Why isn't ini_set("allow_url_fopen", 1); working?

I have the following code to make sure my RSS feeds work:

ini_set(“allow_url_fopen”, 1);
if (ini_get(“allow_url_fopen”) == 1) {
echo “allow_url_fopen is ON”;
} else {
echo “allow_url_fopen is OFF”;

Then, as you can see, I check it. It ways displays:
"echo “allow_url_fopen is OFF”

Any ideas why?

from the manual

allow_url_fopen boolean

This option enables the URL-aware fopen wrappers that enable accessing URL object like files. Default wrappers are provided for the access of remote files using the ftp or http protocol, some extensions like zlib may register additional wrappers.

    [b]Note: This setting can only be set in php.ini due to security reasons. [/b]

So you can’t change it in the code



Looks like that was not tested because if it was the author would have known it didn’t work.

Just out of interest why do you do this:

if (ini_get("allow_url_fopen") == 1) {
echo "allow_url_fopen is ON";
} else {
echo "allow_url_fopen is OFF";

when you could just as well do this?

print ini_get("allow_url_fopen");

ini_set(“allow_url_fopen”, 1);
print ini_get(“allow_url_fopen”);

Prints nothing.

That’s because it is boolean(false) but print_r(ini_get(“allow_url_fopen”)); certainly would work.

nope, that prints nothing either. I checked and there is an entry for it in the ini file

I;ve also tried:

 		ini_set("allow_url_fopen", 'On');
 		if (ini_get("allow_url_fopen") == 'On') {
			echo "allow_url_fopen is ON";
		} else {
			echo "allow_url_fopen is OFF";

Same thing - Off

As pointed out to you above it is not possible to alter this setting from a script.

I appreciate you pointing that out again. I have to wonder why Pear developers wrote in the documentation that the above method should be done to overcome this that setting being set to Off. Pear developers are pretty good at PHP.


I posted in the php forum but can not get a definitive answer (http://www.sitepoint.com/forums/showthread.php?t=295840)

The crux of the matter is this, on Pear’s XML_RSS documentation, it says that if your allow_url_fopen=Off, then ini_set it to 1:

I figure these Pear guys know what their talking about so I have tried it every which way but loose.

Some people in the forum say it can’t be done from code.

What do you advanced PHP users say? (I have spent most of the day on this because I am trying to avoid permenently setting it to On)

My guess is that was written without testing. Maybe the person writing it thought it would work but the truth is it certainly does not.

it certainly look sthat wya - thanks for your patience. I’m starting another thread to see if there are any security concerns with setting it to On.

I don’t know the definitive answer, and can see how I might want to be able to do this too. Having Safe Mode set “on” in your ini may override all of your attempts though.

how does safe_mode interact with or change allow_url_fopen?

As I understand it, this is because Safe mode governs whether or not you can fopen anything except in directories you have stipulated in the ini.

When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified directory-tree, PHP will refuse to open it.

That only concerns the server directories; safe mode does not prevent you from accessing data from the outside. Edit: Then again, I could be rather wrong.


Note: This setting can only be set in php.ini due to security reasons.

Threads merged. Please do not cross-post.

The manual says this cannot be set at script level (for obvious reasons) and your testing has proved this. Is this not a definitive answer?

Sean :slight_smile:

Is this workaround any help?