curl_setopt() problem in 3rd party library

S

shankhs84

New Member
Messages
1
Reaction score
0
Points
0
Hi,
I have recently started a new website project.
To create a login page I am using 'Sign in with twitter' created using 3rd party library twitter-async which uses cURL a lot. Unfortunately I am getting the following error when running:

Code: 
Warning:  curl_setopt() [[URL="http://testwitter.x10.mx/function.curl-setopt"]function.curl-setopt[/URL]]: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set in /home/shankhs/public_html/twitter-async/EpiOAuth.php on line 148

Warning:  curl_setopt() [[URL="http://testwitter.x10.mx/function.curl-setopt"]function.curl-setopt[/URL]]: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set in /home/shankhs/public_html/twitter-async/EpiOAuth.php on line 148

Warning:  curl_setopt() [[URL="http://testwitter.x10.mx/function.curl-setopt"]function.curl-setopt[/URL]]: CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set in /home/shankhs/public_html/twitter-async/EpiOAuth.php on line 148
Can you please tell me a solution for this?

Thank you
shankhs
 
descalzo

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
Try:
cPanel -> File Manager to public_html/twitter-async
Select the file EpiOAuth.php
Open in Code Editor or regular editor
Find line 148 (Code Editor has numbered lines, in the regular editor, search for 'CURLOPT_FOLLOWLOCATION'
Comment the line out (put // in front of it)
See if the script works.
 
cybrax

cybrax

Community Advocate
Community Support
Messages
764
Reaction score
27
Points
0
Think you're going to be out of luck, if I recall correctly getting the cURL option FOLLOWLOCATION to work requires altering the shared server's php.ini file.
 
descalzo

descalzo

Grim Squeaker
Community Support
Messages
9,373
Reaction score
326
Points
83
cybrax said:
Think you're going to be out of luck, if I recall correctly getting the cURL option FOLLOWLOCATION to work requires altering the shared server's php.ini file.
Click to expand...

That's why I told him to comment out the line.

That option is just telling cURL to follow redirects. If the service doesn't use redirects, removing the option should not break the script. If it does use redirects, one would have to add code to detect and follow any redirects
 
cybrax

cybrax

Community Advocate
Community Support
Messages
764
Reaction score
27
Points
0
True, but would not adding code to detect where the redirect went be circumventing the security restriction that the followlocation option was initially disabled for? Anyhow its been a while since I did any messing about with Oauth so will be interesting to see learn how shankhs gets on.
 
M

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
@cybrax: The security restriction was implemented due to a security whole opened by "file:" URLs, which are a problem because the cURL library is unaware of PHP's safe_mode and open_basedir features. A PHP implementation of redirect following won't introduce a vulnerability because it is subject to these features.
 
Last edited:
You must log in or register to reply here.
Top