Errors and changes (oh my!)
March 17, 2005
I woke this morning to PHP include errors galore and a lovely announcement from my host:
PHP provides a feature allowing a programmer to open, include or otherwise use a remote file using a URL rather than a local file path. Unfortunately, that feature is the source of a large number of security holes in PHP web applications running on our servers and we have been spending an increasing amount of time handling issues resulting from those security exploits. In the interest of overall system security, we have decided to disable this feature as of now. We apologize for any inconvenience this may cause.
I am not able to include any file that does not already reside on my server. Which I can understand, stealing content, copyright, blah, blah, blah. But I was using PHP includes to get the handy dandy current weather report into my sidebar; that is now gone.
If you happen to know of a free temperature script thingy I can put on my sidebar - something without all those hideously animations - please let me know.
Even better, I would love to use the results from the National Weather Service (RSS and XML). I tried messing with MagpieRSS to parse the RSS, but couldn't even figure out how to install the dumb thing on my server. I don't even know if it will do what I want.
Any ideas?
6 Comments
If your ISP just disabled remote fopen() then Magpie will work (most likely), if they've disabled PHP from opening sockets in any fashion then you're SOL.
What problem did you have installing Magpie?
The NWS RSS feeds aren't particularly useful, but the feeds from rssweather.com, and www.anti-mega.com/weather both work pretty well.
All my host told me is in the post's quote, so that is all the specifics I know.
I couldn't understand the directions for Magpie; I think the directions assume I know more than I actually do about PHP and/or RSS. I didn't understand where to put the files, or how to even get the program to show the RSS feeds I wanted. I also didn't understand what other PHP script I needed.
I guess I was expecting it to have a user interface where I could paste the feed URI and tell it how I want it to look, and it gave me some output. Obviously it's a bit more involved than that, and I haven't the foggiest idea of where to start.
I never got farther than downloading and extracting it.
Hi Valette,
Closing down fopen_url is a REALLY GOOD IDEA. Seriously, even Rasmus Lerdorf (the guy that created PHP) agrees that it should be shut down since it's a huge vunerability. An equally huge one is register_globals (which should be set to "Off", and you should explicity call the variables you want).
I'll send you a note seperately, but the work around is pretty simple and actually far more powerful. It involves using curl.
not sure how it is working, but i know there is one on the city of chesapeake web site.
http://cityofchesapeake.net/communty/about/climate.html
not sure if that page is active or not, but i know it's there.
your blinking text finally made me put about:config into the URL bar. Then I searched for blink and changed the bloody thing from true to false.
Bliss.
Making the world a better, non-blinking place, one about:config at a time.