1&1 and Wordpress 2.8

[mattredman]

After upgrading to Wordpress 2.8 b2 from 2.7.1, I had several php errors. I had to turn on PHP5 to get anything with the admin to load. As a result of turning PHP5 on, I had to make a php.ini file in each directory with settings for allow_url_include to be ON so that my php include() functions used in many of my themes would work.

[mattredman]

Note, my host is 1&1

[dd32]

Would you by any chance know what your previous PHP version was, or what some of the errors were?

[dd32]

Just did a check, And no functions that require greater than PHP 4.3 seem to be used in core without proper checks to see if its available..

I know Azaozz uses PHP4 only (As its easier to test WP on given the minimum req's)..

[ryan]

I test with php4 all the time. It runs fine here. What were the errors?

[ryan]

And php5 runs fine no matter the allow_url_include setting. WP shouldn't be including urls anywhere.

[azaozz]

What exactly are "my php include() functions used in many of my themes"? Can you post some examples. Do the rest of the require() and include() calls in WordPress work properly?

[hakre]

mattredman: Please enable a standard theme and disable all third party plugins. Then test again and report if or not the problem still exists.

[robertaccettura]

I'm not sure a theme or plugin should ever really be using allow_url_include as it's inherently very insecure and thus *should* be disabled on secure systems. Including from a remote source is extremely risky. If the remote source is compromised it can include bad code injecting anything from spam to other malware onto the host server (since it would have all permissions that wordpress and php have).

Perhaps to help kill this harmful practice the following should be added to wp-settings.php:

ini_set('allow_url_include', 'Off')

A theme can in theory just turn it back on, but hopefully this will at least discourage the behavior for less experienced developers.

[JDTrower]

I have 1&1 hosting as well. Normally I run WordPress on PHP5, however on a development site that I am working on, I went ahead and upgraded to Wordpress 2.8b2 and ran the site on PHP4 (specifically PHP version 4.4.9 on 1&1 hosting). Everything worked fine with the default theme and no plugins. I do not have allow_url_include activated on my site, and everything appears to be working fine in Wordpress 2.8b2 as well as 2.8b2-11491. As WordPress 2.8b2 works as intended on 1&1 with PHP4 for me, the problem must be due to a theme or plugin the original reporter has on his install therefore I am closing this as worksforme and the original poster can reopen if the problem continues to occur after he deactivates all plugins and goes to the default theme.