X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=php-ini.patch;h=00d4a506a95f02ab1335c4ebda0b0b1b93b417f5;hb=46e157f24a72642034d32be073be45f72b4e38cb;hp=ba01757ac3214d3dd41180968acc4c6ce5994f94;hpb=a8122568cfa409f7f97c8d5081613f92e599ef98;p=packages%2Fphp.git diff --git a/php-ini.patch b/php-ini.patch index ba01757..00d4a50 100644 --- a/php-ini.patch +++ b/php-ini.patch @@ -1,214 +1,190 @@ -diff -urbB php-5.1.0.org/php.ini php-5.1.0/php.ini ---- php-5.1.0.org/php.ini 2005-11-25 02:24:23.408519000 +0100 -+++ php-5.1.0/php.ini 2005-11-25 02:26:06.570966750 +0100 -@@ -3,13 +3,18 @@ - ;;;;;;;;;;; - ; WARNING ; - ;;;;;;;;;;; --; This is the default settings file for new PHP installations. --; By default, PHP installs itself with a configuration suitable for --; development purposes, and *NOT* for production purposes. --; For several security-oriented considerations that should be taken --; before going online with your site, please consult php.ini-recommended --; and http://php.net/manual/en/security.php. -- -+; This is the default settings file for new PHP installations from -+; PLD Linux Distribution. -+; It's based mainly on php.ini-dist, but with some changes made with -+; security in mind (see below, consult also -+; http://php.net/manual/en/security.php). -+; -+; Please note, that in PLD installations /etc/php/php.ini file -+; contains global settings for all SAPIs (cgi, cli, apache...), -+; and after reading this file, SAPI-specific file (/etc/php/php-cgi.ini, -+; /etc/php/php-cli.ini, /etc/php/php-apache.ini...) is INCLUDED -+; (so you don't have to duplicate whole large file to override only -+; few options) - - ;;;;;;;;;;;;;;;;;;; - ; About php.ini ; -@@ -59,11 +64,73 @@ - ;;;;;;;;;;;;;;;;;;; - ; About this file ; - ;;;;;;;;;;;;;;;;;;; --; All the values in the php.ini-dist file correspond to the builtin --; defaults (that is, if no php.ini is used, or if you delete these lines, --; the builtin defaults will be identical). -+; If you use constants in your value, and these constants belong to a -+; dynamically loaded extension (either a PHP extension or a Zend extension), -+; you may only use these constants *after* the line that loads the extension. - - -+; Below is the list of settings changed from default as specified in -+; php.ini-recommended. These settings make PHP more secure and encourage -+; cleaner coding. -+; The price is that with these settings, PHP may be incompatible with some old -+; or bad-written applications, and sometimes, more difficult to develop with. -+; Using this settings is warmly recommended for production sites. As all of -+; the changes from the standard settings are thoroughly documented, you can -+; go over each one, and decide whether you want to use it or not. -+; -+; - register_globals = Off [Security, Performance] -+; Global variables are no longer registered for input data (POST, GET, cookies, -+; environment and other server variables). Instead of using $foo, you must use -+; you can use $_REQUEST["foo"] (includes any variable that arrives through the -+; request, namely, POST, GET and cookie variables), or use one of the specific -+; $_GET["foo"], $_POST["foo"], $_COOKIE["foo"] or $_FILES["foo"], depending -+; on where the input originates. Also, you can look at the -+; import_request_variables() function. -+; Note that register_globals = Off is the default setting since PHP 4.2.0. -+; - display_errors = Off [Security] -+; With this directive set to off, errors that occur during the execution of -+; scripts will no longer be displayed as a part of the script output, and thus, -+; will no longer be exposed to remote users. With some errors, the error message -+; content may expose information about your script, web server, or database -+; server that may be exploitable for hacking. Production sites should have this -+; directive set to off. -+; - log_errors = On [Security] -+; This directive complements the above one. Any errors that occur during the -+; execution of your script will be logged (typically, to your server's error log, -+; but can be configured in several ways). Along with setting display_errors to off, -+; this setup gives you the ability to fully understand what may have gone wrong, -+; without exposing any sensitive information to remote users. -+; - error_reporting = E_ALL [Code Cleanliness, Security(?)] -+; By default, PHP surpresses errors of type E_NOTICE. These error messages -+; are emitted for non-critical errors, but that could be a symptom of a bigger -+; problem. Most notably, this will cause error messages about the use -+; of uninitialized variables to be displayed. -+ -+; For completeness, below is list of the rest of changes recommended for -+; performance, but NOT applied in default php.ini in PLD (since they are -+; not needed for security or may cause problems with some applications -+; more likely than above). -+ -+; - output_buffering = 4096 [Performance] -+; Set a 4KB output buffer. Enabling output buffering typically results in less -+; writes, and sometimes less packets sent on the wire, which can often lead to -+; better performance. The gain this directive actually yields greatly depends -+; on which Web server you're working with, and what kind of scripts you're using. -+; - register_argc_argv = Off [Performance] -+; Disables registration of the somewhat redundant $argv and $argc global -+; variables. -+; - magic_quotes_gpc = Off [Performance] -+; Input data is no longer escaped with slashes so that it can be sent into -+; SQL databases without further manipulation. Instead, you should use the -+; function addslashes() on each input element you wish to send to a database. -+; - variables_order = "GPCS" [Performance] -+; The environment variables are not hashed into the $HTTP_ENV_VARS[]. To access -+; environment variables, you can use getenv() instead. -+; - allow_call_time_pass_reference = Off [Code cleanliness] -+; It's not possible to decide to force a variable to be passed by reference -+; when calling a function. The PHP 4 style to do this is by making the -+; function require the relevant argument by reference. -+ - ;;;;;;;;;;;;;;;;;;;; - ; Language Options ; - ;;;;;;;;;;;;;;;;;;;; -@@ -86,7 +153,7 @@ - asp_tags = Off - - ; The number of significant digits displayed in floating point numbers. --precision = 12 -+precision = 14 +--- php-5.3.15/php.ini~ 2012-08-02 03:24:53.000000000 +0300 ++++ php-5.3.15/php.ini 2012-08-02 03:31:32.384194939 +0300 +@@ -223,7 +223,7 @@ + ; Development Value: Off + ; Production Value: Off + ; http://php.net/short-open-tag +-short_open_tag = Off ++short_open_tag = On - ; Enforce year 2000 compliance (will cause problems with non-compliant browsers) - y2k_compliance = On -@@ -289,14 +356,16 @@ - ; - ; - Show all errors except for notices and coding standards warnings - ; --error_reporting = E_ALL & ~E_NOTICE -+;error_reporting = E_ALL & ~E_NOTICE -+ -+error_reporting = E_ALL + ; Allow ASP-style <% %> tags. + ; http://php.net/asp-tags +@@ -428,7 +428,7 @@ + ; threat in any way, but it makes it possible to determine whether you use PHP + ; on your server or not. + ; http://php.net/expose-php +-expose_php = On ++expose_php = Off - ; Print out errors (as a part of the output). For production web sites, - ; you're strongly encouraged to turn this feature off, and use error logging - ; instead (see below). Keeping display_errors enabled on a production web site - ; may reveal security information to end users, such as file paths on your Web - ; server, your database schema or other information. --display_errors = On -+display_errors = Off - - ; Even when display_errors is on, errors that occur during PHP's startup - ; sequence are not displayed. It's strongly recommended to keep -@@ -306,7 +375,7 @@ - ; Log errors into a log file (server-specific log, stderr, or error_log (below)) - ; As stated above, you're strongly advised to use error logging in place of - ; error displaying on production web sites. --log_errors = Off -+log_errors = On - - ; Set maximum length of log_errors. In error_log information about the source is - ; added. The default is 1024 and 0 allows to not apply any maximum length at all. -@@ -458,7 +527,7 @@ - user_dir = + ;;;;;;;;;;;;;;;;;;; + ; Resource Limits ; +@@ -804,7 +804,7 @@ ; Directory in which the loadable extensions (modules) reside. --extension_dir = "./" + ; http://php.net/extension-dir +-; extension_dir = "./" +extension_dir = "/usr/lib/php" + ; On windows: + ; extension_dir = "ext" - ; Whether or not to enable the dl() function. The dl() function does NOT work - ; properly in multithreaded servers, such as IIS or Zeus, and is automatically ---- php-5.1.1/php.ini~ 2005-12-19 19:44:04.000000000 +0200 -+++ php-5.1.1/php.ini 2005-12-19 20:01:09.000000000 +0200 -@@ -628,48 +628,6 @@ - ; needs to go here. Specify the location of the extension with the - ; extension_dir directive above. +@@ -826,53 +826,6 @@ + ; http://php.net/enable-dl + enable_dl = Off +-; cgi.force_redirect is necessary to provide security running PHP as a CGI under +-; most web servers. Left undefined, PHP turns this on by default. You can +-; turn it off here AT YOUR OWN RISK +-; **You CAN safely turn this off for IIS, in fact, you MUST.** +-; http://php.net/cgi.force-redirect +-;cgi.force_redirect = 1 +- +-; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +-; every request. PHP's default behavior is to disable this feature. +-;cgi.nph = 1 +- +-; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +-; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +-; will look for to know it is OK to continue execution. Setting this variable MAY +-; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +-; http://php.net/cgi.redirect-status-env +-;cgi.redirect_status_env = +- +-; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +-; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +-; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +-; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting +-; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +-; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +-; http://php.net/cgi.fix-pathinfo +-;cgi.fix_pathinfo=1 +- +-; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate +-; security tokens of the calling client. This allows IIS to define the +-; security context that the request runs under. mod_fastcgi under Apache +-; does not currently support this feature (03/17/2002) +-; Set to 1 if running under IIS. Default is zero. +-; http://php.net/fastcgi.impersonate +-;fastcgi.impersonate = 1 +- +-; Disable logging through FastCGI connection. PHP's default behavior is to enable +-; this feature. +-;fastcgi.logging = 0 - +-; cgi.rfc2616_headers configuration option tells PHP what type of headers to +-; use when sending HTTP response code. If it's set 0 PHP sends Status: header that +-; is supported by Apache. When this option is set to 1 PHP will send +-; RFC2616 compliant header. +-; Default is zero. +-; http://php.net/cgi.rfc2616-headers +-;cgi.rfc2616_headers = 0 +- + ;;;;;;;;;;;;;;;; + ; File Uploads ; + ;;;;;;;;;;;;;;;; +@@ -876,11 +876,7 @@ + ; + ; extension=modulename.extension + ; +-; For example, on Windows: +-; +-; extension=msql.dll +-; +-; ... or under UNIX: ++; For example under UNIX: + ; + ; extension=msql.so + ; +@@ -899,53 +899,8 @@ + ; If you only provide the name of the extension, PHP will look for it in its + ; default extension directory. + ; -; Windows Extensions -; Note that ODBC support is built in, so no dll is needed for it. -; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5) -; extension folders as well as the separate PECL DLL download (PHP 5). -; Be sure to appropriately set the extension_dir directive. -- --;extension=php_mbstring.dll +-; -;extension=php_bz2.dll -;extension=php_curl.dll --;extension=php_dba.dll --;extension=php_dbase.dll --;extension=php_exif.dll --;extension=php_fdf.dll --;extension=php_filepro.dll +-;extension=php_fileinfo.dll -;extension=php_gd2.dll -;extension=php_gettext.dll --;extension=php_ifx.dll +-;extension=php_gmp.dll +-;extension=php_intl.dll -;extension=php_imap.dll -;extension=php_interbase.dll -;extension=php_ldap.dll --;extension=php_mcrypt.dll --;extension=php_mhash.dll --;extension=php_mime_magic.dll --;extension=php_ming.dll --;extension=php_mssql.dll --;extension=php_msql.dll +-;extension=php_mbstring.dll +-;extension=php_exif.dll ; Must be after mbstring as it depends on it -;extension=php_mysql.dll --;extension=php_oci8.dll +-;extension=php_mysqli.dll +-;extension=php_oci8.dll ; Use with Oracle 10gR2 Instant Client +-;extension=php_oci8_11g.dll ; Use with Oracle 11gR2 Instant Client -;extension=php_openssl.dll --;extension=php_oracle.dll +-;extension=php_pdo_firebird.dll +-;extension=php_pdo_mssql.dll +-;extension=php_pdo_mysql.dll +-;extension=php_pdo_oci.dll +-;extension=php_pdo_odbc.dll +-;extension=php_pdo_pgsql.dll +-;extension=php_pdo_sqlite.dll -;extension=php_pgsql.dll +-;extension=php_pspell.dll -;extension=php_shmop.dll +- +-; The MIBS data available in the PHP distribution must be installed. +-; See http://www.php.net/manual/en/snmp.installation.php -;extension=php_snmp.dll +- +-;extension=php_soap.dll -;extension=php_sockets.dll -;extension=php_sqlite.dll +-;extension=php_sqlite3.dll -;extension=php_sybase_ct.dll -;extension=php_tidy.dll -;extension=php_xmlrpc.dll -;extension=php_xsl.dll -- -- +-;extension=php_zip.dll ++; Ideally in PLD Linux you should install appropriate php- or ++; php-pecl- package. + ;;;;;;;;;;;;;;;;;;; ; Module Settings ; - ;;;;;;;;;;;;;;;;;;; ---- php-5.1.1/php.ini~ 2005-12-19 20:01:09.000000000 +0200 -+++ php-5.1.1/php.ini 2005-12-19 20:04:03.000000000 +0200 -@@ -465,7 +465,7 @@ - ; This directive tells PHP whether to declare the argv&argc variables (that - ; would contain the GET information). If you don't use these variables, you - ; should turn it off for increased performance. --register_argc_argv = On -+register_argc_argv = Off +@@ -1235,6 +1140,9 @@ + ; http://php.net/mysql.connect-timeout + mysql.connect_timeout = 60 + ++; The name of the character set to use as the default character set. ++;mysql.connect_charset=utf8 ++ + ; Trace mode. When trace_mode is active (=On), warnings for table/index scans and + ; SQL-Errors will be displayed. + ; http://php.net/mysql.trace-mode +@@ -1274,6 +1182,9 @@ + ; http://php.net/mysqli.default-socket + mysqli.default_socket = + ++; The name of the character set to use as the default character set. ++;mysqli.connect_charset=utf8 ++ + ; Default host for mysql_connect() (doesn't apply in safe mode). + ; http://php.net/mysqli.default-host + mysqli.default_host = +@@ -1440,7 +1351,7 @@ + + [browscap] + ; http://php.net/browscap +-;browscap = extra/browscap.ini ++browscap = /etc/php/browscap.ini + + [Session] + ; Handler used to store/retrieve data. +@@ -1863,7 +1774,7 @@ + + ; Sets the directory name where SOAP extension will put cache files. + ; http://php.net/soap.wsdl-cache-dir +-soap.wsdl_cache_dir="/tmp" ++soap.wsdl_cache_dir="/var/run/php" - ; When enabled, the SERVER and ENV variables are created when they're first - ; used (Just In Time) instead of when the script starts. If these variables + ; (time to live) Sets the number of second while cached file will be used + ; instead of original one.