webtrees

Can't SAFE-MODE be used for webtrees?

Asked by Jens Kettwig on 2010-04-14

I have safe mode enabled on my server and now I get the following error message:

ERROR 2: set_time_limit() [function.set-time-limit]: Cannot set time limit in safe mode
0 Error occurred on in function set_time_limit
1 called from line 270 of file session.php in function require
2 called from line 33 of file login.php

I also run Joomla! on the same webserver and from discussions over the last years I can remember that it was strongly recommended to use safe mode. Can someone give me advice?

Question information

Language:: English Edit question

Status:: Solved

For:: webtrees Edit question

Assignee:: No assignee Edit question

Solved by:: Jens Kettwig

Solved:: 2010-04-15

Last query:: 2010-04-15

Last reply:: 2010-04-15

Link existing bug

Revision history for this message

Jens Kettwig (jlkettwig) said on 2010-04-14:

Folgende Info habe ich von meinem Provider bzgl. Safe mode:

Um unsere Server und somit Ihre Domain(s) gegen Sicherheitslücken von PHP immuner zu machen, setzen wir einen zusätzlichen Sicherheitspatch für PHP (Hardened-PHP) ein. Da bei unseren Webservern Safe-Mode aktiviert ist, verwenden wir auch suPHP. suPHP führt Ihre PHP-Scripts mit den Rechten Ihres Domainusers aus. Somit greifen hier die strikten Einstellungen von Safe-Mode nicht. Wir verwenden Safe-Mode in erster Linie nur zur Deaktivierung von gewissen PHP-Funktionen. Da via suPHP Ihre PHP Dateien direkt ausgeführt werden gibt es hinsichtlich des PHP Safe-Mode keine Einschränkungen, da Sie innerhalb Ihres Webs jede Aktion durchführen können.

Im Falle einer Safe-Mode Deaktivierung übernehmen Sie die Verantwortung für alle über Ihre Domains bzw. Webhosts eventuell durchgeführten Angriffe.

Revision history for this message

Jens Kettwig (jlkettwig) said on 2010-04-14:

Well, now also in English:
my provider told me they are using hardened-PHP (suPHP) and therefore safe-mode does not inhibit any php-functions.

Would it not be better to let the user choose whether to use safe-mode ON or OFF ???

I don't really want to turn safe-mode off at the moment.

Revision history for this message

fisharebest (fisharebest) said on 2010-04-15:

safe_mode has been marked as deprecated in PHP5.3.0, and will be removed in PHP6.

See http://php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode

However, it is easy to add conditional code, for PHP5.2.X users

if (!ini_get('safe_mode')) {
set_time_limit(get_site_setting('MAX_EXECUTION_TIME'));
}

I don't know what other features may be affected. If you are willing to do the testing,
we can find/fix these.

Revision history for this message

fisharebest (fisharebest) said on 2010-04-15:

I have set up a system with safe-mode. Only a few code-changes are needed. I will submit the changes when I get home.

Revision history for this message

Jens Kettwig (jlkettwig) said on 2010-04-15:

Hi fisharebest,

I'm fully aware of the limited life-span of safe-mode. I might even get rid of mine rather sooner than later. I just thought there might still be a bunch of users who still have to live with safe-mode and who would like to install webtrees nonetheless. If it's too much of a hazzel then leave it as it is.

Cheers,

Revision history for this message

fisharebest (fisharebest) said on 2010-04-15:

The changes have been submitted to SVN. Basic functions seem to work OK. You can test tomorrow (using tonight's build).

Revision history for this message

Jens Kettwig (jlkettwig) said on 2010-04-17:

I've just updated my install and everything seems to be working fine (can't say yet if there are any problems in some areas). Thanks a lot!

To post a message you must log in.

Ask a question

Edit question

webtrees

Can't SAFE-MODE be used for webtrees?

Question information

Related bugs

Related FAQ:

Subscribers