Yesterday I got an email from a very nice customer :) He said that whenever he tried to access the Template Manager he gets the following error:
"Cannot use a stream transport when "allow_url_fopen" is disabled."
Basically, the solution is very simple - enable "allow_url_fopen" in your PHP Configuration (php.ini for example or through your .htaccess file). So that's what I told him - "Contact your Hosting Support and ask them to enable "allow_url_fopen".
So far so good! But after few hours I got a reply from him saying that his Host has rejected his request with the following message:
"Unfortunately allow_url_fopen is extremely insecure so it cannot be enabled on shared servers.
Make sure the template is coded for Joomla 3.x version and also you can ask the template team to use cURL function instead of allow_url_fopen."
Honestly, I was almost shocked by this reply! Yes, I know there are quite some Hosting Providers that disable "allow_url_fopen" on their shared servers but this is either because they do not have enough knowledge or because they want to make you upgrade your Hosting Plan and that's how to charge you more money :)
So this is the main purpose of this article - to shut your Hosting Provider mouth or at least to educate them why "allow_url_fopen" MUST be enabled.
Enabling "allow_url_fopen" is a core Joomla requirement and it is written on their website. In order to have a properly working Joomla Website you must enable it. Just have a look at the following links and screenshots... they should be enough even for a small kid to understand that "allow_url_fopen" must be enabled and that this is not a Template/Framework related requirement, it is a Joomla core requirement!
1. Read this article in the Joomla Documentation (search for allow_url_fopen). See the first screenshot below.
2. Read this Topic from the Joomla Forum. See the second screenshot below.
3. Read this Topic from the Rockettheme Forum (Rockettheme are the developers of Gantry). See the third screenshot below.
There is nothing insecure with "allow_url_fopen". The security issue comes from "allow_url_include" and your Hosting Provider should know this very well.
So, if your Hosting Provider does not want to enable "allow_url_fopen" for you, the only smart thing you can do is to change them. Yes, simply find a normal, good Host!
Guys, feel free to forward this article to your Hosting Provider if needed. I'm very curious what their reply will be ;)