Your version of PHP has security related risks.

barnettgs · 2006-02-26 17:37:31

Hi, I have installed textpattern and checked diagnosis page, I get like this:

Warning: php_uname() has been disabled for security reasons in /data/members/paid/u/d/udsc.org.uk/htdocs/www/textpattern/include/txp_diag.php on line 283

Warning: php_uname() has been disabled for security reasons in /data/members/paid/u/d/udsc.org.uk/htdocs/www/textpattern/include/txp_diag.php on line 283
Pre-flight check
Your version of PHP has security related risks. Please turn register_globals off or update to a newer PHP version. ?

I’m installing textpattern for for a club and they are using lycos host which I don’t like especially with terrible support.

Turning off register_globals doesn’t work as it caused the textpattern and forum (already running) to stop working.

Lycos host only support php 4.3.10 so I called to lyco hosting support and they said that I have to add ‘5’ to each php file extension to be .php5. I have tried that but doesn’t work at all.

I have asked them to update php to the latest version of 4.4 and they say they would find out with their tech department but I was given impression that they can’t be bothered to update. I’m struck here and what should I do?

Thanks in advance

Mary · 2006-02-26 17:55:12

The uname warnings simply mean your host has – for whatever reason(s), justified or not – disabled that function from being used.
PHP5 isn’t needed, your version 4.3.10 is just fine.
Turning off register globals shouldn’t have any effect on Textpattern actually working, so I suspect something else is at play here. How did you go about trying to do this?
Uh, what forum software are you using? If it relies upon register globals, then it’s pretty poorly written.

In the end, if you can’t turn it off, it can’t be helped; it’s just that it’s a good idea to turn off if it is possible.

barnettgs · 2006-02-26 18:59:42

Ok, I was using a line of register_global in .htaccess file.

The forum is powered by Invision Power Board v2.0.3.

OK, I think I put it in root directory which caused both forum and textpattern to stop working.

This time, I have placed htaccess file in textpattern directory – forum working as expected but not textpattern. Not sure why is that. Here’s diagnosis info u might find useful:

Textpattern version: 4.0.3 (r1188)
last_update: 2006-02-14 18:56:20/2006-02-13 19:40:47
Document root: /data/members/paid/u/d/udsc.org.uk/htdocs/www
$path_to_site: /data/members/paid/u/d/udsc.org.uk/htdocs/www
Textpattern path: /data/members/paid/u/d/udsc.org.uk/htdocs/www/textpattern
Permanent link mode: section_id_title
upload_tmp_dir: /tmp
Temp folder: /data/members/paid/u/d/udsc.org.uk/htdocs/www/textpattern/tmp
Site URL: www.udsc.org.uk
PHP version: 4.3.10
Register globals: 1
server_time: 2006-02-26 20:11:48
MySQL: 4.0.18-log
Locale: en_GB.UTF-8
Server: Apache (UNIX)
php_sapi_mode: cgi
os_version:

Pre-flight check:
————————————
Your version of PHP has security related risks. Please turn register_globals off or update to a newer PHP version.
————————————

.htaccess file contents:
————————————
DirectoryIndex index.html
————————————

Thanks

> mary wrote:

> * Turning off register globals shouldn’t have any effect on Textpattern actually working, so I suspect something else is at play here. How did you go about trying to do this?

Uh, what forum software are you using? If it relies upon register globals, then it’s pretty poorly written.

In the end, if you can’t turn it off, it can’t be helped; it’s just that it’s a good idea to turn off if it is possible.

Last edited by barnettgs (2006-02-26 19:13:25)

Mary · 2006-02-26 19:23:31

Okay, IPB doesn’t depend upon register_globals as far as I know.

So you uncommented the register_globals line within the .htaccess file that came with Textpattern? When you say “not working”, what do you mean? Does the page not load, you get an error message, or..?

barnettgs · 2006-02-26 19:33:19

Yeah, I uncommented it in .htaccess file but it is inside /textpattern/ directory instead of root. If it was in root, both textpattern & forum will not work.

By ‘not working’, I meant this:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webadmin@lycos-europe.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Sorry, should have given u more info!

Mary · 2006-02-26 20:27:41

Okay, my guess would be that your host does not allow PHP directives in .htaccess files, but you can ask them to confirm this (one way or another).

barnettgs · 2006-02-26 20:34:17

Thanks, will call host to find out.

Will keep you updated

Cheers

zem · 2006-02-27 01:19:40

Warning: php_uname() has been disabled for security reasons

Also ask them why they’ve disabled php_uname. I can’t think of any security reason that would justify it. If they’ve disabled that, they might have disabled other things also – you should consider switching hosts.

barnettgs · 2006-02-28 10:09:49

oh dear, i have finally made a call to lycos support after some very long hold-up…

They said it cannot be enabled for security reason which they encounted recently and that I can work a way around this issuses by asking php support forum but I’m not convinced.

Think I better let my friend know of this problem and see what they got to say about moving to different host. If not, then static pages will do!

Textpattern CMS

Textpattern CMS support forum

#1 2006-02-26 17:37:31

Your version of PHP has security related risks.

#2 2006-02-26 17:55:12

Re: Your version of PHP has security related risks.

#3 2006-02-26 18:59:42

Re: Your version of PHP has security related risks.

#4 2006-02-26 19:23:31

Re: Your version of PHP has security related risks.

#5 2006-02-26 19:33:19

Re: Your version of PHP has security related risks.

#6 2006-02-26 20:27:41

Re: Your version of PHP has security related risks.

#7 2006-02-26 20:34:17

Re: Your version of PHP has security related risks.

#8 2006-02-27 01:19:40

Re: Your version of PHP has security related risks.

#9 2006-02-28 10:09:49

Re: Your version of PHP has security related risks.

Board footer