PHP 5 safe mode

Just do not use safe mode
PHP's safe_mode is an ill-concieved, broken-by-design setting in PHP that is supposed to make broken scripts safe. It was deprecated in PHP5 and removed in PHP6 (see the PHP documentation). MediaWiki can run with safe_mode enabled, but many of the advanced features will not work or need additional configuration.

To turn off safe mode, put this into your php.ini file: safe_mode = Off

Another point of view
The alternatives of safe mode at the web server and OS levels aren't very realistic, many people, especially ISP's, use safe mode for now. For example, there is no other way to defend files upper to your basedir. In httpd.conf, open_basedir can be turned off (e.g. for some virtual hosts) the same way as any other configuration directive with "php_admin_value open_basedir none". It doesn't work. It must - but doesn't. Only safe mode is a normal safety solution now. is supposed to make broken scripts safe That's very, very incorrect. Do you consider wordpress or wiki itself as broken scripts? Of cause no. They just have some security holes - do not be too strict to such giant engines.

How to set up wiki to work in safe mode
It’ really hard to set up wiki for safe mode. Not because it’s too complicated - but because of the lack of normal documentation. You can find separate pieces there and here - but not the whole manual. So.

Image uploads
0) Allow image uploads $wgEnableUploads=true;

in your LocalSettings.php file. 1) Set up for all uploaded images not to use hash directory (two level md5 split) - but to use three common directories:

“archive”, “deleted”, “temp”, thumb. You do so by specifying $wgHashedUploadDirectory = flase;

in your LocalSettings.php file. 2) Chmod 777 on these directories.

Deleted files in wiki
There are two options: 1) Do not save them at all $wgSaveDeletedFiles = false;

(possibly, doesn’t work in new versions of wiki) 2) Save them in the root of the “deleted” folder:

$wgSaveDeletedFiles = true; $wgFileStore['deleted']['directory'] = false;// Defaults to $wgUploadDirectory/deleted $wgFileStore['deleted']['url'] = null;      // Private, so set to null $wgFileStore['deleted']['hash'] = 0;        // 0-level subdirectory split

Thumbnails
Are you sure you really need them? :)) It’s the beginning of the fun. There are also several options. 1) Generate thumbnails on EVERY client request, instead of generating and writing them to thumbs directory  $wgThumbnailScriptPath = “{$wgScriptPath}/thumb.php”;

If you don’t have many images in your wiki, then you can really use this option. If not - just think, how hard it will be on your server :( Have pity. 2) Use browser resizing instead of graphic library’s. It’s fast, it doesn’t require any server power… But it’s pretty stupid, yeah?

And also - it happened to me several times quite accidentially during my experiments… I don’t think that anyone will try to use this thing, so I don’t want to explore how to repeat it. 3) And now - the only pretty way for working with images in wiki. Please read carefully. This way requires that you have the ability to change server safe mode configuration. So… 1) In php.ini set safe_mode_gid=1

What it does? PHP manual: By default, Safe Mode does a UID compare check when opening files. If you want to relax this to a GID compare, then turn on safe_mode_gid. Whether to use UID (FALSE) or GID (TRUE) checking upon file access.

2) Move your user to “apache” group 3) Set $wgDirectoryMode=0777;

4) No #4. It will all JUST WORK!!! Now, web server will compare not user_id of the files’s owner, but group_id. And it will be the same! By the way, now you can set up all normal settings:

$wgEnableUploads = true; $wgHashedUploadDirectory = true; $wgSaveDeletedFiles = true; $wgFileStore['deleted']['directory'] = false;// Defaults to $wgUploadDirectory/deleted $wgFileStore['deleted']['url'] = null;      // Private, so set to null $wgFileStore['deleted']['hash'] = 3;        // 3-level subdirectory split $wgAllowCopyUploads=true; $wgDirectoryMode=0777;

Hey-hey… Now, you’ll need to move your images to the hashed upload directory, right? Unfortunately, wiki doesn’t have an option for it. But you can do it manually - just upload to your images dir and execute the following script: And all your images will be moved to their hashed directories! By the way, slightly modifying the script, you can move your thumbnails (not neccesary, they are recreated automatically from original files) and deleted files to theit hashed directories.