Help! Host turning off allow_url_fopen

**eyeofhorus** · 03-20-2005, 07:22 AM

I need help with my current store installation (MAX 1.7 installed November 2004) because my host is making a change which I think will break the functionality, namely, turning off allow_url_fopen. But I'm not sure.

My understanding is that any variables or includes which begin with "http://" will no longer work. I think osCommerce relies on this. But I'm not a php jock. Just a fan. So I can customize my store to a degree, but not gut it or create a contribution.

Am I right--that turning off allow_url_fopen will break my store? Can I easily fix this? Or should I be looking for a new host?

Here is applicable section of the note from Dreamhost:

The security issue for our servers is still severe and we will still be turning off the allow_url_fopen option soon, but anyone who is currently relying on it will have some time to make the necessary code changes.
This will be your only announcement regarding this and you must make any necessary code changes before the deadline.

The deadline for any PHP code changes is March 29, 2005. We will be turning off the allow_url_fopen option shortly after that date.

If you are currently using this functionality in your PHP code, there is a more powerful and flexible option available. PHP provides excellent support for curl library and its associated functions.

One of our own users has written a short article describing how it is used and that can be found here:
http://blog.unitedheroes.net/archives/p/1630/

At this point I'm kind of trying to decide whether or not to panic. I can't ramp up my php knowledge in that amount of time, because I have a full-time day job and support this site for my SO at night. I also really like dreamhost, but this has thrown me for a loop. I've a message into them, but they haven't been really good when it comes to truly technical topics lately.

Any advice/help would be greatly appreciated.

Thanks!
Jane

**michael_s** · 03-20-2005, 07:50 AM

Jane,

I just ran a test of this on our development shop, and it does not seem to break osCMax at all. I have not run complete tests, but superficially, it does not affect the overall function of the application. Of course, if you have made modifications to osCMax that require fopen wrappers, you will get error messages from php that tell you where the problem is, but again, it does not break the application.

**eyeofhorus** · 03-20-2005, 09:21 AM

That is good news! Thanks for checking and keep me updated if you find any issues.

The only "modification" I have was to the template and text . . . and to install an SSL certificate. I'm still wondering if it would be an issue to go from http: to https:

Jane

**michael_s** · 03-20-2005, 09:46 AM

This change (fopen = off) has nothing to do with ssl or switching between http or https. It has to do with allowing files to be called in html using full url's to the file instead of local relative paths. You will be fine.