extiverse
Url_fopen
As you know, the allow_url_fopen is usually off due to security risks. Is it better using curl to fetch the file instead of url_fopen?
Thank you good point, I take it you're referencing this line I see no other mention of file_get_contents.
@luceos Indeed, I found no "file_get_contents" or "fopen" function associate with the file "packages.json" in the code. But I just can't install any extension in the bazaar, and got some odd errors like this in the log:
[2017-07-18 08:31:17] production.ERROR: The "https://packagist.org/packages.json" file could not be downloaded: allow_url_fopen must be enabled in php.ini (https:// wrapper is disabled in the server configuration by allow_url_fopen=0 failed to open stream: no suitable wrapper could be found)
Behind the scenes Bazaar uses the Composer package which uses file_get_contents for pretty much everything.
I am not sure we can do anything about this without completely dropping the composer dependency. This is a lot of work though. I am going to keep this on our backlog as a reminder though.
As of recent, CPanel has removed the allow_url_fopen option from Multi php.ini Editor and the server overrides to allow_url_fopen=0.
RIP on shared hosting.
Link: https://forums.cpanel.net/threads/php-ini-directives-not-working-properly.614379/#post-2494067
@Legoman99573 unless the shared host allows it for all sites. I can't imagine why you'd block it globally anyway..
@luceos it is done by default on a clean install. It can be enabled /via WHM, but most shared hosts/resellers kept it blocked for the same reason this issue was opened for.