Configuring files upload and securing their viewing

This document describes how to set up the file uploads on Seizam MediaWiki, and how to manage their viewing

Enable uploading functionality in PHP

Edit php.ini file and ensure that file uploads is on

file_uploads = On

If running in safe mode, please refer to PHP documentation to check if their is any restriction on file uploads

Set up a special folder outside the document root

If the document root is /var/www , create a new folder inside the folder /var , with a name unguessable (prevent easy finding if the server security is compromised)

 mkdir /var/ciz3g26g54qn3

Make it read/writeable for the web server:

•  chgrp <your_web_server_group> /var/ciz3g26g54qn3

•  chmod 770 /var/ciz3g26g54qn3

Restrict direct access from PHP engine with an .htaccess file in the newly created folder:

 echo 'php_admin_flag engine off' > .htaccess

Make it read only:

 chmod 444 .htaccess

Configure MediaWiki core:

• to check permissions for viewing uploaded files,
• to use the newly created folder for storing uploaded files,
• to enable file uploads,
• to allow img_auth.php to access images while the wiki is private.

Edit LocalSettings.php config file:

•  $wgUploadPath = "$wgScriptPath/img_auth.php";

•  $wgUploadDirectory = '/var/ciz3g26g54qn3';

•  $wgEnableUploads = true;

•  $wgImgAuthPublicTest = false;

Edit img_auth.php, to correct a bug that breaks serving thumbs ( http://comments.gmane.org/gmane.org.wikimedia.mediawiki.bugs/173967 ), replace

$dotPos = strpos( $path, '.' );

by

$dotPos = strrpos( $path, '.' );

(around line 50)