ini_set() in Piwik


(piwik89) #1

Hi there!
Updating Piwik always was a painless and fast procedure. But recently, I updated my Piwik installation to version 0.4.2, which obviously introduced huge changes.
On my servers, I disabled ini_set() for security reasons. Piwik has the following piece of code in its index.php (line 28):

    ini_set('include_path', PIWIK_INCLUDE_PATH . '/core'
         . PATH_SEPARATOR . PIWIK_INCLUDE_PATH . '/libs'
         . PATH_SEPARATOR . PIWIK_INCLUDE_PATH . '/plugins');

Well, I think using ini_set() here is unnecessary. Have a look at set_include_path(), which works fine.
Okay, after patching this, I realized that there actually was more ini_set():

Warning: ini_set() has been disabled for security reasons in /webroot/piwik/libs/Zend/Session.php on line 186

Oh no! Zend libraries use of ini_set(), too! style_emoticons/<#EMO_DIR#>/sad.gif

Anybody having similar problems? Found a solution?

Thanks for your help.


(vipsoft) #2

We use ini_set because it is compatible with older versions of php, and because some admins disable set_include_path() for unspecified security reasons…


(ixiter) #3

set_inlude_path is built in with >V4.3. For Zend Framework Applications you always need V5.x. Wich older PHP Versions you want support?

Many more admins disable ini_set for very specified security reasons.

In another thread, I suggested to use an own HTTP Request Class, since Zend Http uses stream_socket_client() by default. The answer was, it is already in trunk, but needs to get reviewed. Now we have a new Version, and still probs with feedreading, because it wasnt reviewed.

Somehow, to me it isnt that funny to give bugreports, suggestions and support, when it is such ignored. style_emoticons/<#EMO_DIR#>/sad.gif

Well, I’m used to patch some piwik files after an update. So what. Not that big deal.


(vipsoft) #4

Yes, whereas ini_set works in all versions.

No, I said there was code in “Trac” waiting to be reviewed. SVN (and trunk) is a different system.

Thanks for your patience and continued support. We do read and respond to suggestions and bug reports.

Right now our priority is bug fixes, code maintenance/refactoring, and new features. Working around disabled functions and missing extensions is, unfortunately for some, a lower priority, especially when there are more pressing issues.


#5

I have the same problem
I am using a shared hosting
the server admin wont change the php setting due some stupid security reasons!
at last

I cant use piwik at all :frowning:
oh god I am really sad :((((


(vipsoft) #6

Sorry, this is a wontfix. In Piwik 1.5, Piwik and Zend Framework use ini_set() to configure php (e.g., sessions).

I would suggest researching alternate hosting providers, and consider switching when your hosting plan comes up for renewal.