Hi there,
I am getting the following fairly strange errors when activating (or previewing) 3.6.4...

Warning: Trop curieux... in /mnt/132/sdd/e/5/jeanmichel.cazaux/site-tb34/wordpress/wp-content/themes/atahualpa364/header.php on line 21

Warning: include(bfa://html_inserts_body_tag) [function.include]: failed to open stream: no suitable wrapper could be found in /mnt/132/sdd/e/5/jeanmichel.cazaux/site-tb34/wordpress/wp-content/themes/atahualpa364/header.php on line 21

Warning: include() [function.include]: Failed opening 'bfa://html_inserts_body_tag' for inclusion (include_path='/mnt/132/sdd/e/5/jeanmichel.cazaux/include:.:/usr/php5/lib/php') in /mnt/132/sdd/e/5/jeanmichel.cazaux/site-tb34/wordpress/wp-content/themes/atahualpa364/header.php on line 21
>
Warning: Trop curieux... in /mnt/132/sdd/e/5/jeanmichel.cazaux/site-tb34/wordpress/wp-content/themes/atahualpa364/header.php on line 22

Warning: include(bfa://html_inserts_body_top) [function.include]: failed to open stream: no suitable wrapper could be found in /mnt/132/sdd/e/5/jeanmichel.cazaux/site-tb34/wordpress/wp-content/themes/atahualpa364/header.php on line 22

Warning: include() [function.include]: Failed opening 'bfa://html_inserts_body_top' for inclusion (include_path='/mnt/132/sdd/e/5/jeanmichel.cazaux/include:.:/usr/php5/lib/php') in /mnt/132/sdd/e/5/jeanmichel.cazaux/site-tb34/wordpress/wp-content/themes/atahualpa364/header.php on line 22

There are a long list of them, just pasted the first few.

Though it is not "the white devil" (page) I tried the suhosin fix (though I am not sure my PHP.ini was actually loaded) but it did not help...

Any isea any one?

Thanks in advance...
Jean-Michel

PS : the site (WIP) is here... I am not sure it does help.

This is the 'suhosin' issue - see Try this if you are getting blank page with Atahualpa 3.6.x

Hi Juggledad,
I tried the suhosin thing in the PHP.ini, but it did not help. I am not sure that PHP.ini was even loaded.

Should I try to put the suhosin line somewhere else (like in index.php)?

Thanks,
JM

Your best bet is to contact your host and
1) ask them if suhosin is installed (I'm sure it is) and
2) how do you whitelist something

I have now asked my ISP if there is a way to whitelist something and/or access the php.ini and as I was afraid, this will not fly...

The point of suhosin in their case is to avoid their users to temper with system and host unsafe applications... Allowing whitelisting wouyld defeat the purpose.

I vaguely remember reading here in a post that ATA 3.6.4 and WP 3.1 were not erroring anymore and suhosin whitelisting was not necessary.

Is it right or wrong and the issue is still here?

JM

You can try WP 3.1 but I believe you will still hit the suhosin issue. You ill have to fall back to Atahualpa 3.5.3

As for your provider not allowing white lists, what can I say, that's like putting locks on all the doors of your house and not giving anyone a key. The idea is you allow known safe situations, like you give a key to your brother or someone you trust.

Guys, do not get me wrong here, but I am afraid you are possibly going down the wrong way.

Your theme is absolutely fantastic and reached a level of quality not found in a lot of software, especially as it is open source, but I think you possibly need to account for your user base if that is at all possible in this case.

I think that is a lot of instances, Wordpress blogs are hosted in shared environements where the blog/site author has very little control over the actual underlying configuration.

In a lot of these shared hosting environements, the hardening is not only there to protect the sites/servers from external attacks/hacking, but as well to prevent an individual site to temper/dammage the whole system/server.

I strongly suspect that I am not the only one with no access to their php.ini and undelying settings (and believe me, I know how frustrating it is).

Finally, I have been in software engineering for 20 years and managed development teams and for what my word is worth, when you have to twist a security rule/practice to run an application something has probably gone wrong somewhere.

If I where you, I would look into alternative techniques to avoid this suhosin bybass, I assume there are things that can be done.

Again, your theme is great and well crafted, no question about that, but I think you will put a failrly large amount of your users between a rock and a hard place.

All the best,
Jean-Michel

Thanks Jean-Michel... The reasons we have mentioned the "fixes" for the Suhosin issue is more of a work around for now. We realize that many of our users don't have the ability or desire to mess with pho.ini and .htaccess files and solutions are being looked at. We have also become aware that Suhosin is becoming problematic for other programs as well so for all we know there are solutions coming from other sources.

I just wanted you to know we are not just saying "here is the fix". We are hoping to come up with a solution.

Thanks again.

Larry,
thank you very much for clarifying that and sorry if I sounded like I was patronising you guys, it was really not the intention.

Cheers,
JM

I didn't feel that way at all. I agree with what you are saying and just wanted you to know.