errors caused by hosting provider blocking php allow_url_fopen

  • Resolved peterpp

    (@ppauer)


    2 years ago

    Just an fyi

    I had to alter two php modules (run.php & recaptcha_v3.php) that used the remote form of file_get_contents(). As my hosting provider does not permit php option “allow_url_fopen” to be set to ON (XSS vulnerability). This causes the file_get_contents calls to fail.

    In run.php I simply replaced the remote form of file_get_contents to a local form. Used server directory path in call, instead of url path.

    In recaptcha_v3.php I replaced the remote file_get_contents with a curl call that works on servers that do not allow php remote code embeds.

    Great contact form plugin once I got it working with my hosting service, thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Jordy Meow

    (@tigroumeow)

    1 year, 11 months ago

    Hi @ppauer,

    I made the changes for the CSS file, by using the local file instead of using the URL (that was odd… sorry!). However, can’t use CURL directly, and we need to use WordPress function or file_get_contents to get remote content. What does your solution use?

    • This reply was modified 1 year, 11 months ago by Jordy Meow.
    Thread Starter peterpp

    (@ppauer)

    1 year, 11 months ago

    Good suggestion wp_remote_get seems to work OK,

    attached the code snip I have working now in the recaptcha_v3 script

                   $recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify';

// PP start segment reworked using wp_remote_get to work with servers that do not permit php remote file access
//		$recaptcha = file_get_contents( $recaptcha_url . '?secret=' . $secret . '&response=' . $token ); -- line replaced by following code.
     $remoteip = $_SERVER['REMOTE_ADDR'];
     $recaptcha_response = wp_remote_get( $recaptcha_url . '?secret=' . $secret . '&response=' . $token );
     if ( is_wp_error( $recaptcha_response ) ) {
       error_log( 'ReCaptcha log 99 - ReCaptcha error: ' . print_r( $recaptcha_response, 1 ) );
       }

    $recaptcha = json_decode( wp_remote_retrieve_body( $recaptcha_response ), TRUE );
  	$score = 0.1;
 	$score = $recaptcha['score'];

	if ( $score >= 0.5 ) {
// uncomment next line to log each successful comment in log file  
//    	   error_log ( 'ReCaptcha log 42 - RemoteIP: ' . print_r($remoteip, 1) . ' Score: ' . print_r( $score, 1) . ' from: '. print_r($form['from'],1) . ' name: '. print_r($form['name'],1) .' - Logging');
	   return $error;
	   }
	
    error_log ( 'ReCaptcha log 69 - RemoteIP: ' . print_r($remoteip, 1) . ' Score: ' . print_r( $score, 1) . ' from: '. print_r($form['from'],1) . ' name: '. print_r($form['name'],1) .' - rejected');
    $ramuline = 'Google ReCaptcha flagged your message as possible spam, your message was <strong>not</strong> sent. <br /> We are truly sorry if it is a mistake, and in that case, please try to submit this form again. <br /> Logged IP: ' . $remoteip;
    return __($ramuline, 'contact-form-block' );
	
// PP end segment rework using wp_remote_get
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘errors caused by hosting provider blocking php allow_url_fopen’ is closed to new replies.