PHP Warnings

[bananapar]

Hi, first time posting so sorry if I make any faux-pas.

When trying to use the following code on one of our pages:

<?php
$cc = urlencode(stripslashes($_REQUEST['cc']));
$phone = urlencode(stripslashes($_REQUEST['phone']));

print join("\n", @file("http://voip.expat-voip.com/callcosts/lo ... ariff_id=4"));
?>
It doesn't work and I recieve lines in the error_log saying:
PHP Notice: Undefined index: cc in /var/www/vhosts/emailitis.com/httpdocs/voip/costs.php on line 10
PHP Notice: Undefined index: phone in /var/www/vhosts/emailitis.com/httpdocs/voip/costs.php on line 11
PHP Warning: join() [<a href='function.join'>function.join</a>]: Invalid arguments passed in /var/www/vhosts/emailitis.com/httpdocs/voip/costs.php on line 13

This code used to work but has stopped for some reason. Unfortunately we are not able to pinpoint when this changed or what may have affected it.
I have tried this code on other servers and it still all works pefectly on those so there's obviously something going wrong on our server. The PHP support being run is an Apache Module and the version of PHP is fairly recent (5.1 something).

Any ideas as to possible causes for the issue?

[mneese77]

what is on lines 10, 11, and 13 in costs.php that is the issue...also a "notice" and a "warning" are not "errors"....

[bananapar]

10 and 11 are $cc = urlencode(stripslashes($_REQUEST['cc'])); and
$phone = urlencode(stripslashes($_REQUEST['phone']));respectively.

Line 13 is the print join.
(Sorry I thought that would be fairly obvious to a regular PHP user.)
I included the error log just incase it helped to pinpoint what the cause may be.

[bananapar]

After removing the @ character from the following line:
print join("\n", @file("http://voip.expat-voip.com/callcosts/lo ... ariff_id=4"));

The error log now contains:

'PHP Warning: file() [<a href='function.file'>function.file</a>]: URL file-access is disabled in the server configuration in /var/www/vhosts/emailitis.com/httpdocs/voip/costs.php' instead.

So I guess I found out why it no longer works.

[breun]

You'll need to change the value of PHP_URL_FOPEN in /etc/asl/config, run 'asl -s -f' to let ASL modify the PHP configuration (this will set allow_url_fropen to on in /etc/php.ini) and restart Apache if you want to enable the URL-aware fopen wrappers. ASL disables this by default for security.

http://www.php.net/manual/en/filesystem ... -url-fopen

[faris]

The problem that happened here was that content from an external domain was being inserted into the page. This is seriously dangerous (in the way that it was being done).

ASL, by default, prevents this happening and this causes an error in the code when the expected input is just not there.

Some php-based rss readers, including Joomla/Typo/WordPress plugins, can be affected by this as they use the the php fopen function to open a "file" on a different domain (ouch!). The same applies to the print command that was being used in the code, I guess.

Faris.