On Fri, May 23, 2008 at 9:08 PM, Mike McGrath <mmcgrath(a)redhat.com> wrote:
On Fri, 23 May 2008, Jeffrey Tadlock wrote:
> * Change 'allow_url_fopen' to Off.
> * Set 'expose_php' to Off.
> * Set 'display_errors' to Off
> * Set the upload_tmp_dir to a location that is only accessible by the
> user running MediaWiki and not readable or writeable by anyone else as
> well as being outside the web root.
> disable_functions =
> php_admin_value open_basedir /var/www/wiki:/location/of/upload/tmp/dir
These are all fine with me.
I made most of these changes tonight on publictest2. There were two exceptions.
I did not change the 'display_errors' as it is useful for the testing
'open_basedir' is causing issues with the user's page (i.e. clicking
the jeffreyt link at the top of the page), when it is enabled it just
goes to a blank page. The same happens with the Infrastructure page
as well. Everything else seemed to work well with it enabled. I will
play with that on a vanilla install at home and see what is up with
Everything else has been modified.
If something has broken and I missed it, feel free to ping me (iWolf)
on IRC. If I am not around you can grab the original php.ini file
from my home directory under the php-sec directory. Just copy it to
/etc/php.ini and bounce apache and you will be back to the way it was
before I made the changes. Please let me know if you need to do that
though, so I can look at it further.