about safe mode


Well-known member
Will turning safe_mode off cause a security issue? I've read somewhere that this is one of the disadvantages of Xenforo!


XenForo developer
Staff member
It's worth pointing at the PHP manual itself here: http://php.net/manual/en/features.safe-mode.php:
This feature has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.
Safe mode unreasonably limits things like creating directories and reading files from within them (based on its UID limits). Strictly speaking, there are workarounds, but they involve chown'ing files and that's not really something to get into. The cruxt is that safe_mode is not a recommended PHP setting any more; security solutions should be looked at via a lower-level method (eg, phpsuexec).