PHP Warning: ini_set() has been disabled for security reason

A place for users and developers of the Xataface to discuss and receive support.

PHP Warning: ini_set() has been disabled for security reason

Postby sworden » Mon Mar 19, 2012 9:58 am

I'd previously posted about getting individuals to only see their records when logging in. Everything was working great. I had logged in as both my admin account and a read-only account and everything was loading the way it was supposed to. Then I left the browser window open while I did some unrelated stuff to our main webpage (.css updates). Before I left for the day I went to look through the tables one last time and got the blank screen again on every table that I tried. I checked the error log and got this:

[15-Mar-2012 14:32:43] PHP Warning: ini_set() has been disabled for security reasons in /home/povpc11/public_html/xataface/config.inc.php on line 36
[15-Mar-2012 14:32:43] PHP Warning: ini_set() has been disabled for security reasons in /home/povpc11/public_html/xataface/config.inc.php on line 216
[15-Mar-2012 14:32:43] PHP Warning: require_once(I18Nv2/I18Nv2.php) [<a href='function.require-once'>function.require-once</a>]: failed to open stream: No such file or directory in /home/povpc11/public_html/xataface/config.inc.php on line 246
[15-Mar-2012 14:32:43] PHP Fatal error: require_once() [<a href='function.require'>function.require</a>]: Failed opening required 'I18Nv2/I18Nv2.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/povpc11/public_html/xataface/config.inc.php on line 246

I hadn't changed anything since getting it to work successfully. What happened?

This is the section where line 36 is (the last line):
//Make sure when reading file data,
//PHP doesn't "magically" mangle backslashes!
//set_magic_quotes_runtime(FALSE);
ini_set('magic_quotes_runtimg', false);

This is the section where line 216 is (again, last line):
if ( $curr_dir_first ){
$include_path = ".".PATH_SEPARATOR.$include_path;
}


ini_set('include_path', $include_path );

Line 246 (second to last line):
//$class = str_replace('/','_', $file);
//$class = substr($class, 0, strpos($class,'.'));
if ( !isset($imports[$file]) ){
$imports[$file] = true;
//error_log("importing ".$file);
require_once $file;
}

Any ideas what's going on? I hadn't changed anything when this started occurring.
sworden
 
Posts: 44
Joined: Thu Feb 16, 2012 9:05 am

Re: PHP Warning: ini_set() has been disabled for security re

Postby shannah » Mon Mar 19, 2012 2:20 pm

Yes. Your server has disabled the ini_set() function that is used by Xataface to set the include path. You could try changing the ini_set() call to set_include_path()
http://php.net/manual/en/function.set-include-path.php

If they've disabled that function, though, it makes me wonder what else might be disabled on the server.

-Steve
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: PHP Warning: ini_set() has been disabled for security re

Postby sworden » Wed Mar 21, 2012 7:58 am

Thanks!

In line 36 I changed:
ini_set('magic_quotes_runtimg', false);

to:
if(get_magic_quotes_runtime())
{
// Deactivate
set_magic_quotes_runtime(false);
}


In line 216 I changed:
ini_set('include_path', $include_path );

to:
set_include_path($include_path );

Now everything is working like it's supposed to. Thanks for turning me in the right direction.
sworden
 
Posts: 44
Joined: Thu Feb 16, 2012 9:05 am

Re: PHP Warning: ini_set() has been disabled for security re

Postby sworden » Thu Mar 22, 2012 6:49 am

OK, now I'm getting the ini_set() disabled in another file:

[22-Mar-2012 05:25:07] PHP Warning: ini_set() has been disabled for security reasons in /home/povpc11/public_html/xataface/Dataface/Application.php on line 829


Lines 827-829:
// set the garbage collector - who will clean the session files -
// to our custom timeout
ini_set('session.gc_maxlifetime', $garbage_timeout);

Is there an alternate function? Also, is there a page that shows these alternate functions all together?
sworden
 
Posts: 44
Joined: Thu Feb 16, 2012 9:05 am

Re: PHP Warning: ini_set() has been disabled for security re

Postby shannah » Thu Mar 22, 2012 10:06 am

I don't think there's another function for that one. That only affects the session timeout though, so if you're not changing that in the conf.ini file it's no big deal. You can suppress the warning by prepending a '@' to the ini_set() call.
Code: Select all
@ini_set(....)
shannah
 
Posts: 4457
Joined: Wed Dec 31, 1969 5:00 pm

Re: PHP Warning: ini_set() has been disabled for security re

Postby sworden » Thu Mar 22, 2012 11:05 am

Thanks!
sworden
 
Posts: 44
Joined: Thu Feb 16, 2012 9:05 am


Return to Xataface Users

Who is online

Users browsing this forum: No registered users and 6 guests

cron
Powered by Dataface
© 2005-2007 Steve Hannah All rights reserved