It’ really hard to set up wiki for safe mode. Not because it’s too complicated – but because of the lack of normal documentation. You can find separate pieces there and here – but not the whole manual.
So.

Image uploads

0) Allow image uploads

$wgEnableUploads=true;

in your LocalSettings.php file.

1) Set up for all uploaded images not to use hash directory (two level md5 split) – but to use three common directories:
“archive”, “deleted”, “temp”, thumb. You do so by specifying

$wgHashedUploadDirectory = false;

in your LocalSettings.php file.

2) Chmod 777 on these directories.

Deleted files in wiki

There are two options:

1) Do not save them at all

$wgSaveDeletedFiles = false;

(possibly, doesn’t work in new versions of wiki)

2) Save them in the root of the “deleted” folder:

$wgSaveDeletedFiles = true;
$wgFileStore['deleted']['directory'] = false;// Defaults to $wgUploadDirectory/deleted
$wgFileStore['deleted']['url'] = null;       // Private, so set to null
$wgFileStore['deleted']['hash'] = 0;         // 0-level subdirectory split

Thumbnails

Are you sure you really need them? :))
It’s the beginning of the fun.
There are also several options.

1) Generate thumbnails on EVERY client request, instead of generating and writing them to thumbs directory

$wgThumbnailScriptPath = "{$wgScriptPath}/thumb.php";

If you don’t have many images in your wiki, then you can really use this option. If not – just think, how hard it will be on your server :(
Have pity.

2) Use browser resizing instead of graphic library’s. It’s fast, it doesn’t require any server power… But it’s pretty stupid, yeah?

And also – it happened to me several times quite accidentially during my experiments… I don’t think that anyone will try to use this thing, so I don’t want to explore how to repeat it.

3) And now – the only pretty way for working with images in wiki. Please read carefully. This way requires that you have the ability to change server safe mode configuration. So…

1) In php.ini set

safe_mode_gid=1

What it does?

PHP manual:
By default, Safe Mode does a UID compare check when opening files. If you want to relax this to a GID compare, then turn on safe_mode_gid. Whether to use UID (FALSE) or GID (TRUE) checking upon file access.

2) Move your user to “apache” group
3) Set

$wgDirectoryMode=0777;

4) No #4. It will all JUST WORK!!! Now, web server will compare not user_id of the files’s owner, but group_id. And it will be the same! By the way, now you can set up all normal settings:

$wgEnableUploads = true;
$wgHashedUploadDirectory = true;
$wgSaveDeletedFiles = true;
$wgFileStore['deleted']['directory'] = false;// Defaults to $wgUploadDirectory/deleted
$wgFileStore['deleted']['url'] = null;       // Private, so set to null
$wgFileStore['deleted']['hash'] = 3;         // 3-level subdirectory split
$wgAllowCopyUploads=true;
$wgDirectoryMode=0777;

Hey-hey… Now, you’ll need to move your images to the hashed upload directory, right? Unfortunately, wiki doesn’t have an option for it. But you can do it manually – just upload to your images dir and execute the following script:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<?
  $d = dir();
  while (false !== ($entry = $d->read()))
    if(is_file($entry))
      $f[]=$entry;
 
for($i=0;$i<sizeof($f);$i++)
{
    $f1=explode('.',$f[$i]);
    if(in_array($f1[1],array('gif','jpg')))
    {
        $m=md5($f[$i]);
        $d=substr($m,0,1).'/'.substr($m,0,2).'/';
        @mkdir($d,0777,1);
        $fi=file_get_contents($f[$i]);
        echo $f[$i].' = &gt;'.$d.$f[$i].'<br>';
        file_put_contents($d.$f[$i],$fi);
    }
 
}
?>

And all your images will be moved to their hashed directories!
By the way, slightly modifying the script, you can move your thumbnails (not neccesary, they are recreated automatically from original files) and deleted files to theit hashed directories.

Some notes:

1) Sometimes you can see errors that put_env function can’t run properly because of safe mode. It doesn’t affect any functionality but looks rather bad for user. To remove errors, you can either

  • comment lines in wiki source code (NOT RECOMMENDED)
  • Disable error reporting in php
  • Use ErrorHandler extension for hiding errors.
  • Disable error reporting in PHP locally by setting the following at the top of your LocalSettings.php file
error_reporting(0); #Disable the reporting of errors

2)Setting time zone

In safe mode, things like

 $wgLocaltimezone = "America/New_York";
 $oldtz = getenv("TZ");
 putenv("TZ=$wgLocaltimezone");

Won’t work. Instead, you should use

$wgLocaltimezone = 'CET';
$wgDefaultUserOptions['timecorrection'] = '04:00';//time offset +4

It is the only possible solution.
It will make the bloody wiki engine use server time (it MUST use it by default – but WTF?!) and set time offset +4 for all new users. It’s the only workaround for safe mode in wiki.
If you have questions – feel free to ask, my own wiki in safe mode works perfectly – you can check.

LATER:

I added this articles to mediawiki development pages:
http://www.mediawiki.org/wiki/Safe_mode – there possibly can be something new now.