Last modified: 2012-09-27 16:19:49 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T14663, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 12663 - ImageMagick in SafeMode
ImageMagick in SafeMode
Status: RESOLVED WONTFIX
Product: MediaWiki
Classification: Unclassified
File management (Other open bugs)
1.10.x
All All
: Lowest enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-17 10:46 UTC by kpf
Modified: 2012-09-27 16:19 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description kpf 2008-01-17 10:46:10 UTC
In file includes/GlobalFunctions.php the following is hardcoded. If php_safe_mode is on, imagemagick is blocked.

if( ini_get( 'safe_mode' ) ) {
        wfDebug( "wfShellExec can't run in safe_mode, PHP's exec functions are too broken.\n" );
        $retval = 1;
        return "Unable to run external programs in safe mode.";
    }

But thats not correct. In safe mode it is possible to use imagemagick also. Therefore you copy the imagemagick program in the safe_mode_exec_dir and configure the safe_mode_exec_dir in /etc/php.ini.

But in the source code abbove, thumbnailing is blocked whether program to execute is located in safe_mode_exec_dir or not. With the following modification thumnailing works also with imageMagick in php_safe_mode!

        if( ini_get( 'safe_mode' ) ) {
/*modified by kpf for using safe_mode with safe_mode_exec_dir*/
                if ( ini_get ( 'safe_mode_exec_dir' ) )
                {
                        $safe_mode_exec_dir = ini_get ( 'safe_mode_exec_dir' );
                        if ( substr ( $safe_mode_exec_dir, strlen ( $safe_mode_exec_dir ) - 1, 1) != "/" )
                                 $safe_mode_exec_dir .= "/";
                        if ( substr ( $cmd, 0, strlen ( $safe_mode_exec_dir ) ) != $safe_mode_exec_dir )
                        {
                                wfDebug( "wfShellExec can't run in safe_mode, PHP's exec functions are too broken.\n" );
                                $retval = 1;
                                return "Unable to run external programs in safe mode.";                          
                        }
                }
                else
                {
/*modified end*/
                        wfDebug( "wfShellExec can't run in safe_mode, PHP's exec functions are too broken.\n" );
                        $retval = 1;
                        return "Unable to run external programs in safe mode.";
/*modified by kpf for using safe_mode with safe_mode_exec_dir*/
        }
/*modified end*/
        }
Comment 1 Brion Vibber 2008-01-18 22:32:45 UTC
The problem isn't the directory restrictions, but the tragic damage that PHP's exec functions do to the command line options. We have to pass several options and filenames, which need to be properly escaped for security purposes. PHP seems to assume we don't know what we're doing and munges the command line so it doesn't work anymore.
Comment 2 kpf 2008-01-21 07:24:30 UTC
But after I've modified my Wiki-Source like i've postet above, it works.
My Wiki is now working also with ImageMagick.
So as a first step it would be nice to take over in the official source code.
Later it would be of cource nice to implement all the options of the php.ini configuration.
But there aren't so much functions in relation to executing functions in safe_mode.
Comment 3 Bryan Tong Minh 2011-03-12 20:30:55 UTC
(In reply to comment #2)
> But after I've modified my Wiki-Source like i've postet above, it works.

It works for some images but not for all due to the command line parameters mangling that Brion indicated.
Comment 4 Nubie Rio 2012-09-27 15:15:19 UTC
Until version 1.18.x, with safe_mode enabled,
I was able to generate thumbnails in my wiki.

Since I updated to versione 1.19.x, thumbnails
are no more being generated.

So, I've applied all this guide:
http://www.mediawiki.org/wiki/Safe_mode
including the external link.

The "fix for thumbnails" doesn't work
- the sources seems to be changed.

I can generate thumbnails only while I temporary
disable safe_mode (it is still enabled on many servers
with php <=5.3, for security reasons!).

So, "wontfix" means that, probabilly, mediawiki
versions >= 1.19.x will not fix that bug with safe_mode?
Comment 5 Nubie Rio 2012-09-27 16:19:49 UTC
FYI (sorry for spamming), I've also tried the solutions indicated in this talk, including the patch (which comes from mediawiki 1.20.x ?!) and the workaround from the last reply (applied with And without the patch):

http://www.mediawiki.org/wiki/Thread:Talk:MediaWiki_1.19/Thumbnails_didn't_work_since_Update_to_1.19/reply_(45)

Thumbnails are still not working, keeping safe_mode enabled.

However, thanks for your attention.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links