Results 1 to 6 of 6

Thread: PHP version 5.2

  1. #1
    Junior Member
    Join Date
    Sep 2012
    Posts
    11

    Default PHP version 5.2

    Ive just received an email about upgrading from php5.2- It means nothing to me - if i upgrade to version 5.4 what could go wrong with my sites? I use Netobjectgs 13, via 1and1 - and it all sounds a bit technical!
    Thanks

  2. #2
    Senior Member chuckj's Avatar
    Join Date
    Jan 2010
    Location
    www.beyondfusion.com - Florida
    Posts
    1,302

    Default

    Should be no issues at all.
    Chuck Joslin
    www.BeyondFusion.com
    PHP & MySQL development with Fusion
    Fusion support for AllWebMenus (Likno) Contact me for custom AWM menus for your sites.
    Tutorials and Forums

  3. #3
    Senior Member franko's Avatar
    Join Date
    Apr 2010
    Location
    Tasmania Australia
    Posts
    2,640

    Default

    php 5.4 is the latest iteration. It shouldn't make any difference to NoF as Chuck says. If you have any wordpress sites you should definitely upgrade to 5.4 as many plugins require 5.4 to work. But for static web sites like Fusion's, no problems.

  4. #4
    Junior Member
    Join Date
    Sep 2012
    Posts
    11

    Default

    Many thanks - now I just have to work out how to update the php!

  5. #5
    Junior Member
    Join Date
    Dec 2012
    Posts
    29

    Default

    Quote Originally Posted by rammers View Post
    Ive just received an email about upgrading from php5.2- It means nothing to me - if i upgrade to version 5.4 what could go wrong with my sites? I use Netobjectgs 13, via 1and1 - and it all sounds a bit technical!
    Thanks

    Hi,

    You need to check everything in case it broke the code.

    I had a problem a while back with the NetObjects Component that allows you to send a webpage to another person via email. The php code Fusion creates used a depreciated call to the OS. It allowed hackers a way in so that command was superseded by another command which was more secure. When I upgraded the php level, the Fusion php code broke and I got an error message from the server which gave no useful information, just a common "Something happened". So I had to go through the code manually and finally by putting in a bunch "Got here x" so it made a log that I could see where the last good command was, I found the code was stopping. I had to make a text file to allow the code to work.

    I have always wondered if NetObjects ever knew about the problem and updated their code? Or if it is still broken on php versions I believe above 5.2.

    It has been a couple of years but here is the most relevant parts:

    [Error 900] Server configuration error - this is a generic error, in this case the error was “allow_url_fopen is set to 0, need 1”

    So I went to the php.net website and they have a long discussion on this :

    “In versions prior to PHP 5.2.0, enabling the allow_url_fopen would also allow PPH to include remotely stored files as if they were stored locally. This was being exploited by hackers, hosting malicious code on their server as .txt files and including them on victim sites by taking advantage of remote file inclusion vulnerabilities. Since PHP 5.2.0 a new directive, allow_url_include, is made available. When it's set to 0, you can have fully functional URL fopen() wrappers but disallow inclusion of remotely hosted code. Ref: http://www.php.net/manual/en/filesystem ... rl-include As a result, all security warnings regarding allow_url_fopen are outdated by at least five years - PHP 5.2.0 was released in November 2nd, 2006. Unfortunately, I've only seen people discussing allow_url_include the last year or so. The instructions in the security checklist have been first written several years ago, are still relevant, but that part is not entirely accurate. It's good as a rule of thumb, but not accurate”

    So all NetObjects needs to do is change this in php.ini for just the domain where the website is located. It should be an easy fix, just write a small program that will change the value and have the user run it after the website has been loaded onto the server. Might even be easier to have Fusion print out a page that tells the user you need to do these t hings. Here is how you do them since it is rather easy to open the php.ini file and manually change and save it. But most people are hesitant about Unix but it is really easy.

    Philip

  6. #6
    Junior Member
    Join Date
    Dec 2012
    Posts
    29

    Default

    I use 1&1 to.

    Login and open your Control Panel

    On the left had side near the bottom of the webpage is a Manage Webspace section where the first entry is Secure FTP Account, 4 items below that is PHP Setting, click on it and you are presented with all your domains, click on the ones you want to change and the button that says something like "Change PHP Version" ungreys and you can choose which version from there. Save and Logout

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •