Warning: escapeshellarg() has been disabled for security reasons
MediaWiki 1.16.0 PHP 5.3.6 (cgi-fcgi) Database 5.1.56-log MySQL
Whenever we try to upload an image, we get this error: Warning: escapeshellarg() has been disabled for security reasons in /*****/*****/public_html/*****/includes/GlobalFunctions.php on line 1473 and the image doesn't upload. In place of where the image should appear, the following is there instead: Error creating thumbnail: Unable to run external programs in safe mode. How do we fix this please?
Your ISP has the safe_mode setting enabled. Learn more here.
In short, yes, MediaWiki will work under safe mode but you're better off contacting your ISP and asking them to disable safe_mode. You might have to look for another host, at worst. I configure things myself, so I recommend Linode.
My ISP has disabled some php functions, a.o. passthru() and escapeshellarg(). This has to do with the risk of running these functions in combination with user-supplied arguments. So, in my case, this warning has nothing to do with the safe_mode setting in php.ini. My ISP claims that most security breaches could be traced back to the misuse of these functions. Security is, of course, also in our interest. I wonder how other ISP's can guarantee security, while leaving commands like passthru(), shell_exec(), and exec() open for user-supplied arguments.