Is this error something to worry about or should I write a thank you note to the server technician?

I did a quick Google search on ini_restore() and there is some discussion about this being a security risk, but I don't know php. I have not asked my server technician about it, but can contact him if needed.
This site is standard Drupal install, single domain, has it's own database, installed in sub folder.
The server is a shared and managed VPS at HotDrupal.com Apache/2.2.11 (Unix), MySQL 5.0.75, PHP 5.2.9
URL davebeall.com
Boost is serving cached pages and preemptive cache loading is working fine.
htaccess is Drupal core with Boosted1.txt

DbLog after upgrade RC2 to RC5, ran update.php(received 2, cron key and .js), clear all caches, run cron, then logout.
cron Sep 8 2009 - 19:20 Cron run completed. dave
update Sep 8 2009 - 19:20 Attempted to fetch information about all available ... dave view
error php Sep 8 2009 - 19:20 ini_restore() has been disabled for security ... dave
error php Sep 8 2009 - 19:20 ini_restore() has been disabled for security ... dave
error php Sep 8 2009 - 19:20 ini_restore() has been disabled for security ... dave
boost Sep 8 2009 - 19:19 Crawler Start ... dave

Server error log has one error which "I think" is unrelated and was showing before upgrade, but I do not know if the error started after RC2(with some patches) was installed:
Call to undefined function taxonomy_get_term() in /home/buckeyel/public_html/daveb/sites/all/modules/nodewords/nodewords.module on line 401

Any words of advice or direction are very much appreciated.

CommentFileSizeAuthor
#3 boost-572108.patch4.07 KBmikeytown2
phpinfo.txt22.36 KBdbeall

Comments

mikeytown2’s picture

mikeytown2 commented

Quick answer: php is running in safe mode most likely.
http://php.net/safe-mode

Couple of things I need from you. Output of this:

if(ini_get('safe_mode')) {
  echo "In safe mode";
}
else {
  echo "Normal";
}

Did you get any error about ini_set()?

mikeytown2’s picture

mikeytown2 commented

Never mind; all the info I need is in your phpinfo.txt file :)

disable_functions:

apache_get_modules,
apache_get_version,
apache_getenv,
apache_note,
disk_free_space,
diskfreespace,
dl,
highlight_file,
ini_restore,
passthru,
popen,
proc_nice,
show_source,
symlink,
system

apache_get_modules,
apache_get_version,
apache_getenv,
apache_note,
disk_free_space,
diskfreespace,
dl,
highlight_file,
ini_restore,
passthru,
popen,
proc_nice,
show_source,
symlink,
system

safe_mode	Off	Off
safe_mode_exec_dir	no value	no value
safe_mode_gid	Off	Off
safe_mode_include_dir	no value	no value

Looks like php 5.1.6 has a bug with ini_restore(). I'll change this code so it uses ini_set().

mikeytown2’s picture

mikeytown2 commented
Title: DbLog error: ini_restore() has been disabled for security reasons, boost.module on line 2520 » ini_restore() has been disabled for security reasons, boost.module on line 2520
Status: Active » Needs review
StatusFileSize
new boost-572108.patch4.07 KB
mikeytown2’s picture

mikeytown2 commented
Title: ini_restore() has been disabled for security reasons, boost.module on line 2520 » Hosting Issue: ini_restore() has been disabled for security reasons, boost.module on line 2520

If a host has ini_set disabled, then an alt would be to hack up my own version of drupal_http_request() so that it accepts a timeout for the boost_async_call_crawler() function; a quick google search reveals that some do this (disable ini_set()). Not going to do it now though, I'll wait for a bug report before I make my own version of drupal_http_request().

mikeytown2’s picture

mikeytown2 commented

No need to write a thankyou note... there is no security issue here; just another minor inconvenience. I would let your host know that since your running php 5.2.9 (and not 5.1.6) disabling that function is not necessary and could be considered annoying. Link to old php bug: http://securityreason.com/achievement_securityalert/42

mikeytown2’s picture

mikeytown2 commented
Title: Hosting Issue: ini_restore() has been disabled for security reasons, boost.module on line 2520 » Hosting Issue: ini_restore() has been disabled for security reasons, boost.module on line 2520 (PHP <= 5.1.6 bug)
dbeall’s picture

dbeall commented

Patch installed, cleared cache, wiped watchdog, run cron, preemptive cache loaded, no errors to report.
@mikeytown2, nothing much gets in your way.. I'm completely amazed.

dbeall’s picture

dbeall commented

hold on a second,, error found in server log PHP Fatal error: Call to undefined function drupal_cron_run() in /home/buckeyel/public_html/daveb/sites/all/modules/poormanscron/poormanscron.module on line 48

Edit: maybe i did something wrong..
I forgot to clear the server log, trying to figure out the time stamp now
will re-run test

dbeall’s picture

dbeall commented

report: delete server log file, clear all caches, run preemptive cron, logout, confirm no errors to report. unless server error log is delayed. funny thing, the other error is gone now too.

dbeall’s picture

dbeall commented

I have noticed that filezilla wants to cache results and even a refresh files command doesn't do it. Shut down program and restart gives fresh read of files. Still no error log file has appeared. So RC2 with what ever patches were in that one was causing the taxonomy Nodewords error as well... I think..

mikeytown2’s picture

mikeytown2 commented
Status: Needs review » Reviewed & tested by the community
dbeall’s picture

dbeall commented

browse site, checked for error file many times, no errors... 2 birds, 1 patch.

dbeall’s picture

dbeall commented

I am jamming on it trying to force errors, got the nodewords error back, stepped up cron to 30 minutes, will watch it.

mikeytown2’s picture

mikeytown2 commented

whats the nodewords error say?

dbeall’s picture

dbeall commented

PHP Fatal error: Call to undefined function taxonomy_get_term() in /home/buckeyel/public_html/daveb/sites/all/modules/nodewords/nodewords.module on line 401

I don't keep old logs.. don't know when it started for sure..

mikeytown2’s picture

mikeytown2 commented

That doesn't make any sense because that's a core function taxonomy_get_term() that is part of taxonomy.module. I would ask your host about this one, since they sound like they are specific to Drupal.

Function inside nodewords.module
http://api.lullabot.com/nodewords_get

dbeall’s picture

dbeall commented

ok, cron just ran, cleared cached files, regenerated as expected. Have the repeated error from nodewords, so it is happening at cron, but Boost seems to be FINE and DANDY.. yippe!

mikeytown2’s picture

mikeytown2 commented

@dbeall
I would make a new post on the nodewords issue queue and let the dev know about this.

dbeall’s picture

dbeall commented

ok, will investigate first to see if i did something.. test site and all.. In the mean time, will watch for anything Boost.. Checked DbLog, all good, server log, all good(except nodeword).

mikeytown2’s picture

mikeytown2 commented

Sweet! Here's the roadmap. Looks like next release will be 1.0 after about a week of no issues.

dbeall’s picture

dbeall commented

Off Topic, I did load RC5 in in 5 sites, all good except for 1 shared host sub folder, serving cached files, but not regenerate.. different issue, trying htaccess stuff.

mikeytown2’s picture

mikeytown2 commented
Status: Reviewed & tested by the community » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.