X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=php-ini.patch;h=fe3979be59c938b5bab4e2d72ff56fc3905ea9e9;hb=8cb93fd057b989458d7b32948a29aeb69f7ff369;hp=f5d26372308113d3e2d6a1a38e254b8e914d09c4;hpb=0ced536acea884dbe69fa1b1e244954135706049;p=packages%2Fphp.git diff --git a/php-ini.patch b/php-ini.patch index f5d2637..fe3979b 100644 --- a/php-ini.patch +++ b/php-ini.patch @@ -1,6 +1,6 @@ ---- php-4.3.0/php.ini-dist Thu Dec 26 14:27:08 2002 -+++ php-4.3.0/php.ini Sat Jan 4 21:01:55 2003 -@@ -3,12 +3,18 @@ +--- php-5.2.8/php.ini-dist 2008-11-28 21:07:09.000000000 +0200 ++++ php-5.2.8/php.ini 2009-01-05 14:53:55.914702890 +0200 +@@ -3,13 +3,18 @@ ;;;;;;;;;;; ; WARNING ; ;;;;;;;;;;; @@ -10,30 +10,33 @@ -; For several security-oriented considerations that should be taken -; before going online with your site, please consult php.ini-recommended -; and http://php.net/manual/en/security.php. +- +; This is the default settings file for new PHP installations from +; PLD Linux Distribution. +; It's based mainly on php.ini-dist, but with some changes made with +; security in mind (see below, consult also +; http://php.net/manual/en/security.php). +; -+; Please note, that in PLD installations, /etc/php/php.ini file -+; contains GLOBAL settings for all SAPIs (cgi, cli, apache...), ++; Please note, that in PLD installations /etc/php/php.ini file ++; contains global settings for all SAPIs (cgi, cli, apache...), +; and after reading this file, SAPI-specific file (/etc/php/php-cgi.ini, +; /etc/php/php-cli.ini, /etc/php/php-apache.ini...) is INCLUDED -+; (so you don't need to duplicate whole large file to override only -+; few options). - ++; (so you don't have to duplicate whole large file to override only ++; few options) ;;;;;;;;;;;;;;;;;;; -@@ -54,12 +60,70 @@ - ; If you use constants in your value, and these constants belong to a - ; dynamically loaded extension (either a PHP extension or a Zend extension), - ; you may only use these constants *after* the line that loads the extension. --; + ; About php.ini ; +@@ -59,10 +64,72 @@ + ;;;;;;;;;;;;;;;;;;; + ; About this file ; + ;;;;;;;;;;;;;;;;;;; -; All the values in the php.ini-dist file correspond to the builtin -; defaults (that is, if no php.ini is used, or if you delete these lines, -; the builtin defaults will be identical). - ++; If you use constants in your value, and these constants belong to a ++; dynamically loaded extension (either a PHP extension or a Zend extension), ++; you may only use these constants *after* the line that loads the extension. ++ +; Below is the list of settings changed from default as specified in +; php.ini-recommended. These settings make PHP more secure and encourage @@ -71,6 +74,16 @@ +; are emitted for non-critical errors, but that could be a symptom of a bigger +; problem. Most notably, this will cause error messages about the use +; of uninitialized variables to be displayed. ++; - register_argc_argv = Off [Performance] ++; Disables registration of the somewhat redundant $argv and $argc global ++; variables. ++; - magic_quotes_gpc = Off [Performance] ++; Input data is no longer escaped with slashes so that it can be sent into ++; SQL databases without further manipulation. Instead, you should use the ++; function addslashes() on each input element you wish to send to a database. ++; - variables_order = "GPCS" [Performance] ++; The environment variables are not hashed into the $HTTP_ENV_VARS[]. To access ++; environment variables, you can use getenv() instead. + +; For completeness, below is list of the rest of changes recommended for +; performance, but NOT applied in default php.ini in PLD (since they are @@ -82,25 +95,14 @@ +; writes, and sometimes less packets sent on the wire, which can often lead to +; better performance. The gain this directive actually yields greatly depends +; on which Web server you're working with, and what kind of scripts you're using. -+; - register_argc_argv = Off [Performance] -+; Disables registration of the somewhat redundant $argv and $argc global -+; variables. -+; - magic_quotes_gpc = Off [Performance] -+; Input data is no longer escaped with slashes so that it can be sent into -+; SQL databases without further manipulation. Instead, you should use the -+; function addslashes() on each input element you wish to send to a database. -+; - variables_order = "GPCS" [Performance] -+; The environment variables are not hashed into the $HTTP_ENV_VARS[]. To access -+; environment variables, you can use getenv() instead. +; - allow_call_time_pass_reference = Off [Code cleanliness] +; It's not possible to decide to force a variable to be passed by reference +; when calling a function. The PHP 4 style to do this is by making the +; function require the relevant argument by reference. -+ + ;;;;;;;;;;;;;;;;;;;; ; Language Options ; - ;;;;;;;;;;;;;;;;;;;; -@@ -79,7 +143,7 @@ +@@ -86,7 +153,7 @@ asp_tags = Off ; The number of significant digits displayed in floating point numbers. @@ -109,27 +111,36 @@ ; Enforce year 2000 compliance (will cause problems with non-compliant browsers) y2k_compliance = On -@@ -255,16 +319,16 @@ - ; - ;error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR +@@ -245,7 +312,7 @@ + ; (e.g. by adding its signature to the Web server header). It is no security + ; threat in any way, but it makes it possible to determine whether you use PHP + ; on your server or not. +-expose_php = On ++expose_php = Off + + + ;;;;;;;;;;;;;;;;;;; +@@ -302,7 +369,9 @@ ; --; - Show all errors except for notices -+; - Show all errors + ; - Show all errors except for notices and coding standards warnings ; --error_reporting = E_ALL & ~E_NOTICE +-error_reporting = E_ALL & ~E_NOTICE ++;error_reporting = E_ALL & ~E_NOTICE ++ +error_reporting = E_ALL - + ; Print out errors (as a part of the output). For production web sites, ; you're strongly encouraged to turn this feature off, and use error logging - ; instead (see below). Keeping display_errors enabled on a production web site - ; may reveal security information to end users, such as file paths on your Web - ; server, your database schema or other information. +@@ -319,7 +388,7 @@ + ; + ; stdout (On) - Display errors to STDOUT + ; -display_errors = On +display_errors = Off ; Even when display_errors is on, errors that occur during PHP's startup ; sequence are not displayed. It's strongly recommended to keep -@@ -274,7 +338,7 @@ +@@ -329,7 +398,7 @@ ; Log errors into a log file (server-specific log, stderr, or error_log (below)) ; As stated above, you're strongly advised to use error logging in place of ; error displaying on production web sites. @@ -138,7 +149,58 @@ ; Set maximum length of log_errors. In error_log information about the source is ; added. The default is 1024 and 0 allows to not apply any maximum length at all. -@@ -420,7 +484,7 @@ +@@ -352,7 +421,7 @@ + ;report_zend_debug = 0 + + ; Store the last error/warning message in $php_errormsg (boolean). +-track_errors = Off ++track_errors = On + + ; Turn off normal error reporting and emit XML-RPC error XML + ;xmlrpc_errors = 0 +@@ -361,7 +430,7 @@ + + ; Disable the inclusion of HTML tags in error messages. + ; Note: Never use this feature for production boxes. +-;html_errors = Off ++html_errors = Off + + ; If html_errors is set On PHP produces clickable error messages that direct + ; to a page describing the error or function causing the error in detail. +@@ -405,7 +474,7 @@ + ; Environment and Built-in variables (G, P, C, E & S respectively, often + ; referred to as EGPCS or GPC). Registration is done from left to right, newer + ; values override older values. +-variables_order = "EGPCS" ++variables_order = "GPCS" + + ; Whether or not to register the EGPCS variables as global variables. You may + ; want to turn this off if you don't want to clutter your scripts' global scope +@@ -421,12 +490,12 @@ + ; Whether or not to register the old-style input arrays, HTTP_GET_VARS + ; and friends. If you're not using them, it's recommended to turn them off, + ; for performance reasons. +-register_long_arrays = On ++register_long_arrays = Off + + ; This directive tells PHP whether to declare the argv&argc variables (that + ; would contain the GET information). If you don't use these variables, you + ; should turn it off for increased performance. +-register_argc_argv = On ++register_argc_argv = Off + + ; When enabled, the SERVER and ENV variables are created when they're first + ; used (Just In Time) instead of when the script starts. If these variables +@@ -442,7 +511,7 @@ + ; + + ; Magic quotes for incoming GET/POST/Cookie data. +-magic_quotes_gpc = On ++magic_quotes_gpc = Off + + ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. + magic_quotes_runtime = Off +@@ -488,55 +557,13 @@ user_dir = ; Directory in which the loadable extensions (modules) reside. @@ -147,37 +209,160 @@ ; Whether or not to enable the dl() function. The dl() function does NOT work ; properly in multithreaded servers, such as IIS or Zeus, and is automatically -@@ -587,10 +651,10 @@ - ;sendmail_path = - - [Java] --;java.class.path = .\php_java.jar --;java.home = c:\jdk --;java.library = c:\jdk\jre\bin\hotspot\jvm.dll --;java.library.path = .\ -+java.class.path = /usr/lib/php/php_java.jar -+;java.home = /usr/lib/java -+;java.library = /usr/lib/java/jre/lib/i386/libjava.so -+java.library.path = /usr/lib/php - - [SQL] - sql.safe_mode = Off -@@ -685,6 +749,7 @@ - pgsql.max_links = -1 - - ; Ignore PostgreSQL backends Notice message or not. -+; Notice message logging require a little overheads. - pgsql.ignore_notice = 0 - - ; Log PostgreSQL backends Noitce message or not. -@@ -804,7 +869,9 @@ - ; You can use the script in the ext/session dir for that purpose. - ; NOTE 2: See the section on garbage collection below if you choose to - ; use subdirectories for session storage --session.save_path = /tmp -+; NOTE 3: you may need to override this setting for cli or cgi SAPIs, -+; to allow running them as user other than http -+session.save_path = /var/run/php - - ; Whether to use cookies. - session.use_cookies = 1 + ; disabled on them. + enable_dl = On + +-; cgi.force_redirect is necessary to provide security running PHP as a CGI under +-; most web servers. Left undefined, PHP turns this on by default. You can +-; turn it off here AT YOUR OWN RISK +-; **You CAN safely turn this off for IIS, in fact, you MUST.** +-; cgi.force_redirect = 1 +- +-; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +-; every request. +-; cgi.nph = 1 +- +-; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +-; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +-; will look for to know it is OK to continue execution. Setting this variable MAY +-; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +-; cgi.redirect_status_env = ; +- +-; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +-; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +-; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +-; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting +-; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +-; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +-; cgi.fix_pathinfo=0 +- +-; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate +-; security tokens of the calling client. This allows IIS to define the +-; security context that the request runs under. mod_fastcgi under Apache +-; does not currently support this feature (03/17/2002) +-; Set to 1 if running under IIS. Default is zero. +-; fastcgi.impersonate = 1; +- +-; Disable logging through FastCGI connection +-; fastcgi.logging = 0 +- +-; cgi.rfc2616_headers configuration option tells PHP what type of headers to +-; use when sending HTTP response code. If it's set 0 PHP sends Status: header that +-; is supported by Apache. When this option is set to 1 PHP will send +-; RFC2616 compliant header. +-; Default is zero. +-;cgi.rfc2616_headers = 0 +- +- + ;;;;;;;;;;;;;;;; + ; File Uploads ; + ;;;;;;;;;;;;;;;; +@@ -630,59 +630,6 @@ + ; needs to go here. Specify the location of the extension with the + ; extension_dir directive above. + +- +-; Windows Extensions +-; Note that ODBC support is built in, so no dll is needed for it. +-; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5) +-; extension folders as well as the separate PECL DLL download (PHP 5). +-; Be sure to appropriately set the extension_dir directive. +- +-;extension=php_bz2.dll +-;extension=php_curl.dll +-;extension=php_dba.dll +-;extension=php_dbase.dll +-;extension=php_fdf.dll +-;extension=php_gd2.dll +-;extension=php_gettext.dll +-;extension=php_gmp.dll +-;extension=php_ifx.dll +-;extension=php_imap.dll +-;extension=php_interbase.dll +-;extension=php_ldap.dll +-;extension=php_mbstring.dll +-;extension=php_exif.dll +-;extension=php_mcrypt.dll +-;extension=php_mhash.dll +-;extension=php_mime_magic.dll +-;extension=php_ming.dll +-;extension=php_msql.dll +-;extension=php_mssql.dll +-;extension=php_mysql.dll +-;extension=php_mysqli.dll +-;extension=php_oci8.dll +-;extension=php_openssl.dll +-;extension=php_pdo.dll +-;extension=php_pdo_firebird.dll +-;extension=php_pdo_mssql.dll +-;extension=php_pdo_mysql.dll +-;extension=php_pdo_oci.dll +-;extension=php_pdo_oci8.dll +-;extension=php_pdo_odbc.dll +-;extension=php_pdo_pgsql.dll +-;extension=php_pdo_sqlite.dll +-;extension=php_pgsql.dll +-;extension=php_pspell.dll +-;extension=php_shmop.dll +-;extension=php_snmp.dll +-;extension=php_soap.dll +-;extension=php_sockets.dll +-;extension=php_sqlite.dll +-;extension=php_sybase_ct.dll +-;extension=php_tidy.dll +-;extension=php_xmlrpc.dll +-;extension=php_xsl.dll +-;extension=php_zip.dll +- + ;;;;;;;;;;;;;;;;;;; + ; Module Settings ; + ;;;;;;;;;;;;;;;;;;; +@@ -776,6 +750,9 @@ + ; Maximum time (in seconds) for connect timeout. -1 means no limit + mysql.connect_timeout = 60 + ++; The name of the character set to use as the default character set. ++;mysql.connect_charset=utf8 ++ + ; Trace mode. When trace_mode is active (=On), warnings for table/index scans and + ; SQL-Errors will be displayed. + mysql.trace_mode = Off +@@ -795,6 +772,9 @@ + ; MySQL defaults. + mysqli.default_socket = + ++; The name of the character set to use as the default character set. ++;mysqli.connect_charset=utf8 ++ + ; Default host for mysql_connect() (doesn't apply in safe mode). + mysqli.default_host = + +@@ -811,6 +791,10 @@ + ; Allow or prevent reconnect + mysqli.reconnect = Off + ++[pdo_mysql] ++; The name of the character set to use as the default character set. ++;pdo_mysql.connect_charset=utf8 ++ + [mSQL] + ; Allow or prevent persistent links. + msql.allow_persistent = On +@@ -920,7 +904,7 @@ + bcmath.scale = 0 + + [browscap] +-;browscap = extra/browscap.ini ++browscap = /etc/php/browscap.ini + + [Informix] + ; Default host for ifx_connect() (doesn't apply in safe mode). +@@ -1273,7 +1257,7 @@ + ; Enables or disables WSDL caching feature. + soap.wsdl_cache_enabled=1 + ; Sets the directory name where SOAP extension will put cache files. +-soap.wsdl_cache_dir="/tmp" ++soap.wsdl_cache_dir="/var/run/php" + ; (time to live) Sets the number of second while cached file will be used + ; instead of original one. + soap.wsdl_cache_ttl=86400