[Mediawiki-l] Re: PHPSESSID in MediaWiki
webadmin
webadmin at ownee.com
Wed Feb 9 16:49:17 UTC 2005
Thanks for the input. I added the following to .htaccess:
*php_flag session.use_trans_sid off*
Hope that was the right thing to do :-)
mediawiki-l-request at Wikimedia.org wrote:
>Send MediaWiki-l mailing list submissions to
> mediawiki-l at Wikimedia.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
>or, via email, send a message with subject or body 'help' to
> mediawiki-l-request at Wikimedia.org
>
>You can reach the person managing the list at
> mediawiki-l-owner at Wikimedia.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of MediaWiki-l digest..."
>
>
>Today's Topics:
>
> 1. Safe mode (Lorenzo Breda)
> 2. Re: Safe mode (Jan Steinman)
> 3. Re: Safe mode (Brion Vibber)
> 4. Re: Safe mode (John Yu)
> 5. Re: Safe mode (Brion Vibber)
> 6. Re: Safe mode (John Yu)
> 7. PHPSESSID in MediaWiki (sarath)
> 8. Re: PHPSESSID in MediaWiki (Brion Vibber)
> 9. help please (Alli Lenters)
> 10. Re: help please (NSK)
> 11. How to make external links open a new window? (Jan Steinman)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Tue, 08 Feb 2005 19:54:52 +0100
>From: Lorenzo Breda <lorenzo at gbreda.com>
>Subject: [Mediawiki-l] Safe mode
>To: MediaWiki <mediawiki-l at Wikimedia.org>
>Message-ID: <6.2.1.2.0.20050208195330.02780b50 at box.gbreda.com>
>Content-Type: text/plain; charset="us-ascii"; format=flowed
>
>On my website I must have the SafeMode on. Is there a way to upload files
>with the SafeMode on?
>
>Lorenzo Breda
>
>
>
>------------------------------
>
>Message: 2
>Date: Tue, 8 Feb 2005 12:05:25 -0800
>From: Jan Steinman <Jan at Bytesmiths.com>
>Subject: Re: [Mediawiki-l] Safe mode
>To: MediaWiki announcements and site admin list
> <mediawiki-l at Wikimedia.org>
>Message-ID: <bcb3be31052a7240bce615e809d1cc7a at Bytesmiths.com>
>Content-Type: text/plain; charset=US-ASCII; format=flowed
>
>On 8 Feb 2005, at 10:54, Lorenzo Breda wrote:
>
>
>
>>On my website I must have the SafeMode on. Is there a way to upload
>>files with the SafeMode on?
>>
>>
>
>Sorry to sound glib, but it wouldn't be "safe" then, would it?
>
>I think the only way to implement such a policy would be to hack the
>code. But keep in mind that since MediaWiki stores images in a
>database, allowing uploads possibly exposes you to SQL injection hacks.
>
>:::: Beware of the military-industrial complex. -- Dwight D. Eisenhower
>:::: Jan Steinman <http://www.Bytesmiths.com>
>
>
>
>------------------------------
>
>Message: 3
>Date: Tue, 08 Feb 2005 12:27:19 -0800
>From: Brion Vibber <brion at pobox.com>
>Subject: Re: [Mediawiki-l] Safe mode
>To: MediaWiki announcements and site admin list
> <mediawiki-l at Wikimedia.org>
>Message-ID: <420920A7.2040900 at pobox.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>Lorenzo Breda wrote:
>
>
>>On my website I must have the SafeMode on. Is there a way to upload
>>files with the SafeMode on?
>>
>>
>
>Unless file uploads have also been disabled in your PHP configuration,
>then yes. But you have to go to some extra effort.
>
>In safe mode, your PHP scripts can't write to directories that are not
>owned by the user account that owns the script, and this creates the
>main problem with uploads.
>
>MediaWiki uses subdirectories in the upload area for generated
>thumbnails and to temporarily hold files for confirmation. Additionally,
>it divides up uploaded files into subdirectories based on the MD5 hash
>of the filename. This keeps the individual directories smaller and
>relatively manageable (remember MediaWiki was created for Wikipedia,
>which is a relatively large site). These subdirectories are created when
>they are needed, which usually means they are owned by the 'nobody'
>account or the web server's limited user ('web' or 'www' or 'apache'
>etc). Thus once the subdirectory is created, it can't actually put files in!
>
>To work around this, you have to create the subdirectories in images/
>ahead of time, as your own account:
>
> thumb
> archive
> temp
>
>For the numbered hash subdirectories, you can either create them all or
>you can disable the subdivision and let all files go into one place.
>(This is not supported on 1.3 unless you backport the change; it is
>available in 1.4beta.) To skip turn it off, set $wgHashedUploadDirectory
>= false in your LocalSettings.php.
>
>To create them manually, they go in the pattern:
> N/NM
>where N and M are each hexadecimal number 0-f. You should end up with 16
>top level subdirectories and 256 second-level subdirectories. Create
>these in each of images, images/thumb, images/archive, and images/temp.
>
>-- brion vibber (brion @ pobox.com)
>-------------- next part --------------
>A non-text attachment was scrubbed...
>Name: signature.asc
>Type: application/pgp-signature
>Size: 253 bytes
>Desc: OpenPGP digital signature
>Url : http://mail.wikipedia.org/pipermail/mediawiki-l/attachments/20050208/7678aaa2/signature-0001.bin
>
>------------------------------
>
>Message: 4
>Date: Wed, 09 Feb 2005 10:17:54 +1100
>From: John Yu <jyu at objectmastery.com>
>Subject: Re: [Mediawiki-l] Safe mode
>To: MediaWiki announcements and site admin list
> <mediawiki-l at Wikimedia.org>
>Message-ID: <420948A2.6060901 at objectmastery.com>
>Content-Type: text/plain; charset=us-ascii; format=flowed
>
>Brion,
>
>Doesn't v1.4 has a new feature to use a flat directory for file uploading?
>--
>John
>
>Brion Vibber wrote:
>
>
>
>>Lorenzo Breda wrote:
>>
>>
>>
>>>On my website I must have the SafeMode on. Is there a way to upload
>>>files with the SafeMode on?
>>>
>>>
>>Unless file uploads have also been disabled in your PHP configuration,
>>then yes. But you have to go to some extra effort.
>>
>>In safe mode, your PHP scripts can't write to directories that are not
>>owned by the user account that owns the script, and this creates the
>>main problem with uploads.
>>
>>MediaWiki uses subdirectories in the upload area for generated
>>thumbnails and to temporarily hold files for confirmation. Additionally,
>>it divides up uploaded files into subdirectories based on the MD5 hash
>>of the filename. This keeps the individual directories smaller and
>>relatively manageable (remember MediaWiki was created for Wikipedia,
>>which is a relatively large site). These subdirectories are created when
>>they are needed, which usually means they are owned by the 'nobody'
>>account or the web server's limited user ('web' or 'www' or 'apache'
>>etc). Thus once the subdirectory is created, it can't actually put
>>files in!
>>
>>To work around this, you have to create the subdirectories in images/
>>ahead of time, as your own account:
>>
>> thumb
>> archive
>> temp
>>
>>For the numbered hash subdirectories, you can either create them all or
>>you can disable the subdivision and let all files go into one place.
>>(This is not supported on 1.3 unless you backport the change; it is
>>available in 1.4beta.) To skip turn it off, set $wgHashedUploadDirectory
>>= false in your LocalSettings.php.
>>
>>To create them manually, they go in the pattern:
>> N/NM
>>where N and M are each hexadecimal number 0-f. You should end up with 16
>>top level subdirectories and 256 second-level subdirectories. Create
>>these in each of images, images/thumb, images/archive, and images/temp.
>>
>>-- brion vibber (brion @ pobox.com)
>>
>>------------------------------------------------------------------------
>>
>>_______________________________________________
>>MediaWiki-l mailing list
>>MediaWiki-l at Wikimedia.org
>>http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
>>
>>
>>
>>
>
>
>
More information about the MediaWiki-l
mailing list