Menu
I'm using the following code
echo 'file_get_contents : ', ini_get('allow_url_fopen') ? 'Enabled' : 'Disabled'; this can get it enabled or disabled
but I would like to make as function say function name is _isgetcontents
then I can call it as following any where in my website code
if (_isgetcontents()){ echo "this is enabled"; // will do an action }else{ echo "this is disabled"; // will do another action } 
877
You definitely want allow_url_include set to Off, which mitigates many of the risks of allow_url_fopen as well. But because not all versions of PHP have allow_url_include , best practice for many is to turn off fopen. Like with all features, the reality is that if you don't need it for your application, disable it.
If enabled, allow_url_fopen allows PHP's file functions to retrieve data from remote locations such as an FTP server or web site, and could lead to code injection vulnerabilities. Typically, these code injection vulnerabilities occur from improper input filtering when passing user-provided data to PHP functions.
Description. The PHP configuration directive allow_url_include is enabled. When enabled, this directive allows data retrieval from remote locations (web site or FTP server) for functions like fopen and file_get_contents. If user input is not properly validated, this can conduct to remote file inclusion vulnerabilities.
Use ini_get() to get the value of certain configuration parameters:
if( ini_get('allow_url_fopen') ) { // lucky me... } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
