PHP Security Tweaks

Mike McGrath mmcgrath at
Mon May 26 03:29:14 UTC 2008

On Sun, 25 May 2008, Jeffrey Tadlock wrote:

> On Sat, May 24, 2008 at 10:18 PM, Jeffrey Tadlock <linux at> wrote:
> > 'open_basedir' is causing issues with the user's page (i.e. clicking
> > the jeffreyt link at the top of the page), when it is enabled it just
> > goes to a blank page.  The same happens with the Infrastructure page
> > as well.  Everything else seemed to work well with it enabled.  I will
> > play with that on a vanilla install at home and see what is up with
> > that.
> I think I have this working now.  I needed to add /usr/share/pear to
> the open_basedir list.  The things I saw broken because of that last
> night now appear to be working.  It is now enabled on publictest2.
> If I am not around and it turns out it is causing issues somewhere
> else, you can just comment it out in /etc/php.ini and bounce Apache
> and you'll be good to go.
> > If something has broken and I missed it, feel free to ping me (iWolf)
> > on IRC.  If I am not around you can grab the original php.ini file
> > from my home directory under the php-sec directory.  Just copy it to
> > /etc/php.ini and bounce apache and you will be back to the way it was
> > before I made the changes.  Please let me know if you need to do that
> > though, so I can look at it further.
> Same applies.  I have some garden work to do this afternoon, so if I
> am not around, you can copy the original php.ini from my home
> directory under the php-sec directory to /etc/php.ini and bounce
> apache to be back to the original way it was before I made changes.
> Just let me know if you end up needing to do that so I can look at it
> further.

Thanks for looking in to this stuff, once we're sure its all working right
we can get that in to puppet and deploy it on our new mediawiki hosts.


More information about the Fedora-infrastructure-list mailing list