Does Q2A require allow_url_fopen=0

Question

I am getting a lot of warning errors when I go to admin > plugins page

PHP Warning:  file_get_contents(): https:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /home/illdebateyou/public_html/qa-include/qa-base.php on line 1838

And almost all the plugins are throwing the following error:

PHP Warning:  file_get_contents(https://raw.githubusercontent.com/creator/plugin_name/master/metadata.json): Failed to open stream: no suitable wrapper could be found in /home/illdebateyou/public_html/qa-include/qa-base.php on line 1838

It looks like if I just turn on allow_url_fopen, the errors might go away. But from what I am understanding this setting not safe (true/false?).

• Is it the core that is causing the errors or all the plugins?
• Is there a fix to the code that will stop the errors? (without enabling allow_url_fopen)

Thanks, Eddie

Answer 1

The Q2A core just downloads a file referenced in the metadata.json files of the plugins that inform them about the latest online version of the plugin. Then it compares your installed version against the latest one to let you know if there is an update to download or not.

Saying that this is a security issue would be exactly the same as saying that browsing a web page is a security issue.

You can either hide the error and lose the feature (and any other feature provided by a plugin that requires to access the internet using a similar way) or set allow_url_fopen to On. I'd go for the second one, which happens to be default in the PHP production php.ini file.

Comments

Perfect!  l’ll just set allow_url_fopen to On.. Thanks for the speedy response.