On my website I must have the SafeMode on. Is there a way to upload files with the SafeMode on?
Lorenzo Breda
On 8 Feb 2005, at 10:54, Lorenzo Breda wrote:
On my website I must have the SafeMode on. Is there a way to upload files with the SafeMode on?
Sorry to sound glib, but it wouldn't be "safe" then, would it?
I think the only way to implement such a policy would be to hack the code. But keep in mind that since MediaWiki stores images in a database, allowing uploads possibly exposes you to SQL injection hacks.
:::: Beware of the military-industrial complex. -- Dwight D. Eisenhower :::: Jan Steinman http://www.Bytesmiths.com
On Tue, 2005-08-02 at 12:05 -0800, Jan Steinman wrote:
But keep in mind that since MediaWiki stores images in a database, [...]
Don't keep that in mind; it's not true. Put that out of mind.
MediaWiki stores some image metadata in the database, but the actual image blob is stored externally, in the "upload" dir.
~Evan
On 9 Feb 2005, at 03:39, Evan Prodromou wrote:
On Tue, 2005-08-02 at 12:05 -0800, Jan Steinman wrote:
But keep in mind that since MediaWiki stores images in a database, [...]
Don't keep that in mind; it's not true. Put that out of mind.
MediaWiki stores some image metadata in the database, but the actual image blob is stored externally, in the "upload" dir.
Oh, I thought that was just a cache, but I see that the mw_image table has no image data blob.
(Mine is in the "images" directory, not upload. It appears to be a hashed directory structure, which is why I didn't notice my images were there.)
Sorry for the misinformation!
:::: My parents went on a long vacation in their SUV, :::: and all I got was a year in Iraq. :::: CORRECTION: 18 months, the last six against my will... :::: Jan Steinman http://www.Bytesmiths.com/Item/99BA01
Lorenzo Breda wrote:
On my website I must have the SafeMode on. Is there a way to upload files with the SafeMode on?
Unless file uploads have also been disabled in your PHP configuration, then yes. But you have to go to some extra effort.
In safe mode, your PHP scripts can't write to directories that are not owned by the user account that owns the script, and this creates the main problem with uploads.
MediaWiki uses subdirectories in the upload area for generated thumbnails and to temporarily hold files for confirmation. Additionally, it divides up uploaded files into subdirectories based on the MD5 hash of the filename. This keeps the individual directories smaller and relatively manageable (remember MediaWiki was created for Wikipedia, which is a relatively large site). These subdirectories are created when they are needed, which usually means they are owned by the 'nobody' account or the web server's limited user ('web' or 'www' or 'apache' etc). Thus once the subdirectory is created, it can't actually put files in!
To work around this, you have to create the subdirectories in images/ ahead of time, as your own account:
thumb archive temp
For the numbered hash subdirectories, you can either create them all or you can disable the subdivision and let all files go into one place. (This is not supported on 1.3 unless you backport the change; it is available in 1.4beta.) To skip turn it off, set $wgHashedUploadDirectory = false in your LocalSettings.php.
To create them manually, they go in the pattern: N/NM where N and M are each hexadecimal number 0-f. You should end up with 16 top level subdirectories and 256 second-level subdirectories. Create these in each of images, images/thumb, images/archive, and images/temp.
-- brion vibber (brion @ pobox.com)
Brion,
Doesn't v1.4 has a new feature to use a flat directory for file uploading? -- John
Brion Vibber wrote:
Lorenzo Breda wrote:
On my website I must have the SafeMode on. Is there a way to upload files with the SafeMode on?
Unless file uploads have also been disabled in your PHP configuration, then yes. But you have to go to some extra effort.
In safe mode, your PHP scripts can't write to directories that are not owned by the user account that owns the script, and this creates the main problem with uploads.
MediaWiki uses subdirectories in the upload area for generated thumbnails and to temporarily hold files for confirmation. Additionally, it divides up uploaded files into subdirectories based on the MD5 hash of the filename. This keeps the individual directories smaller and relatively manageable (remember MediaWiki was created for Wikipedia, which is a relatively large site). These subdirectories are created when they are needed, which usually means they are owned by the 'nobody' account or the web server's limited user ('web' or 'www' or 'apache' etc). Thus once the subdirectory is created, it can't actually put files in!
To work around this, you have to create the subdirectories in images/ ahead of time, as your own account:
thumb archive temp
For the numbered hash subdirectories, you can either create them all or you can disable the subdivision and let all files go into one place. (This is not supported on 1.3 unless you backport the change; it is available in 1.4beta.) To skip turn it off, set $wgHashedUploadDirectory = false in your LocalSettings.php.
To create them manually, they go in the pattern: N/NM where N and M are each hexadecimal number 0-f. You should end up with 16 top level subdirectories and 256 second-level subdirectories. Create these in each of images, images/thumb, images/archive, and images/temp.
-- brion vibber (brion @ pobox.com)
MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
John Yu wrote:
Doesn't v1.4 has a new feature to use a flat directory for file uploading?
Yes it does:
you can disable the subdivision and let all files go into one place. (This is not supported on 1.3 unless you backport the change; it is available in 1.4beta.) To skip turn it off, set $wgHashedUploadDirectory = false in your LocalSettings.php.
-- brion vibber (brion @ pobox.com)
Oops. I think I need some sleep. :-) -- John
Brion Vibber wrote:
John Yu wrote:
Doesn't v1.4 has a new feature to use a flat directory for file uploading?
Yes it does:
you can disable the subdivision and let all files go into one place. (This is not supported on 1.3 unless you backport the change; it is available in 1.4beta.) To skip turn it off, set $wgHashedUploadDirectory = false in your LocalSettings.php.
-- brion vibber (brion @ pobox.com)
mediawiki-l@lists.wikimedia.org