On Fri, May 23, 2008 at 9:08 PM, Mike McGrath <mmcgrath@xxxxxxxxxx> wrote: > On Fri, 23 May 2008, Jeffrey Tadlock wrote: >> * Change 'allow_url_fopen' to Off. >> >> * Set 'expose_php' to Off. >> >> * Set 'display_errors' to Off >> >> * Set the upload_tmp_dir to a location that is only accessible by the >> user running MediaWiki and not readable or writeable by anyone else as >> well as being outside the web root. >> >> disable_functions = >> "apache_get_modules,apache_get_version,apache_getenv,apache_note, >> apache_setenv,disk_free_space,diskfreespace,dl, >> >> highlight_file,ini_alter,ini_restore,openlog,passthru,phpinfo, >> >> proc_nice,shell_exec,show_source,symlink,system,exec,fsockopen, >> dl,popen" >> >> php_admin_value open_basedir /var/www/wiki:/location/of/upload/tmp/dir > > These are all fine with me. I made most of these changes tonight on publictest2. There were two exceptions. I did not change the 'display_errors' as it is useful for the testing going on. 'open_basedir' is causing issues with the user's page (i.e. clicking the jeffreyt link at the top of the page), when it is enabled it just goes to a blank page. The same happens with the Infrastructure page as well. Everything else seemed to work well with it enabled. I will play with that on a vanilla install at home and see what is up with that. Everything else has been modified. If something has broken and I missed it, feel free to ping me (iWolf) on IRC. If I am not around you can grab the original php.ini file from my home directory under the php-sec directory. Just copy it to /etc/php.ini and bounce apache and you will be back to the way it was before I made the changes. Please let me know if you need to do that though, so I can look at it further. Thanks, Jeffrey _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
