 19, 2005 9:05 pm
by justlearnin
Great, Now i can play with php and no pesky warning till i get a grip on the language... tanx for the tip...