Thanks for the input. I added the following to .htaccess:
*php_flag session.use_trans_sid off*
Hope that was the right thing to do :-)
mediawiki-l-request@Wikimedia.org wrote:
Send MediaWiki-l mailing list submissions to mediawiki-l@Wikimedia.org
To subscribe or unsubscribe via the World Wide Web, visit http://mail.wikipedia.org/mailman/listinfo/mediawiki-l or, via email, send a message with subject or body 'help' to mediawiki-l-request@Wikimedia.org
You can reach the person managing the list at mediawiki-l-owner@Wikimedia.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of MediaWiki-l digest..."
Today's Topics:
- Safe mode (Lorenzo Breda)
- Re: Safe mode (Jan Steinman)
- Re: Safe mode (Brion Vibber)
- Re: Safe mode (John Yu)
- Re: Safe mode (Brion Vibber)
- Re: Safe mode (John Yu)
- PHPSESSID in MediaWiki (sarath)
- Re: PHPSESSID in MediaWiki (Brion Vibber)
- help please (Alli Lenters)
- Re: help please (NSK)
- How to make external links open a new window? (Jan Steinman)
Message: 1 Date: Tue, 08 Feb 2005 19:54:52 +0100 From: Lorenzo Breda lorenzo@gbreda.com Subject: [Mediawiki-l] Safe mode To: MediaWiki mediawiki-l@Wikimedia.org Message-ID: 6.2.1.2.0.20050208195330.02780b50@box.gbreda.com Content-Type: text/plain; charset="us-ascii"; format=flowed
On my website I must have the SafeMode on. Is there a way to upload files with the SafeMode on?
Lorenzo Breda
Message: 2 Date: Tue, 8 Feb 2005 12:05:25 -0800 From: Jan Steinman Jan@Bytesmiths.com Subject: Re: [Mediawiki-l] Safe mode To: MediaWiki announcements and site admin list mediawiki-l@Wikimedia.org Message-ID: bcb3be31052a7240bce615e809d1cc7a@Bytesmiths.com Content-Type: text/plain; charset=US-ASCII; format=flowed
On 8 Feb 2005, at 10:54, Lorenzo Breda wrote:
On my website I must have the SafeMode on. Is there a way to upload files with the SafeMode on?
Sorry to sound glib, but it wouldn't be "safe" then, would it?
I think the only way to implement such a policy would be to hack the code. But keep in mind that since MediaWiki stores images in a database, allowing uploads possibly exposes you to SQL injection hacks.
:::: Beware of the military-industrial complex. -- Dwight D. Eisenhower :::: Jan Steinman http://www.Bytesmiths.com
Message: 3 Date: Tue, 08 Feb 2005 12:27:19 -0800 From: Brion Vibber brion@pobox.com Subject: Re: [Mediawiki-l] Safe mode To: MediaWiki announcements and site admin list mediawiki-l@Wikimedia.org Message-ID: 420920A7.2040900@pobox.com Content-Type: text/plain; charset="iso-8859-1"
Lorenzo Breda wrote:
On my website I must have the SafeMode on. Is there a way to upload files with the SafeMode on?
Unless file uploads have also been disabled in your PHP configuration, then yes. But you have to go to some extra effort.
In safe mode, your PHP scripts can't write to directories that are not owned by the user account that owns the script, and this creates the main problem with uploads.
MediaWiki uses subdirectories in the upload area for generated thumbnails and to temporarily hold files for confirmation. Additionally, it divides up uploaded files into subdirectories based on the MD5 hash of the filename. This keeps the individual directories smaller and relatively manageable (remember MediaWiki was created for Wikipedia, which is a relatively large site). These subdirectories are created when they are needed, which usually means they are owned by the 'nobody' account or the web server's limited user ('web' or 'www' or 'apache' etc). Thus once the subdirectory is created, it can't actually put files in!
To work around this, you have to create the subdirectories in images/ ahead of time, as your own account:
thumb archive temp
For the numbered hash subdirectories, you can either create them all or you can disable the subdivision and let all files go into one place. (This is not supported on 1.3 unless you backport the change; it is available in 1.4beta.) To skip turn it off, set $wgHashedUploadDirectory = false in your LocalSettings.php.
To create them manually, they go in the pattern: N/NM where N and M are each hexadecimal number 0-f. You should end up with 16 top level subdirectories and 256 second-level subdirectories. Create these in each of images, images/thumb, images/archive, and images/temp.
-- brion vibber (brion @ pobox.com)