WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#9989 closed defect (bug) (worksforme)

1&1 and Wordpress 2.8

Reported by: mattredman Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.8
Component: General Keywords: reporter-feedback
Focuses: Cc:

Description

After upgrading to Wordpress 2.8 b2 from 2.7.1, I had several php errors. I had to turn on PHP5 to get anything with the admin to load. As a result of turning PHP5 on, I had to make a php.ini file in each directory with settings for allow_url_include to be ON so that my php include() functions used in many of my themes would work.

Change History (10)

comment:1 mattredman5 years ago

Note, my host is 1&1

comment:2 dd325 years ago

Would you by any chance know what your previous PHP version was, or what some of the errors were?

comment:3 dd325 years ago

  • Keywords reporter-feedback added

Just did a check, And no functions that require greater than PHP 4.3 seem to be used in core without proper checks to see if its available..

I know Azaozz uses PHP4 only (As its easier to test WP on given the minimum req's)..

comment:4 ryan5 years ago

I test with php4 all the time. It runs fine here. What were the errors?

comment:5 ryan5 years ago

And php5 runs fine no matter the allow_url_include setting. WP shouldn't be including urls anywhere.

comment:6 azaozz5 years ago

What exactly are "my php include() functions used in many of my themes"? Can you post some examples. Do the rest of the require() and include() calls in WordPress work properly?

comment:7 hakre5 years ago

mattredman: Please enable a standard theme and disable all third party plugins. Then test again and report if or not the problem still exists.

comment:8 robertaccettura5 years ago

I'm not sure a theme or plugin should ever really be using allow_url_include as it's inherently very insecure and thus *should* be disabled on secure systems. Including from a remote source is extremely risky. If the remote source is compromised it can include bad code injecting anything from spam to other malware onto the host server (since it would have all permissions that wordpress and php have).

Perhaps to help kill this harmful practice the following should be added to wp-settings.php:

ini_set('allow_url_include', 'Off')

A theme can in theory just turn it back on, but hopefully this will at least discourage the behavior for less experienced developers.

comment:9 JDTrower5 years ago

  • Resolution set to worksforme
  • Status changed from new to closed

I have 1&1 hosting as well. Normally I run WordPress on PHP5, however on a development site that I am working on, I went ahead and upgraded to Wordpress 2.8b2 and ran the site on PHP4 (specifically PHP version 4.4.9 on 1&1 hosting). Everything worked fine with the default theme and no plugins. I do not have allow_url_include activated on my site, and everything appears to be working fine in Wordpress 2.8b2 as well as 2.8b2-11491. As WordPress 2.8b2 works as intended on 1&1 with PHP4 for me, the problem must be due to a theme or plugin the original reporter has on his install therefore I am closing this as worksforme and the original poster can reopen if the problem continues to occur after he deactivates all plugins and goes to the default theme.

comment:10 Denis-de-Bernardy5 years ago

  • Milestone 2.8 deleted
Note: See TracTickets for help on using tickets.