Peacebringers

So one of a few webhosts I use decided to disable PHP’s readfile() function. Now I have a reason to dislike them. Why do people assume readfile() is a security benefit when disabled? Let’s just disable half of PHP’s core functions, you know… the ones used to manipulate files, send/receive data across the web like xml-rpc (which would kill blogs like this one), etc. While XML-RPC has always been a subject of heated discussion as some people, (even myself in the past) believe “RPC” to be exactly like native Linux RPC. Education … please?

So I was faced with a disabled readfile() which Gallery uses to display random remote images from it’s array of images stored in your personal gallery. Overall, it’s touchy on Gallery’s past history of security flaws, but they’ve released updates and fixes as they’re made aware. And still, readfile() gets the rap, and gets disabled.

How to overcome it? It was easy, but involved more lines of code without readfile(). Here’s how:

Here’s the original line (somewhat modified):
@readfile('http://www.domain.com/gallery2/main.php?g2_view=imageblock.External&g2_blocks=randomImage&g2_show=none');

Here’s what I had to do to overcome the lack of readfile():
$ch = curl_init();
$timeout = 5; // set to zero for no timeout
curl_setopt ($ch, CURLOPT_URL, 'http://www.domain.com/gallery2/main.php?g2_view=imageblock.External&g2_blocks=randomImage&g2_show=none');
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$file_contents = curl_exec($ch);
curl_close($ch);
echo $file_contents;

Stick that in a <div …> tag for centering or what have you and away you go. By the way, this wasn’t my idea, but an idea I snagged from someone else some time ago for another website I was setting up and ran across this issue. Now I ran across it and had to borrow it again. I just can’t seem to locate the original site to give them their due credit. It’s saved me many times now on stupid web hosts.