Announcement

Collapse
No announcement yet.

ob_start() has been disabled for security reasons

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • ob_start() has been disabled for security reasons

    url to forums: forum.team-afp.org
    Running openBSD
    vB version: 2.2.6
    phpinfo here
    ----------------------/

    Hi there,
    I have a problem with my vbulletin (as you guessed I think )

    Well, I just installed it on my new host (team-afp and I just found that everytime I try to use the PHP vbcode (viewing php source without parsing it), it shows me these errors :

    -----------------
    Warning: ob_start() has been disabled for security reasons. in /admin/functions.php on line 801
    <?
    <img src="temp.jpg">
    ?>
    Warning: ob_get_contents() has been disabled for security reasons. in /admin/functions.php on line 805

    Warning: ob_end_clean() has been disabled for security reasons. in /admin/functions.php on line 806
    ----------------

    The problem is that these function were disabled by the admin of my new host (security reasons he said).

    Well, now, what can I do to make those PHP tags to work, or at least to remove them from my vbulletin board.
    Those errors are really horrible, they come on the top of the page

    Thanks in advance !
    Sincerely,
    Simon

    p.s. : By the way, I was not able to add Symen_4ab (my nickname) to the authorized vbulletin users, so I had to create another account, called Saumon..

    p.s. 2 : Warning, this post contains english used by a Swiss guy who normally speaks french
    Last edited by Saumon; Sun 7 Jul '02, 8:51am.

  • #2
    Without him re-enabling those functions, you can't enable that code without changing the underlying php code. Even if you enable it, you won't get color changes as that requires those functions.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API

    Comment


    • #3
      What security problems are there with the output buffering functions?

      Comment


      • #4
        None that I can think of.

        Comment


        • #5
          Thanks for answering !

          wluke : so, is there a way to purely disable the PHP tags ?
          They aren't listed in custom vb codes (as they are not really custom codes..)

          MUG : I don't really know, but I heard of a security hole using these functions, but only on microsoft's servers, not on OpenBSD based servers.
          Anyway, the admin don't want to hear anything about it until the next update of php on his servers

          Update :
          According to a post on the forum of my new host (hebergement-discount.com, in french by the way) :
          There is a major bug with the ob_* functions, running php 4.0.6 for OpenBSD.

          Now I'm trying to know which bugs
          Last edited by Saumon; Sun 7 Jul '02, 10:50am.

          Comment


          • #6
            Well, if he is running PHP 4.0.6, he shouldn't be worrying about the output buffering functions -- more about the major security holes in that release.

            Comment

            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
            Working...
            X