fgets workaround?

[juergen]

Hi,

I'm currently installing serendipity v1.1. at the webserver of my university, like I've done at several ISPs well. But this admin has disabled fgets for security reasons. By this reason the installation fails with looped warnings "fgets has been disabled for security reasons" from include/functions_installer.inc.php line 1123

So far as I can see fgets is used at least in /Net/Socket.php, /Onyx/RSS.php and Smarty/libs/plugins/function.fetch.php too.

Do you have some arguments for a little discussion with the administrator? Or is it possible to implement a bypass for running the installation successfully?

Thx, Juergen

[mastaYoda]

Hopefully your sysadmin does not know everything about PHP so maybe he left fgetc() or file_get_contents() enabled.

Example for fgetc():

Code: Select all

$resource = fopen(__FILE__, 'r');
$string = '';
while (!feof($resource))
    $string .= fgetc($resource);

Example for file_get_contents():

Code: Select all

$string = file_get_contents(__FILE__);

[garvinhicking]

Hi!

With disabled fgets, I'm afraid you won't be able to use many portions of Serendipity. You should not bother with it altogether, there are too many places where fgets is required.

Disabling it is like locking the door to your closet to prevent it from getting dirty.

Best regards,
Garvin

[juergen]

Disabling it is like locking the door to your closet to prevent it from getting dirty.

I'm agree with you.
The sysadmin means, fgets() runs with webserver uid and all files (with passwords and so on) are readable using a simple script. Locking the door was the easiest way for him to prevent this.

I'll looking for another server...

Juergen

[garvinhicking]

Hi!

Definintely. There are other means of jailing users installations (fastCGI, suPHP, ...). Locking write access prevents most of the PHP applications to work at all...

HTH,
Garvin