Author: jweberhofer
Description:
In cases where a open_basedir restriction has been set, mediawiki should use the directory set in upload_tmp_dir for storing temporary files.
Version: 1.19.0
Severity: major
OS: Linux
• bzimport | |
May 3 2012, 10:26 AM |
F9218: mediawiki-36475-wfTempDir-patch.diff | |
Nov 22 2014, 12:20 AM |
Author: jweberhofer
Description:
In cases where a open_basedir restriction has been set, mediawiki should use the directory set in upload_tmp_dir for storing temporary files.
Version: 1.19.0
Severity: major
OS: Linux
jweberhofer wrote:
Use upload_tmp_dir for storing temporary files
attachment mediawiki-36475-wfTempDir-patch.diff ignored as obsolete
jweberhofer wrote:
Use upload_tmp_dir for storing temporary files
Sorry, have previously sent a wrong patch
Attached:
sumanah wrote:
Thanks, Johannes! It would be great if you got developer access
https://www.mediawiki.org/wiki/Developer_access
and submitted this directly into Git/Gerrit:
https://www.mediawiki.org/wiki/Git/Workflow
Thanks.
upload_tmp_dir() should only be used for uploads, not for any random time we want a temporary directory.
If the value of your sys_get_temp_dir() conflicts with open_basedir restrictions, I'd say that's a misconfiguration.
jweberhofer wrote:
The problem is, that on servers with many virtual hosts (apache2-mod_php5), the vhost users are locked into their home-directory, using the open_basedir setting.
To make all uploads working, upload_tmp_dir is set to the HOME/tmp directory.
Unfortunately the sys_get_temp_dir() value always return the system's directory (e.g. /tmp) where I do not want to give the vhost-users access to (users could read/write other's files).
sumanah wrote:
A different patch has been suggested: https://www.mediawiki.org/w/index.php?title=Talk:MediaWiki_1.19&offset=20120509121819#Thumbnails_didn.27t_work_since_Update_to_1.19_15046
jweberhofer wrote:
Isn't the suggested code exactly the same as the suggested patch?
In the meantime I have seen, that "file_exists()" on the not availabe global tmp-setting already causes an entry into the logs. Maybe this entry could be suppressed?
(In reply to comment #7)
Isn't the suggested code exactly the same as the suggested patch?
No, they're subtly different (I had to look at it for a couple of minutes). The difference is swapping the order of checking upload_tmp_dir() before sys_get_temp_dir().
If sys_get_temp_dir() returns bogus path, there's no guarantee that upload_tmp_dir() works properly, so I think the only viable solution is to add a setting to explicitly override the tmp directory.
Part of the problem is that wfTempDir ignores $wgTmpDirectory. See
bug 24985 and bug 27959.
(In reply to comment #10)
Part of the problem is that wfTempDir ignores $wgTmpDirectory. See
bug 24985 and bug 27959.
Not really a problem. This was discussed before, and $wgTmpDirectory is for a different purpose than wfTempDir().
(In reply to comment #11)lly a problem. This was discussed before, and $wgTmpDirectory is for a
different purpose than wfTempDir().
Any link for this?
(In reply to comment #12)
(In reply to comment #11)lly a problem. This was discussed before, and
$wgTmpDirectory is for adifferent purpose than wfTempDir().
Any link for this?
It was an IRC discussion between me and Brion some time after I filed bug 24985.
(In reply to comment #13)
(In reply to comment #12)
(In reply to comment #11)lly a problem. This was discussed before, and
$wgTmpDirectory is for adifferent purpose than wfTempDir().
Any link for this?
It was an IRC discussion between me and Brion some time after I filed bug
That, and Brion's rather length comment 1 on that bug.
(In reply to comment #14)
That, and Brion's rather length Bug 24985 comment 1 on that bug.
They are for different purposes, but as Brion points out in the comment:
It looks like most code using $wgTmpDirectory doesn't actually need to keep the
files around across requests or anything, though.
...
Some things that it looks like *do* need/want to keep files across requests:
- DBABagOStuff (cache implementation; meant for dev use)
- .... I think that might be it.
In any case, I have a trial commit on gerrit 8996
(In reply to comment #11)
Not really a problem.
It is a problem, though. If a person doesn't want to use /tmp for whatever reason (in this case, because the provider restricts access), then they will run into problems.
Could you comment on gerrit #8996?
sumanah wrote:
Gerrit change #8996 has been merged as of June 13th. Thanks for the patch.
questpc wrote:
1.22wmf3 still failed with
"Error creating thumbnail: Unable to save thumbnail to destination"
default MediaWiki config 1.22wmf3 for Ubuntu 12.04LTS until I restored "pre 1.20" $wgTmpDirectory defaults in LocalSettings.php:
$wgUploadDirectory = "{$IP}/images";
$wgTmpDirectory = "{$wgUploadDirectory}/tmp";