Yasuo Ohgaki
699ccceaa4
Added trans_sid security risk examples.
2002-08-14 06:45:23 +00:00
Marcus Boerger
d2418b11f8
docref_root and docref_ext for php_error_docref()
...
@Added clickable error messages that direct to a page describing the
@error or function causing the error in detail. (Yasuo, Wez, Marcus)
2002-08-13 15:29:34 +00:00
Yasuo Ohgaki
42355837c1
Changed my mind.
...
Let users decided whether users want larger chunk size or not.
@ Changed zlib.output_compression behavior. If larger chunk is preferred,
enable output_buffering also. (Marcus, Yasuo)
2002-08-11 02:32:49 +00:00
Marcus Boerger
9c8ba935d6
Improved handling of output buffers (see news)\n#No trim for the string parameter...
2002-08-09 22:29:58 +00:00
Yasuo Ohgaki
872e0b0c71
Move unserialize_callback_func description a little
2002-08-09 06:18:46 +00:00
Yasuo Ohgaki
70ef3f67f3
Added note for output_handler usage. (with Marcus and Adam's fix)
2002-08-09 06:14:33 +00:00
Marcus Boerger
4f1e5943d8
-add & document ini settings for exif
2002-07-28 17:25:55 +00:00
Yasuo Ohgaki
fd428a4882
This option should be left enabled by default by mistake.
...
--enable-trans-sid option is removed and this option should
be disabled by default in php.ini.
1) It's insecure by nature
2) It may not work well always
3) It wasn't enabled by default used be
4) It risks security and user should enable it after realizing
it's security risks.
2002-07-19 09:45:07 +00:00
Yasuo Ohgaki
658503f6ee
Move down open_basedir description.
2002-07-18 01:36:17 +00:00
Yasuo Ohgaki
02bc91f0bc
Fixed open_basedir note - thanks to Sander. I also notice I have to modify pg_lo_import(), etc. It does not check open_basedir at all. It checks UID/GID, though. We are better to note how we should treat files in coding standard.
2002-07-17 04:20:37 +00:00
Yasuo Ohgaki
ccc04b7096
Added note for open_basedir
2002-07-17 00:09:09 +00:00
Georg Richter
ab863dee30
Added php.ini option "mysql_connection.timeout"
2002-07-16 13:52:23 +00:00
Rui Hirokawa
555ca8eedd
added mbstring.language option in ext/mbstring.
2002-07-11 15:45:35 +00:00
Derick Rethans
d812929d2f
- Implement Andrei's request for disabling memory leak reporting in debug
...
builds.
#- Andrei: I can show you the logs :)
2002-06-26 19:43:46 +00:00
Markus Fischer
c0736d6096
- List new session.use_only_cookies option.
2002-06-16 06:05:23 +00:00
Frank M. Kromann
4b40b9513b
Adding ini setting for max_procs
2002-06-10 20:00:20 +00:00
Sander Roobol
a6abfcbbe7
Update cracklib path and comment it out (thanks to Urs Gehrig for the hint)
2002-06-01 09:53:07 +00:00
Sander Roobol
295e8e5bd4
It's get_cfg_var() not cfg_get_var()
2002-05-19 14:16:41 +00:00
Frank M. Kromann
31a16f63f9
Adding ini setting that allows the MSSQL extension to use NT authentication
2002-05-09 20:36:40 +00:00
Rasmus Lerdorf
22182fc78d
# Since Jani seems to have us all on /ignore, I'm reverting
2002-04-27 13:38:55 +00:00
foobar
f0de9845f8
Default setting for short_open_tag is better be Off.
2002-04-26 23:20:06 +00:00
Yasuo Ohgaki
e59e3884b6
Added mbstring.func_overload directive
2002-04-19 07:13:55 +00:00
Yasuo Ohgaki
fe5c67d285
Remove gargabe
2002-04-19 06:33:55 +00:00
Yasuo Ohgaki
fd89d2d24a
Added description to mbstring ini entries
2002-04-19 06:30:14 +00:00
Marcus Boerger
bd9cf79efb
new ini setting log_errors_max_len
...
@-New ini setting log_errors_max_len controls maximum length for error
@ messages. Set it to 0 for infinite. Default is 1024 (old behaviour) (Marcus)
2002-04-10 01:27:44 +00:00
foobar
80131be70f
Removed relics from PHP3.
2002-04-07 17:46:57 +00:00
Yasuo Ohgaki
efbb9949a5
Added pgsql.ignore_notice and pgsql.log_notice ini entry.
2002-04-07 06:11:41 +00:00
Marcus Boerger
ddc6437e32
new feature ignoring repeated error messages (defaults to old behaviour)
...
@You can now disable logging of repeated error messages with two new ini settings ignore_repeated_errors, ignore_repeated_source. @(Marcus)
2002-04-06 18:49:59 +00:00
Sander Roobol
4e8f9e2585
Added crack extension to php.ini-*
2002-03-29 16:32:23 +00:00
Sean Bright
9fa1dd317d
Fix typo.
2002-03-26 19:59:26 +00:00
Sebastian Bergmann
f6102f7300
ext/overload is a 'built-in' extension on Win32.
2002-03-21 06:25:42 +00:00
Shane Caraveo
391fdf858e
add new ini item for fastcgi
2002-03-18 04:49:16 +00:00
Shane Caraveo
2f512dbd18
add stuff here also.
2002-03-01 06:48:27 +00:00
Rasmus Lerdorf
28b321b5e9
Drop this default to 12 to avoid some of the .000000000000001 questions.
...
I can't imagine much of a BC issue, and we aren't changing existing php.ini
files anyway. If someone can think of a problem with this, please speak up
2002-02-27 23:50:41 +00:00
Sebastian Bergmann
07f95b3a79
Add MSVC workspace for tokenizer extension. Add php_tokenizer.dll entries to php.ini-*.
2002-02-08 21:19:55 +00:00
Yasuo Ohgaki
0bf51b81bd
register_globals=off is defualt for 4.2.0
2002-02-05 06:31:53 +00:00
Yasuo Ohgaki
e19be6171f
Added "pgsql.auto_reset_persistent" ini entry to catch broken connection
...
always with pg_pconnect(). (Default Off in source and php.ini-*)
This option requires a little overhead for pg_pconnect().
2002-01-25 00:51:03 +00:00
Marko Karppinen
f03933bcec
Corrected a confusing comment (see bug #14972 )
2002-01-24 14:25:51 +00:00
Frank M. Kromann
55b5cb89bf
Fixing spelling error in FrontBase section
2002-01-23 17:47:46 +00:00
foobar
1d062f3f6e
Make it more clear what session.referer_check is about.
2001-12-05 00:32:23 +00:00
Derick Rethans
06cdf297a8
- Adding a callback mechanism to the unserializer. (patch by Bernd
...
Roemer <berndr@bonn.edu>)
#- An explainatory e-mail will be send to php-dev
2001-11-26 21:04:21 +00:00
Sebastian Bergmann
7c4daf11c0
Nuke ext/sablot entries.
2001-11-26 10:55:46 +00:00
foobar
6f5fc0be54
Added missing ini directive: always_populate_raw_po st_data
2001-11-24 23:47:10 +00:00
Sebastian Bergmann
1a082a349c
Add php_w32api.dll
2001-11-08 07:07:11 +00:00
Sebastian Bergmann
b1322f570c
Synch with persistant -> persistent changes to ext/fbsql.
2001-10-31 18:09:17 +00:00
foobar
609271e651
- Prevent PHP from starting if output_handler is set and
...
zlib.output_compression is on
- Added notes to the bundled php.ini files about this.
2001-10-27 05:22:19 +00:00
Sebastian Bergmann
6c5d688dee
Add php_overload.dll.
2001-10-18 08:53:08 +00:00
Stanislav Malyshev
73b5401fc9
Fix typo - comment is ; not '
2001-10-03 11:35:51 +00:00
foobar
3a044786f8
revert bad commit
2001-09-05 19:48:28 +00:00
Jeroen van Wolffelaar
820d28affe
Add random number generator-entry to INI-files
2001-08-25 00:11:03 +00:00
John Donagher
d53cb7cd2f
Update hostname
2001-08-14 20:23:26 +00:00
Zeev Suraski
90aa90b967
- Update php.ini-dist
...
- Sync php.ini-recommended with php.ini-dist
2001-08-11 22:55:35 +00:00
Zeev Suraski
860b591299
Start pushing register_globals annihilation
2001-08-11 15:22:56 +00:00
Anil Madhavapeddy
dc2e12253f
fix a few typos
2001-08-11 02:53:57 +00:00
foobar
2b6b6b4324
Added missing entries.
2001-08-09 00:28:33 +00:00
Daniel Beulshausen
289770bf61
let ext\shmop build under win32
2001-08-07 13:33:27 +00:00
James E. Flemer
771e3e498f
o Fixed Bug #12121 : chdir and safe_mode
...
- [ main/safe_mode.h ] added new checkuid mode:
CHECKUID_ALLOW_ONLY_FILE: skips directory check if file check
fails
- [ ext/standard/dir.c ] changed php_checkuid() to use
CHECKUID_ALLOW_ONLY_FILE instead of CHECKUID_ALLOW_ONLY_DIR
- [ main/safe_mode.c ] added code for new checkuid mode
o Fixed Bug #12119 : safe mode owner check can be bypassed with symlink
- [ main/safe_mode.c ] use VCWD_REALPATH to resolve destination
of symlink before trimming filename
o New Feature: safe_mode_include_dir (php.ini directive)
- Allows bypassing UID/GID checks when including files
from the directory in safe_mode_include_dir and its
subdirectories. (safe_mode must be on, directory must
also be in include_path or full path must be used when
including)
o Fixed Feature: safe_mode_gid (php.ini directive)
- Correctly check (and report) UID/GID bits on directories
o Changed include() fall back to scripts cwd implementation
- CWD added to the (local) search path in php_fopen_with_path()
instead of seperate case. [ main/fopen_wrappers.c ]
2001-07-13 18:21:21 +00:00
Rasmus Lerdorf
934e10c7dc
Add getmygid() and safe_mode_gid ini directive to allow safe mode to do
...
a gid check instead of a uid check.
@ - Add getmygid() and safe_mode_gid ini directive to allow safe mode to do
@ a gid check instead of a uid check. (James E. Flemer, Rasmus)
2001-07-09 17:36:04 +00:00
Rasmus Lerdorf
649d14ae79
Stick open_basedir in here
2001-07-04 03:53:12 +00:00
Harald Radi
d9c1247c86
added new com entries
2001-06-24 22:40:41 +00:00
Jon Parise
355153b4b2
Include the 'html_errors' directive.
...
Submitted by: "Daniel Beckham" <danbeck-cvs@dealnews.com>
2001-06-19 20:50:03 +00:00
Daniel Beulshausen
a82f4f76e8
add mbstring & xslt
2001-06-11 15:43:50 +00:00
Rui Hirokawa
f96a2539a7
added options for mbstring extension.
2001-06-10 09:44:31 +00:00
foobar
99cb747f71
Added missing configuration directive: from
...
which is used by fopen() to be send as the default password
2001-06-01 03:19:53 +00:00
foobar
77a1968ca5
Let's have examples here so maybe people would understand better
...
how to use this directive.
2001-05-31 21:03:11 +00:00
Sebastian Bergmann
b93a7db239
Fixed bug #10892 .
2001-05-22 19:16:51 +00:00
Jon Parise
c3634ff399
Comment out the 'include_path' variable by default.
...
# Leaving it blank overrides the default include path, which contains the
# PEAR directory.
# The other option is to have the build system generate this file and expand
# @PEAR_INSTALLDIR@ on this line to reflect the system default.
2001-04-06 16:24:55 +00:00
Daniel Beulshausen
26f85bbbe7
add printer ext to php.ini & maintain extensions file
2001-04-05 12:41:25 +00:00
foobar
c34d2b91da
Added new configuration directives:
...
arg_separator.input and arg_separator.output
2001-04-04 20:46:26 +00:00
Sebastian Bergmann
21cb46da23
Added php_dbx.dll.
2001-03-24 21:38:58 +00:00
Harald Radi
21d00778e5
added [com] section
2001-03-20 22:45:10 +00:00
Zeev Suraski
d7e17582da
Update .ini's and NEWS
2001-03-07 10:08:19 +00:00
Sebastian Bergmann
9be9e95f06
Jan says: 'Do not load php_gtk.dll through php.ini, only use dl(), otherwise it crashes (atleast on Win32).' Me thinks: 'There should be no crash, but a warning. Anyways, remove it from php.ini-dist, so others do not run into this... :-)
2001-03-03 13:10:13 +00:00
Sebastian Bergmann
f494aff5c3
Whitespace only.
2001-03-03 07:37:18 +00:00
Sebastian Bergmann
e4ef496ee5
Whitespace Fixes. Added another Win32 extension DLL. Removed configuration for non-existent debugger.
2001-03-03 07:31:43 +00:00
Sebastian Bergmann
1dcda7c92b
Added some more Win32 extension DLLs.
2001-03-03 06:55:06 +00:00
Colin Viebrock
138ab8eccf
While we're fixing the ini files, change these to web-safe colours
...
... this always bugged me :)
2001-02-01 15:41:02 +00:00
Jon Parise
102752abc2
Massive reformatting.
2001-02-01 06:29:41 +00:00
Daniel Beulshausen
7357ee8fa4
rename php_mssql70.dll to php_mssql.dll, as we have only one mssql extension
2001-01-22 19:15:32 +00:00
Jon Parise
175cf6b08a
Make this comment readable.
2001-01-02 21:37:21 +00:00
foobar
b0adbf8aff
Added the arg_separator directive.
2000-12-28 09:36:56 +00:00
Frank M. Kromann
ad17d8f0a4
The ODBC extension looks for settings named odbc. and not uodbc.
2000-11-29 22:10:46 +00:00
Daniel Beulshausen
d5af60ca2f
update win32 extension section
2000-11-27 11:57:30 +00:00
Frank M. Kromann
67f66b32c0
Adding php.ini value to set default batch size for mssql extension
2000-11-21 03:11:33 +00:00
Zeev Suraski
0f7f5c2c0e
- Import Jade Nicoletti's transparent gzip encoding support as an output
...
handler. Works quite nicely!
- Fix buglets in output buffering
- Add output_handler INI directive
2000-11-13 18:54:37 +00:00
Frank M. Kromann
1bf216ca57
Adding textlimit and textsize parameters to MSSQL sections
2000-10-23 00:45:23 +00:00
Chris Vandomelen
0e705a5f60
Added new INI entries to default php.ini files.
2000-10-22 23:49:57 +00:00
foobar
adb12b50b5
url_rewriter.tags needs to have " around the parameter to work.
2000-10-18 12:35:53 +00:00
Sascha Schumann
1c85ad029b
Enable users to set the HTML tags to rewrite
...
through a configuration directive
2000-10-16 17:25:36 +00:00
Hartmut Holzgraefe
cae27179ce
fopen wrappers cleanup
...
- comfiguration is now done by an ini parameter
instead of a compile time option
- the implementations of the three standard wrappers
now live in seperate files in ext/standard
- the compiler is happy again, no more warnings
2000-10-13 00:09:31 +00:00
Sebastian Bergmann
8520f94796
Removed obsolete entries from php.ini.
2000-10-06 05:14:46 +00:00
Hénot David
409e2e7e98
Changed the php.ini examples to match the names in the source code.
2000-09-13 16:12:50 +00:00
Daniel Beulshausen
119ad66740
- a comma sneaked in before the java extension
...
- added the java configuration section
#can you please add the setting for *nix as well?
2000-09-13 13:27:52 +00:00
Daniel Beulshausen
0f22953a67
added note about odbc support and changed to the appropriate names of the windows extensions
2000-09-13 13:03:01 +00:00
Zeev Suraski
f7054b3561
Thanks, Adam
2000-09-12 20:57:21 +00:00
Zeev Suraski
6c3d7449e1
- Made eval() and several other runtime-evaluated code portions report the
...
nature and location of errors more accurately (Stas)
2000-09-12 20:48:33 +00:00
Zeev Suraski
b7ecaacd07
More security-related (control) patches:
...
- Avoid displaying errors during startup, unless display_startup_errors is enabled.
- Implemented post_size_max limit. Defaults to 8MB.
- Implemented file_uploads on/off directive (defaults to on).
2000-09-09 15:02:15 +00:00
Zeev Suraski
eb32144902
- Remove track_vars - it is now always on
...
- Make the various $HTTP_*_VARS[] arrays be defined always,
even if they're empty
- Fix Win32 build and warnings
2000-09-05 19:06:29 +00:00
Sterling Hughes
ade2c31625
Add the session.use_trans_sid option to php.ini file.
2000-09-04 22:22:16 +00:00
Zeev Suraski
6a8440fb70
Advise people to use error logging instead of error displaying on production web sites
2000-08-26 14:25:47 +00:00
David Croft
08c6773691
renamed ini section, quoted default host and tabulated.
...
# it doesn't make sense to have the tab-width set to 4 when we're
# using tabs for alignment in this case, it just makes it look screwy
# in everything but emacs
2000-08-15 09:47:35 +00:00
Rasmus Lerdorf
640501ab19
Remove mysql dll
2000-08-06 02:06:43 +00:00
Hartmut Holzgraefe
b04a02660e
changed default sendmail flags from '-t' to '-t -i' (bugid#5374)
2000-08-04 22:42:11 +00:00
John Donagher
e9427bc078
# Added example entries for the pfpro extension to the php.ini templates
2000-07-24 17:58:38 +00:00
Hénot David
15ff1d211b
Added extension ii for Ingres II native support.
...
@- Added extension ii for Ingres II native support. See README in ext/ii
@ directory. (David H)
2000-07-17 21:29:30 +00:00
Zeev Suraski
2c94141b12
Add missing enable_dl
2000-06-26 18:16:54 +00:00
Zeev Suraski
0beee41fc6
max_execution_time is no longer UNIX only...
2000-06-26 16:34:12 +00:00
Zeev Suraski
f29eae1302
Move timeout code to Zend, allow Win32 timeouts
...
@- Implemented max_execution_time under Win32 (Zeev)
2000-06-16 01:53:35 +00:00
Zeev Suraski
7213c743f0
- Added disable_functions php.ini support
...
- Fixed Win32 build
2000-05-29 17:22:35 +00:00
Sascha Schumann
ee3c06a533
Fix register_argc_argv entry.
...
Submitted by: André Langhorst <A.Langhorst@itbnet.de>
2000-05-10 09:31:53 +00:00
Andrei Zmievski
8154734529
It helps to change the comment too.
2000-05-06 17:59:58 +00:00
Andrei Zmievski
498ce88d67
Enable assert by default,
2000-05-06 17:59:10 +00:00
Zeev Suraski
9cbcade6c9
Support E_USER_* error types
2000-04-19 15:10:14 +00:00
Rasmus Lerdorf
c32e09f791
As it turns out, there are some browsers that can't handle default
...
charsets. I think forcing this on is going to cause us a lot of headache,
so turn it off by default.
@ Don't default to iso-8859-1 since this confuses some browsers
2000-03-20 08:19:51 +00:00
Rasmus Lerdorf
82aa0d1404
Leave sendmail_path commented out to pick up compiled-in default
2000-03-19 23:07:57 +00:00
Zeev Suraski
70bd8c71b5
Fix spelling
2000-03-03 01:58:15 +00:00
Zeev Suraski
88b31ecb28
@- The string None is now recognized as a keyword by the php.ini processor, and
...
@ can be used to denote an empty string (Zeev)
- Added None keyword support to the INI parser
- Removed specialized "none" code
2000-02-26 14:29:27 +00:00
Stig Bakken
d23e5d837a
@- Implemented default_charset and default_mimetype config directives (Stig)
...
Implemented default_charset and default_mimetype configuration directives.
Started implementing ticks in PHP.
2000-02-25 21:27:03 +00:00
Andrei Zmievski
7a22bb09d7
Revert the y2k ini patches.
...
# Adam's right, it shouldn't be here
2000-02-24 15:41:34 +00:00
Kristian Köhntopp
8481cdf62f
Set y2k_compliance to "On" by default, as we do have y2k now.
2000-02-24 15:13:28 +00:00
Zeev Suraski
3d297cfe81
*** empty log message ***
2000-02-05 16:31:02 +00:00
Andrei Zmievski
9d34140191
Add default registration of server vars.
...
# Zeev, what the hell is 'B'?
2000-02-05 16:13:39 +00:00
Zeev Suraski
86a19f4714
Add the complement to the putenv() security
2000-01-31 22:31:00 +00:00
Zeev Suraski
5540028340
@- Added the ability to prevent the user from overriding certain environment
...
@ variables in Safe Mode (Zeev)
- Finished work, more or less
2000-01-30 22:10:30 +00:00
Zeev Suraski
99f079a349
- A few fixes
...
- Added register_argv_argc directive to allow disabling of argv/argc
2000-01-28 18:29:37 +00:00
Zeev Suraski
9ab35ae393
Tried to centralize global variable registration as much as possible:
...
- Added $HTTP_ENV_VARS[] and $HTTP_SERVER_VARS[] support, which similarly
to $HTTP_GET_VARS[], contain environment and server variables. Setting
register_globals to Off will now also prevent registration of the
environment and server variables into the global scope (Zeev)
- Renamed gpc_globals to register_globals (Zeev)
- Introduced variables_order that deprecates gpc_order, and allows control
over the server and environment variables, in addition to GET/POST/Cookies
(Zeev)
2000-01-28 17:24:53 +00:00
Zeev Suraski
24156db252
@- Added implicit_flush INI directive (Zeev)
2000-01-13 20:39:33 +00:00
Zeev Suraski
af925f0a14
- Beef up the INI file reader - it now supports PHP constants, as well as
...
bitwise operators on them (no more error_reporting = 7, from now on you
can use error_reporting = E_ALL & ~E_NOTICE
@- Improved the php.ini reader to support constants and bitwise operators (Zeev)
1999-12-24 13:46:24 +00:00
Zeev Suraski
d8000684bf
- Implement ability to turn off support for call-time pass by reference
1999-12-15 21:20:34 +00:00
Sascha Schumann
591cdd1cfb
Reformat ini entries and add new options (cache_limiter, cache_expire).
1999-12-12 14:17:22 +00:00
Thies C. Arntzen
7b7192dda3
added assert.quiet_eval plus a bit of cleaning (docs to follow!)
1999-12-07 16:45:46 +00:00
Thies C. Arntzen
2f7693963d
@- Added support for a C-like assert() function. (Thies)
1999-12-07 13:08:17 +00:00
Nick Gorham
2df67b7c9e
Added check in the ODBC module that a connection is still valid before
...
reuse in a persistent connection.
1999-11-30 12:41:36 +00:00
Frank M. Kromann
cc5304a9d9
Adding default mssql ini-setings
1999-11-09 20:58:43 +00:00
Sascha Schumann
a4ff16dd68
- set default path for cookie to the root directory ("/")
...
- complete session documentation in php.ini-dist
1999-11-09 14:27:56 +00:00
Andrei Zmievski
1fd576485f
Added new session configuration directives.
...
# Sascha, please document them here.
1999-11-01 16:13:41 +00:00
Sascha Schumann
23882d31c4
Add session.use_cookies option
1999-10-22 08:10:08 +00:00
Zeev Suraski
7afbcb4fef
Rename allow_builtin_links to expose_php
1999-09-11 16:32:08 +00:00
Zeev Suraski
15fee4d3a6
- Seriously optimize and clean php_parse_gpc_data()
...
- Added gpc_globals directive to turn global definitions of GPC variables on/off
(untested)
1999-09-11 15:04:45 +00:00
Zeev Suraski
7e250d06f5
Add output_buffering directive
1999-08-24 23:12:50 +00:00
Zeev Suraski
58e24ac18a
- Add PHP Modules workspace
...
- Get the MySQL module to compile&work under thread-safe Win32
- Fix various thread safety issues with dynamic modules
1999-08-13 21:03:27 +00:00
Zeev Suraski
1e6c159422
Built-in phpinfo() links are now turned off by default. They can be
...
turned on using the allow_builtin_links INI directive
1999-08-07 18:21:35 +00:00
Sascha Schumann
e5cfc70f7d
add session config to php.ini and adapt the naming scheme for it
1999-07-18 01:00:42 +00:00
Andi Gutmans
5fc8562b5d
*** empty log message ***
1999-07-15 17:49:55 +00:00