[imp] Safe Mode
Lord Apollyon
implist at paypc.com
Tue Sep 30 15:26:04 PDT 2003
> * With safe mode turned on there was the immediate env problems (LANG)
> that I just tried suppressing but ended up turning off show_errors in
> php.ini. (well documented elsewhere)
Easy to fix.
For the VirtualHost section (Apache config) covering your webmail section:
php_admin_value safe_mode_allowed_env_vars = "PHP_,LANGUAGE,LANG,TZ"
> * I also get "Cannot set time limit in safe mode". I responded with
> setting the time_limit in the php.ini to a decently high value of
> 240sec. However, no matter what I set for error_reporting (php.ini)
> they still show up in my php.log file. I'd like to stop these errors
> from hitting the log file because there are 5 or 6 for every page
> request.
You'll need to "patch" Horde/IMP to fix that.
The calls are made in:
horde/imp/lib/base.php:
horde/kronolith/lib/base.php:
horde/lib/Registry.php:
horde/turba/lib/base.php:
Given some of the Horde/IMP's developers' hostility towards "Safe Mode", I
suggest you maintain a list of Safe-Mode violating lines of code. The pity
is that code can check for Safe Mode being on and proactively avoid making
such calls.
> * Does this error "sh: line 1: /wvHtml: No such file or directory"
> have to do with safe mode based on the following permissions?
> # ll `which wvHtml`
> -rwxr-xr-x 1 root root 2977 Jul 25 10:40
> /usr/local/bin/wvHtml
All system binaries you use in Horde/IMP must be placed in the PHP
Safe_Binary directory... note, symlinks to existing bins are OK so you don't
need to "duplicate" files.
> * Attachments are no longer working. They upload fine, and show the
> right size. However, when the message is sent, the data is missing.
> If you view the message source you see the MIME header for the
> attachment, but it contains no data, just header/footer. Ideas?
You need to create a special upload directory and chown www:www ; chmod 0700
; it. Configure your PHP upload path to use that directory, *AND*
Horde/IMP's upload/attachment directory to use (or a descendent) of it as
well. I think I put an explicit <Directory> directive permitting
POST/UPLOAD content to that directory tree as well to be paranoid.
I operate a sizeable production IMP server in Safe Mode with *NO*
compromises whatsoever except for the loss of Spell-check functionality. I
haven't figured out what breaks that yet.
=Apollyon=
More information about the imp
mailing list