PHP 5.2.10 - fopen() fails

[handsonhosting]

Anyone else experiencing issues with fopen() on the 5.2.10 version?

Two servers running the exact same configuration other than PHP 5.2.9 on one machine and 5.2.10 on the other machine.

On 5.2.9, fopen works as it should
On 5.2.10 I get an error - failed to open stream: No such file or directory

Again, nothing different on the two machines other than the PHP version. Anyone else able to duplicate the event?

Here's the code:

Code:

<?php
$ret = fopen("http://www.google.com", "r") || die("Couln't open file");
fclose($ret);
?>

Should return a BLANK page if it works, and an error about the stream if it doesn't. Can someone else test on their configurations?

[Reptilian97]

Hey Conor,

Here's a better example to test the issue, even though it really doesn't matter in this situation since both will still give the same error:

Code:

<?php
$ret = fopen(http://www.google.com", "r") || die("Couln't open file");
fclose($ret);
?>

The example you provided would always produce a blank page because $ret[0] doesn't contain any page data, since $ret is just a file pointer and not the contents of the site.

[SigmaWeb]

Doesn't seem to have any kind of problem in my 5.2.10, works OK

[handsonhosting]

hmm.. well that sucks.

Ok, I'll go through my apache config file and start disabling items and see what happens

Thanks for checking. If anyone else can check, I'd be appreciative of it also.

[smithxxl]

I have the same issue. I checked the php config via cPanel too and it's set to allow_url_fopen on. I'm not sure what's causing this, but has broken a couple of my client's scripts. I have a feeling though it's because they added ignore_errors in 5.2.10 and broke something else. http://www.php.net/releases/5_2_10.php

[Spiral]

Quote:

Originally Posted by handsonhosting

Ok, I'll go through my apache config file and start disabling items and see what happens

Exactly how is that supposed to help you?

Random messing with config files you apparently don't understand in the first place is not going to do anything to help you especially when your Apache configuration has absolutely NOTHING to do with the issue you are asking about!

The place you want to check is your PHP.INI file which is usually located in /usr/local/lib

The two things that you want to look at is disable_functions and allow_url_fopen lines in your PHP configuration.

You should check that fopen does not appear in the list of disabled functions on your server although it does not sound like this is your problem here:

Code:

disable_functions = !!!LIST OF FUNCTIONS -- SHOULD NOT HAVE fopen!!!

What does sound more to be your issue is if you have network connections turned off for fopen and similar functions.

Code:

allow_url_fopen = On

** If this says "Off" in your configuration then that is your problem! **

Another lesser known config setting that I don't believe has bearing on your specific script but could effect others particularily those that try to load code remotely from other servers:

Code:

allow_url_include = Off    #I would leave this Off for security unless you really have need

The above is those settings most likely to affect PHP fopen() remote connections but there are other smaller settings that can have an impact as well. You may want to compare your old server PHP configuration and the new configuration
or even backup the new configuration and copy the PHP.INI in from your old server although be careful with doing that as you may have differences in 3rd party loaded modules and library paths.

If you need to make any changes to your PHP configurations, you will likely need to go ahead and restart your Apache server

Code:

# service httpd restart
# service httpd status

Aside from your PHP configuration, if you are running any firewall application such as APF or CSF, it is possible that you have disallowed your server to make any outbound TCP network connections to be able to connect to remote web servers. Make sure you have enough ports open on your server to allow for outbound connections and that you are able to make connections outbound to a remote address on port 80, otherwise you won't be able to run any scripts that make external network connections.

The quickest way to find out if your firewall is effecting your scripts is to simply turn it off for a few minutes and flush your IPTABLES and then see if your scripts start working. If so, it's your security settings that are blocking your scripts and you'll need to update your firewall settings.

Quote:

Again, nothing different on the two machines other than the PHP version.

Incidentally, that is a very stupid statement to make! Unless you directly cloned the old machine's hard drive and both machines were using the exact same hardware (and even then would be doubtful), you could not really say there is "nothing different" between the two machines.

As an expert, you put two supposed identical machines in front of me with the same hardware and the same base image and I can usually find hundred if not thousands of subtle differences in the configurations between both machines that each could have a substantial impact on one script running on one machine but not on the other even though both machines on the casual surface appear to be identical and that is even when using cloned images!

When you are talking about setting up a new machine from scratch and then duplicating the basic Cpanel settings, you are dealing with an entirely new machine, new hardware, new configuration, new OS components, possibly different libraries, different versions of various prerequisite programs, possibly even different operating systems or kernel versions, and tens of thousands of other differences and one of which could effect any given script from running the same way from the other machine.

The point is that your machines are NOT identical and to quickly make assumptions just to blindly point your finger at PHP 5.2.10 is a very unwise thing to do almost about as much as randomly playing with your Apache settings hoping that will will fix your issue!

Speaking of Apache, the newer Apache 2.0 and 2.2 series has built in compression modes that can also effect the output of pages, and depending on the configuration of Apache when built can have different results for different browsers because of HTTP 1.0 and 1.1 compatibility settings, etc.

[smithxxl]

This is not the situation in my case. All settings in the php.ini are correct. My hypothesis is because in 5.2.10 they added ignore_errors to the http wrapper for fopen, there was always an error in <= 5.2.9, but ignored and now have no way to read the error because it's being suppressed in fopen(). Because they are starting to use more strict standards, my guess is the script is missing something like a proper user_agent or some other headers that needs to be set before calling fopen.

[Spiral]

Quote:

Originally Posted by smithxxl

This is not the situation in my case. All settings in the php.ini are correct. My hypothesis is because in 5.2.10 they added ignore_errors to the http wrapper for fopen, there was always an error in <= 5.2.9, but ignored and now have no way to read the error because it's being suppressed in fopen(). Because they are starting to use more strict standards, my guess is the script is missing something like a proper user_agent or some other headers that needs to be set before calling fopen.

You'll get no arguments from me about maintaining proper coding methods
and structure and avoiding laziness that could lead to compatibility issues
or unexplained errors especially if you write your code to depend on
non-documented or non-supported expectations.

That given though the example at the start of this thread is still pretty basic
and will work properly as expected here irregardless whether it is is deployed
on a server running PHP 5.2.9, 5.2.10, or even the new 5.3.0 (yes, tested it!)

If it's not working for you as the original poster described, there is some other
issue going on other than the PHP version because I have indeed tested the
example on all three environments in both SuPHP (CGI based PHP) and DSO
environments and can confirm having a working call out to Google on each.

[handsonhosting]

Thanks Spiral for your answer and contribution on this thread. I errored when I said APACHE and should have said PHP. My mistake. I had ment to say EasyApache.

There are a total of 4 machines that I'm cross testing on, and they are of the same configuration, same OS build, same hardware and same cpanel builds. While EXACTLY may be the inappropriate word, the configurations, OS builds, Kernel Builds and cPanel builds are the same.

fopen being set to ON does exist. allow_url_fopen also exists and is set to ON. CSF is enabled on all machines, however during the testing I did disable on the machine to test this too.

The same EasyApache information is being loaded on the various machines through the use of a yaml file. The only thing different when compiling is the PHP version. When I revert my test machine from PHP 5.2.10 to 5.2.9, it works with no issue.

The following is the output from the machine:
[root@sm5567 ~]# php -i | egrep '(disable_functions|allow_url_fopen|allow_url_incl ude)'
allow_url_fopen => On => On
allow_url_include => Off => Off
disable_functions => no value => no value

I also checked the settings on a PHP 5.2.9 server that WAS executing the above call, and the same existed on that machine. Even with the "allow_url_include = OFF" it was still loading up the outside URL through fopen.

I also verified that a cusom php.ini was not loaded on the account when I was testing.

I'll be exporting a full copy of my php.ini and comparing to the php.ini on the 5.2.10 to see if there are any differences.

Thank you again for the contribution. If you can think of any other ideas, please throw them at me. I appreciate your help on this.

[handsonhosting]

Ok, so after running comparisons, and testing things here's what I have found;

On a PHP 5.2.10 system the following are the only things different from when I use PHP 5.2.9:

EXIF Version = 1.73.2.5.2.28
php_reflection.c = 1.164.2.33.2.57
php_zip.c = 1.1.2.50

If I recompile using easyapache and change the PHP version from 5.2.10 to 5.2.9 the following versions now display:

EXIF = 1.173.2.5.2.27
php_reflection.c = 1.164.2.33.2.55
php_zip.c = 1.1.2.49


I attempted to recompile without EXIF, but this did not resolve the problem on the 5.2.10 version.

cPanel also released a NEW branch today - cPanel 11.24.5-C37127, and I've tested with this on the 5.2.10 version and still no joy.

So upgrading from 5.2.9 to 5.2.10 breaks the script, but downgrading again back to 5.2.9 allows it to work. I've also checked the compile command/variables, and they are the same when executing.

[Spiral]

Quote:

Originally Posted by handsonhosting

php_zip.c = 1.1.2.50
php_zip.c = 1.1.2.49

So upgrading from 5.2.9 to 5.2.10 breaks the script, but downgrading again back to 5.2.9 allows it to work. I've also checked the compile command/variables, and they are the same when executing.

Works fine here! Need help?

[DReade83]

Quote:

Originally Posted by handsonhosting

Anyone else experiencing issues with fopen() on the 5.2.10 version?

Two servers running the exact same configuration other than PHP 5.2.9 on one machine and 5.2.10 on the other machine.

On 5.2.9, fopen works as it should
On 5.2.10 I get an error - failed to open stream: No such file or directory

Again, nothing different on the two machines other than the PHP version. Anyone else able to duplicate the event?

Here's the code:

Code:

<?php
$ret = fopen("http://www.google.com", "r") || die("Couln't open file");
fclose($ret);
?>

Should return a BLANK page if it works, and an error about the stream if it doesn't. Can someone else test on their configurations?

I'm running Mod Security, so I get an error as expected:

HTTP 501 - [msg "PHP Injection Attack"] [data "fopen"] [severity "CRITICAL"] [tag "WEB_ATTACK/PHP_INJECTION"] [tag "WEB_ATTACK/HTTP_RESPONSSE_SPLITTING"]

However fopen'ing internally works absolutely fine, as expected. Must be something wrong with your config.

[djerik]

Did anyone find a solution? I have the same problem after my host has upgraded to 5.2.10.

[smithxxl]

Quote:

Originally Posted by djerik

Did anyone find a solution? I have the same problem after my host has upgraded to 5.2.10.

No. I'm leaning more towards a quirk/bug in php. I've tried several different variations of calling fopen, but still fails. It is not in php's bug tracker. I have gone back to 5.2.9 for now and hope that the 5.3 (the one I've been waiting for anyways) will not have the same issue.

[handsonhosting]

Hey Spiral,

Yeah, I think I need help as it's just no jiving how it's supposed to. I'll drop you a PM and see if you can shed any light on it with me. Appreciate everyone's input so far.