Loading...
 
Features / Usability

Features / Usability


Attaching files to Wiki site

posts: 1 United States

I'm new to TikiWiki, but have successfully gone through the install of Tiki 18.1, and our organization has been using TikiWiki for the last several weeks. However, when anyone, even admins, try to upload a file to a Wiki page as an attachment, we're met with an HTTP Error 500 page. I have external directories setup, and the Server Check shows all the directories as writable. Any help would be greatly appreciated:

Tiki Version: 18.1
OS: Windows Server 2016

The following is the server check info:

Server Check 

MySQL or MariaDB Database Properties




Property

Value

Tiki Fitness

Acknowledge

Explanation

Version 5.1.73-community  good Tiki requires MySQL >= 5.x.
max_allowed_packet 1M  ugly The max_allowed_packet setting is at 1M. This is not a bad amount, but be sure the level is high enough to accommodate the needs of the site. This limits the size of binary files that can be uploaded to Tiki, when storing files in the database. Please see: file storage.
character_set_client utf8  good Tiki is fully UTF-8 and so should be every part of the stack.
character_set_connection utf8  good Tiki is fully UTF-8 and so should be every part of the stack.
character_set_database utf8  good Tiki is fully UTF-8 and so should be every part of the stack.
character_set_results utf8  good Tiki is fully UTF-8 and so should be every part of the stack.
character_set_server utf8  good Tiki is fully UTF-8 and so should be every part of the stack.
character_set_system utf8  good Tiki is fully UTF-8 and so should be every part of the stack.
collation_connection utf8_general_ci  good Tiki is fully UTF-8 and so should be every part of the stack. utf8_unicode_ci is the default collation for Tiki.
collation_database utf8_unicode_ci  good Tiki is fully UTF-8 and so should be every part of the stack. utf8_unicode_ci is the default collation for Tiki.
collation_server utf8_general_ci  good Tiki is fully UTF-8 and so should be every part of the stack. utf8_unicode_ci is the default collation for Tiki.
slow_query_log OFF  info MySQL doesn't log slow queries. If performance issues are noticed, this could be enabled, but keep in mind that the logging itself slows MySQL down.
SSL connection OFF  info MySQL Server does not have SSL activated.
Strict Mode STRICT_TRANS_TABLES  info MySQL is using strict mode

×
 New database engine
Your website is using a 18.x or higher version of tiki wiki and your database tables are not using the InnoDB database engine, you should consider migrate to InnoDB, that is now the default database engine for Tiki
MySQL crashed Tables

×
 Be careful
The following list is just a very quick look at SHOW TABLE STATUS that tells you, if tables have been marked as crashed. If you are experiencing database problems you should still run CHECK TABLE or myisamchk to make sure.


Table

Comment

No records found.

Test sending emails
To test if your installation is capable of sending emails please visit the Tiki Installer.
Server Information



Property

Value

Operating System WINNT
Web Server Microsoft-IIS/10.0
Server Signature off

Server Properties



Property

Value

Tiki Fitness

Acknowledge

Explanation

Disk Space 17.16 GB  good More than 251MB of free disk space is available. Tiki will run smoothly, but there may be issues when the site grows (because of file uploads, for example). When the disk space is filled, users, including administrators, will not be able to log in to Tiki. This test cannot reliably check for quotas, so be warned that if this server makes use of them, there might be less disk space available than reported.

Special directories
To backup these directories go to Admin->Tiki Cache/SysAdmin.


Directory

Fitness

Explanation

F:\WikiGallery  Directory is writeable.
img/trackers  Directory is writeable.
F:\WikiAttach  Directory is writeable.
img/wiki  Directory is writeable.
img/wiki_up  Directory is writeable.

Apache properties
You are either not running the preferred Apache web server or you are running PHP with a SAPI that does not allow checking Apache properties (e.g. CGI or FPM).
IIS properties



Property

Value

Tiki Fitness

Acknowledge

Explanation

IIS Url Rewrite Module Available  good The URL Rewrite Module is required to use SEFURL on IIS.

PHP scripting language properties



Property

Value

Tiki Fitness

Acknowledge

Explanation

Error logging Enabled  info Errors will be logged, since log_errors is enabled. Also, display_errors is disabled. This is good practice for a production site, to log the errors instead of displaying them. How to change this value
Error reporting Disabled  info No errors will be reported, because display_errors is turned off. This may be appropriate for a production site but, in any problems occur, enable it in php.ini to get more information. The error_reporting level is reasonable at 29687. How to change this value
ini_set Enabled  good ini_set is used in some places to accommodate special needs of some Tiki features. How to change this value
DB Driver PDO  good The PDO extension is the suggested database driver/abstraction layer.
PHP version 5.6.31  good This version of PHP is recent, and any supported version of Tiki can be run.
PHP CLI version  ugly The version of the command line executable of PHP (C:\Program Files (x86)\PHP\v5.6\php.exe) is not the same as the web server version.
PHP Server API cgi-fcgi  info PHP is being run as CGI. Feel free to use a threaded Apache MPM to increase performance.
ByteCode Cache N/A  info Neither APC, WinCache nor xCache is being used as the ByteCode Cache; if one of these were used and correctly configured, performance would be increased. See Admin->Performance in the Tiki for more details.
memory_limit 512M  good The memory_limit is at 512M. This is known to support smooth functioning even for bigger sites. How to change this value
session.save_handler files  good Well set! The default setting of 'files' is recommended for Tiki. How to change this value
session.save_path C:\Windows\temp  good The session.save_path is writable. How to change this value
session ok  good This appears to work.
zlib.output_compression Off  info zlib output compression is turned off. This reduces CPU usage. On the other hand, turning it on would save bandwidth. The appropriate choice can be made for this Tiki. How to change this value
register_globals Off  good Correctly set! And this is also future proof as register_globals is deprecated.
safe_mode Off  good Correctly set! And this is also future proof as safe_mode is deprecated.
magic_quotes_gpc Off  good Correctly set! Some features like assigning permissions to a group whose name contains a quote will not work with this turned on. And this is also future proof as magic_quotes_gpc is deprecated. How to change this value
default_charset UTF-8  good Correctly set! Tiki is fully UTF-8 and so should be this installation. How to change this value
date.timezone America/Tegucigalpa  good Well done! Having a time zone set protects the site from related errors. How to change this value
file_uploads On  good Files can be uploaded to Tiki.
max_execution_time 300s  ugly The max_execution_time is at 300. This is not necessarily bad, but it's a good idea to limit this time on productions servers in order to eliminate unexpectedly long running scripts. How to change this value
max_input_time 60s  good The max_input_time is at 60. This is a good value for production sites. If timeouts are experienced (such as when performing admin functions) this may need to be increased nevertheless. How to change this value
upload_max_filesize 64M  good The upload_max_filesize is at 64M. Quite large files can be uploaded, but keep in mind to set the script timeouts accordingly. How to change this value
post_max_size 128M  good The post_max_size is at 128M. Quite large files can be uploaded, but keep in mind to set the script timeouts accordingly. How to change this value
fileinfo Not available  ugly The fileinfo extension is needed for the 'Validate uploaded file content' preference.
intl Not available  ugly intl extension is preferred for Tiki 15 and newer. Because is not available, the filters for text will not be able to detect the language and will use a generic range of characters as letters.
gd bundled (2.1.0 compatible)  good The GD extension is needed for manipulation of images and for CAPTCHA images.
Image Magick Not Available  info ImageMagick is used as a fallback in case GD is not available.
mbstring Loaded  good mbstring extension is needed for an UTF-8 compatible lower case filter, in the admin search for example.
calendar Loaded  good calendar extension is needed by Tiki.
ctype Loaded  good ctype extension is needed by Tiki.
libxml Loaded  good This extension is needed for the dom extension (see below).
dom Loaded  good This extension is needed by Tiki
LDAP Not available  info Tiki will not be able to connect to an LDAP server as the needed PHP extension is missing. More info at: http://doc.tiki.org/LDAP
memcache Not available  info This extension can be used to speed up Tiki by saving sessions as well as wiki and forum data on a memcached server.
SSH2 Not available  info This extension is needed for the show.tiki.org tracker field type, up to Tiki 17.
curl Loaded  good This extension is required for H5P.
json Loaded  good This extension is required for many features in Tiki.
openssl Loaded  good Enable safe, encrypted storage of data such as passwords. Required for the User Encryption feature and improves encryption in other features, when available.
mcrypt Loaded  info MCrypt is abandonware and is being phased out. Starting in version 18, Tiki uses OpenSSL where it previously used MCrypt, except perhaps via third-party libraries. Tiki still uses MCrypt to decrypt user data encrypted with MCrypt, when converting that data to OpenSSL.
\Zend\Math\Rand Available  good Ability to generate random numbers, useful for example for CAPTCHA and other security features.
iconv Loaded  good This extension is required and used frequently in validation functions invoked within Zend Framework.
eval() Available  good The eval() function is required by the Smarty templating engine.
ZipArchive class Available  good The ZipArchive class is needed for features such as XML Wiki Import/Export and PluginArchiveBuilder.
DateTime class Available  good The DateTime class is needed for the WebDAV feature.
Xdebug Not Available  info Xdebug can be very handy for a development server, but it might be better to disable it when on a production server.

×
 Change PHP configuration values

Looks like you are running PHP as FPM/CGI/FastCGI, you may be able to override some of your PHP configurations by add them to .user.ini files, see: http://php.net/manual/en/configuration.file.per-user.php

You can check the full documentation on how to change the configurations values in http://www.php.net/manual/en/configuration.php

PHP Security properties
To check the file integrity of your Tiki installation, go to Admin->Security.


Property

Value

Tiki Fitness

Acknowledge

Explanation

upload_tmp_dir C:\Windows\temp  unknown It can't be reliably determined if the upload_tmp_dir is accessible via a web browser. To be sure, check the webserver configuration.
register_globals Off  safe register_globals should be off by default. See the PHP manual for details. How to change this value
exec Enabled  risky Exec can potentially be used to execute arbitrary code on the server. Tiki does not need it; perhaps it should be disabled.
passthru Enabled  risky Passthru is similar to exec. Tiki does not need it; perhaps it should be disabled. However, the Composer package manager used for installations in Subversion checkouts may need it.
shell_exec Enabled  risky Shell_exec is similar to exec. Tiki needs it to run PDF from URL: WebKit (wkhtmltopdf). If this is needed and the other PHP software on the server can be trusted, this should be enabled.
system Enabled  risky System is similar to exec. Tiki does not need it; perhaps it should be disabled.
proc_open Enabled  risky Proc_open is similar to exec. Tiki does not need it; perhaps it should be disabled. However, the Composer package manager used for installations in Subversion checkouts may need it.
popen Enabled  risky popen is similar to exec. Tiki needs it for file search indexing in file galleries. If this is needed and other PHP software on the server can be trusted, this should be enabled.
curl_exec Enabled  risky Curl_exec can potentially be abused to write malicious code. Tiki needs it to run features like Kaltura, CAS login, CClite and the myspace and sf wiki-plugins. If these are needed and other PHP software on the server can be trusted, this should be enabled.
curl_multi_exec Enabled  risky Curl_multi_exec can potentially be abused to write malicious code. Tiki needs it to run features like Kaltura, CAS login, CClite and the myspace and sf wiki-plugins. If these are needed and other PHP software on the server can be trusted, this should be enabled.
parse_ini_file Enabled  risky It is probably an urban myth that this is dangerous. Tiki team will reconsider this check, but be warned. It is required for the System Configuration feature.
show_source Enabled  risky It is probably an urban myth that this is dangerous. Tiki team will reconsider this check, but be warned.
session.use_trans_sid Disabled  safe session.use_trans_sid should be off by default. See the PHP manual for details. How to change this value
xbithack Disabled  safe setting the xbithack option is unsafe. Depending on the file handling of the webserver and the Tiki settings, an attacker may be able to upload scripts to file gallery and execute them. How to change this value
allow_url_fopen Enabled  risky allow_url_fopen may potentially be used to upload remote data or scripts. Also used by Composer to fetch dependencies. If this Tiki does not use the Blogs feature, this can be switched off.

Tiki Security


 Sensitive Data Exposure

Tiki did not detect temporary files in the db folder which may expose credentials or other sensitive information.

File Gallery Search Indexing
 More information here

 Feature disabled

Go to the File Gallery Control Panel (with advanced preferences showing) to enable

MySQL Variable Information



Property

Value

auto_increment_increment 1
auto_increment_offset 1
autocommit ON
automatic_sp_privileges ON
back_log 50
basedir C:\Program Files\MySQL\MySQL Server 5.1\
big_tables OFF
binlog_cache_size 32768
binlog_direct_non_transactional_updates OFF
binlog_format STATEMENT
bulk_insert_buffer_size 8388608
character_set_client utf8
character_set_connection utf8
character_set_database utf8
character_set_filesystem binary
character_set_results utf8
character_set_server utf8
character_set_system utf8
character_sets_dir C:\Program Files\MySQL\MySQL Server 5.1\share\charsets\
collation_connection utf8_general_ci
collation_database utf8_unicode_ci
collation_server utf8_general_ci
completion_type 0
concurrent_insert 1
connect_timeout 10
datadir C:\ProgramData\MySQL\MySQL Server 5.1\Data\
date_format %Y-No value assignedd
datetime_format %Y-No value assignedd %H:No value assigneds
default_week_format 0
delay_key_write ON
delayed_insert_limit 100
delayed_insert_timeout 300
delayed_queue_size 1000
div_precision_increment 4
engine_condition_pushdown ON
error_count 0
event_scheduler OFF
expire_logs_days 0
flush OFF
flush_time 1800
foreign_key_checks ON
ft_boolean_syntax + ->

posts: 758 United States

Check your tiki admin control panel, for gallery uploads go to /tiki-admin.php?page=fgal, and for your attachments at /tiki-admin.php?page=wiki&cookietab=2&highlight=feature_wiki_attachments
and make sure you have your files uploading to a directory instead of database.

Once you have those checked off, make sure your directories are one level up outside of your tiki root installation, I like to create a folder called "files", and inside create one folder for each "gallery" and "attachments".

Back in your File Galleries and Attachment directory settings where you show the path of your uploads, should look like this:

../files/gallery/
../files/attachments/

In your check script you show 1MB for uploads, that is really low, you should have it at 32MB to allow files greater than 1MB to upload.



Upcoming Events

1)  18 Apr 2024 14:00 GMT-0000
Tiki Roundtable Meeting
2)  16 May 2024 14:00 GMT-0000
Tiki Roundtable Meeting
3)  20 Jun 2024 14:00 GMT-0000
Tiki Roundtable Meeting
4)  18 Jul 2024 14:00 GMT-0000
Tiki Roundtable Meeting
5)  15 Aug 2024 14:00 GMT-0000
Tiki Roundtable Meeting
6)  19 Sep 2024 14:00 GMT-0000
Tiki Roundtable Meeting
7) 
Tiki birthday
8)  17 Oct 2024 14:00 GMT-0000
Tiki Roundtable Meeting
9)  21 Nov 2024 14:00 GMT-0000
Tiki Roundtable Meeting
10)  19 Dec 2024 14:00 GMT-0000
Tiki Roundtable Meeting