Last modified: 2012-09-27 16:19:49 UTC
In file includes/GlobalFunctions.php the following is hardcoded. If php_safe_mode is on, imagemagick is blocked. if( ini_get( 'safe_mode' ) ) { wfDebug( "wfShellExec can't run in safe_mode, PHP's exec functions are too broken.\n" ); $retval = 1; return "Unable to run external programs in safe mode."; } But thats not correct. In safe mode it is possible to use imagemagick also. Therefore you copy the imagemagick program in the safe_mode_exec_dir and configure the safe_mode_exec_dir in /etc/php.ini. But in the source code abbove, thumbnailing is blocked whether program to execute is located in safe_mode_exec_dir or not. With the following modification thumnailing works also with imageMagick in php_safe_mode! if( ini_get( 'safe_mode' ) ) { /*modified by kpf for using safe_mode with safe_mode_exec_dir*/ if ( ini_get ( 'safe_mode_exec_dir' ) ) { $safe_mode_exec_dir = ini_get ( 'safe_mode_exec_dir' ); if ( substr ( $safe_mode_exec_dir, strlen ( $safe_mode_exec_dir ) - 1, 1) != "/" ) $safe_mode_exec_dir .= "/"; if ( substr ( $cmd, 0, strlen ( $safe_mode_exec_dir ) ) != $safe_mode_exec_dir ) { wfDebug( "wfShellExec can't run in safe_mode, PHP's exec functions are too broken.\n" ); $retval = 1; return "Unable to run external programs in safe mode."; } } else { /*modified end*/ wfDebug( "wfShellExec can't run in safe_mode, PHP's exec functions are too broken.\n" ); $retval = 1; return "Unable to run external programs in safe mode."; /*modified by kpf for using safe_mode with safe_mode_exec_dir*/ } /*modified end*/ }
The problem isn't the directory restrictions, but the tragic damage that PHP's exec functions do to the command line options. We have to pass several options and filenames, which need to be properly escaped for security purposes. PHP seems to assume we don't know what we're doing and munges the command line so it doesn't work anymore.
But after I've modified my Wiki-Source like i've postet above, it works. My Wiki is now working also with ImageMagick. So as a first step it would be nice to take over in the official source code. Later it would be of cource nice to implement all the options of the php.ini configuration. But there aren't so much functions in relation to executing functions in safe_mode.
(In reply to comment #2) > But after I've modified my Wiki-Source like i've postet above, it works. It works for some images but not for all due to the command line parameters mangling that Brion indicated.
Until version 1.18.x, with safe_mode enabled, I was able to generate thumbnails in my wiki. Since I updated to versione 1.19.x, thumbnails are no more being generated. So, I've applied all this guide: http://www.mediawiki.org/wiki/Safe_mode including the external link. The "fix for thumbnails" doesn't work - the sources seems to be changed. I can generate thumbnails only while I temporary disable safe_mode (it is still enabled on many servers with php <=5.3, for security reasons!). So, "wontfix" means that, probabilly, mediawiki versions >= 1.19.x will not fix that bug with safe_mode?
FYI (sorry for spamming), I've also tried the solutions indicated in this talk, including the patch (which comes from mediawiki 1.20.x ?!) and the workaround from the last reply (applied with And without the patch): http://www.mediawiki.org/wiki/Thread:Talk:MediaWiki_1.19/Thumbnails_didn't_work_since_Update_to_1.19/reply_(45) Thumbnails are still not working, keeping safe_mode enabled. However, thanks for your attention.
