Topic on Project:Support desk

Jump to navigation Jump to search

Warning: escapeshellarg() has been disabled for security reasons

5 (talkcontribs)
       MediaWiki 1.16.0
       PHP 	5.3.6 (cgi-fcgi)
       Database 5.1.56-log MySQL

Whenever we try to upload an image, we get this error: Warning: escapeshellarg() has been disabled for security reasons in /*****/*****/public_html/*****/includes/GlobalFunctions.php on line 1473 and the image doesn't upload. In place of where the image should appear, the following is there instead: Error creating thumbnail: Unable to run external programs in safe mode. How do we fix this please?

Frozen Wind (talkcontribs)

Your ISP has the safe_mode setting enabled. Learn more here.

In short, yes, MediaWiki will work under safe mode but you're better off contacting your ISP and asking them to disable safe_mode. You might have to look for another host, at worst. I configure things myself, so I recommend Linode. (talkcontribs)

My ISP has disabled some php functions, a.o. passthru() and escapeshellarg(). This has to do with the risk of running these functions in combination with user-supplied arguments. So, in my case, this warning has nothing to do with the safe_mode setting in php.ini. My ISP claims that most security breaches could be traced back to the misuse of these functions. Security is, of course, also in our interest. I wonder how other ISP's can guarantee security, while leaving commands like passthru(), shell_exec(), and exec() open for user-supplied arguments. (talkcontribs)

Other hosts configure their systems properly. Maybe they can also invest more money into qualified personal, maybe because their customers pay more or because they work more efficiently; reasons may vary.

Reply to "Warning: escapeshellarg() has been disabled for security reasons"