---- php-5.2.8/php.ini-dist 2008-11-28 21:07:09.000000000 +0200
-+++ php-5.2.8/php.ini 2009-01-05 14:53:55.914702890 +0200
-@@ -3,13 +3,18 @@
- ;;;;;;;;;;;
- ; WARNING ;
- ;;;;;;;;;;;
--; This is the default settings file for new PHP installations.
--; By default, PHP installs itself with a configuration suitable for
--; development purposes, and *NOT* for production purposes.
--; For several security-oriented considerations that should be taken
--; before going online with your site, please consult php.ini-recommended
--; and http://php.net/manual/en/security.php.
--
+--- php-5.3.20/php.ini 2013-01-22 23:20:03.433447006 +0200
++++ php-5.3.20/php.ini 2013-01-22 23:20:03.433447006 +0200
+@@ -82,6 +82,20 @@
+ ; much more verbose when it comes to errors. We recommending using the
+ ; development version only in development environments as errors shown to
+ ; application users can inadvertently leak otherwise secure information.
++;
+; This is the default settings file for new PHP installations from
+; PLD Linux Distribution.
-+; It's based mainly on php.ini-dist, but with some changes made with
-+; security in mind (see below, consult also
-+; http://php.net/manual/en/security.php).
++;
++; It's based mainly on php.ini-production, but with some changes made with
++; security in mind (see below, consult also http://php.net/manual/en/security.php).
+;
+; Please note, that in PLD installations /etc/php/php.ini file
+; contains global settings for all SAPIs (cgi, cli, apache...),
-+; and after reading this file, SAPI-specific file (/etc/php/php-cgi.ini,
++; and after reading this file, SAPI-specific file (/etc/php/php-cgi-fcgi.ini,
+; /etc/php/php-cli.ini, /etc/php/php-apache.ini...) is INCLUDED
+; (so you don't have to duplicate whole large file to override only
+; few options)
-
- ;;;;;;;;;;;;;;;;;;;
- ; About php.ini ;
-@@ -59,11 +64,73 @@
- ;;;;;;;;;;;;;;;;;;;
- ; About this file ;
- ;;;;;;;;;;;;;;;;;;;
--; All the values in the php.ini-dist file correspond to the builtin
--; defaults (that is, if no php.ini is used, or if you delete these lines,
--; the builtin defaults will be identical).
-+; If you use constants in your value, and these constants belong to a
-+; dynamically loaded extension (either a PHP extension or a Zend extension),
-+; you may only use these constants *after* the line that loads the extension.
-
-
-+; Below is the list of settings changed from default as specified in
-+; php.ini-recommended. These settings make PHP more secure and encourage
-+; cleaner coding.
-+; The price is that with these settings, PHP may be incompatible with some old
-+; or bad-written applications, and sometimes, more difficult to develop with.
-+; Using this settings is warmly recommended for production sites. As all of
-+; the changes from the standard settings are thoroughly documented, you can
-+; go over each one, and decide whether you want to use it or not.
-+;
-+; - register_globals = Off [Security, Performance]
-+; Global variables are no longer registered for input data (POST, GET, cookies,
-+; environment and other server variables). Instead of using $foo, you must use
-+; you can use $_REQUEST["foo"] (includes any variable that arrives through the
-+; request, namely, POST, GET and cookie variables), or use one of the specific
-+; $_GET["foo"], $_POST["foo"], $_COOKIE["foo"] or $_FILES["foo"], depending
-+; on where the input originates. Also, you can look at the
-+; import_request_variables() function.
-+; Note that register_globals = Off is the default setting since PHP 4.2.0.
-+; - display_errors = Off [Security]
-+; With this directive set to off, errors that occur during the execution of
-+; scripts will no longer be displayed as a part of the script output, and thus,
-+; will no longer be exposed to remote users. With some errors, the error message
-+; content may expose information about your script, web server, or database
-+; server that may be exploitable for hacking. Production sites should have this
-+; directive set to off.
-+; - log_errors = On [Security]
-+; This directive complements the above one. Any errors that occur during the
-+; execution of your script will be logged (typically, to your server's error log,
-+; but can be configured in several ways). Along with setting display_errors to off,
-+; this setup gives you the ability to fully understand what may have gone wrong,
-+; without exposing any sensitive information to remote users.
-+; - error_reporting = E_ALL [Code Cleanliness, Security(?)]
-+; By default, PHP surpresses errors of type E_NOTICE. These error messages
-+; are emitted for non-critical errors, but that could be a symptom of a bigger
-+; problem. Most notably, this will cause error messages about the use
-+; of uninitialized variables to be displayed.
-+; - register_argc_argv = Off [Performance]
-+; Disables registration of the somewhat redundant $argv and $argc global
-+; variables.
-+; - magic_quotes_gpc = Off [Performance]
-+; Input data is no longer escaped with slashes so that it can be sent into
-+; SQL databases without further manipulation. Instead, you should use the
-+; function addslashes() on each input element you wish to send to a database.
-+; - variables_order = "GPCS" [Performance]
-+; The environment variables are not hashed into the $HTTP_ENV_VARS[]. To access
-+; environment variables, you can use getenv() instead.
+
-+; For completeness, below is list of the rest of changes recommended for
-+; performance, but NOT applied in default php.ini in PLD (since they are
-+; not needed for security or may cause problems with some applications
-+; more likely than above).
-+
-+; - output_buffering = 4096 [Performance]
-+; Set a 4KB output buffer. Enabling output buffering typically results in less
-+; writes, and sometimes less packets sent on the wire, which can often lead to
-+; better performance. The gain this directive actually yields greatly depends
-+; on which Web server you're working with, and what kind of scripts you're using.
-+; - allow_call_time_pass_reference = Off [Code cleanliness]
-+; It's not possible to decide to force a variable to be passed by reference
-+; when calling a function. The PHP 4 style to do this is by making the
-+; function require the relevant argument by reference.
-+
- ;;;;;;;;;;;;;;;;;;;;
- ; Language Options ;
- ;;;;;;;;;;;;;;;;;;;;
-@@ -86,7 +153,7 @@
- asp_tags = Off
-
- ; The number of significant digits displayed in floating point numbers.
--precision = 12
-+precision = 14
- ; Enforce year 2000 compliance (will cause problems with non-compliant browsers)
- y2k_compliance = On
-@@ -245,7 +312,7 @@
- ; (e.g. by adding its signature to the Web server header). It is no security
+ ;;;;;;;;;;;;;;;;;;;
+ ; Quick Reference ;
+@@ -223,7 +237,7 @@
+ ; Development Value: Off
+ ; Production Value: Off
+ ; http://php.net/short-open-tag
+-short_open_tag = Off
++short_open_tag = On
+
+ ; Allow ASP-style <% %> tags.
+ ; http://php.net/asp-tags
+@@ -428,7 +428,7 @@
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
+ ; http://php.net/expose-php
-expose_php = On
+expose_php = Off
-
;;;;;;;;;;;;;;;;;;;
-@@ -302,7 +369,9 @@
- ;
- ; - Show all errors except for notices and coding standards warnings
- ;
--error_reporting = E_ALL & ~E_NOTICE
-+;error_reporting = E_ALL & ~E_NOTICE
-+
-+error_reporting = E_ALL
-
- ; Print out errors (as a part of the output). For production web sites,
- ; you're strongly encouraged to turn this feature off, and use error logging
-@@ -319,7 +388,7 @@
- ;
- ; stdout (On) - Display errors to STDOUT
- ;
--display_errors = On
-+display_errors = Off
-
- ; Even when display_errors is on, errors that occur during PHP's startup
- ; sequence are not displayed. It's strongly recommended to keep
-@@ -329,7 +398,7 @@
- ; Log errors into a log file (server-specific log, stderr, or error_log (below))
- ; As stated above, you're strongly advised to use error logging in place of
- ; error displaying on production web sites.
--log_errors = Off
-+log_errors = On
-
- ; Set maximum length of log_errors. In error_log information about the source is
- ; added. The default is 1024 and 0 allows to not apply any maximum length at all.
-@@ -361,7 +430,7 @@
-
- ; Disable the inclusion of HTML tags in error messages.
- ; Note: Never use this feature for production boxes.
--;html_errors = Off
-+html_errors = Off
-
- ; If html_errors is set On PHP produces clickable error messages that direct
- ; to a page describing the error or function causing the error in detail.
-@@ -405,7 +474,7 @@
- ; Environment and Built-in variables (G, P, C, E & S respectively, often
- ; referred to as EGPCS or GPC). Registration is done from left to right, newer
- ; values override older values.
--variables_order = "EGPCS"
-+variables_order = "GPCS"
-
- ; Whether or not to register the EGPCS variables as global variables. You may
- ; want to turn this off if you don't want to clutter your scripts' global scope
-@@ -421,12 +490,12 @@
- ; Whether or not to register the old-style input arrays, HTTP_GET_VARS
- ; and friends. If you're not using them, it's recommended to turn them off,
- ; for performance reasons.
--register_long_arrays = On
-+register_long_arrays = Off
-
- ; This directive tells PHP whether to declare the argv&argc variables (that
- ; would contain the GET information). If you don't use these variables, you
- ; should turn it off for increased performance.
--register_argc_argv = On
-+register_argc_argv = Off
-
- ; When enabled, the SERVER and ENV variables are created when they're first
- ; used (Just In Time) instead of when the script starts. If these variables
-@@ -442,7 +511,7 @@
- ;
-
- ; Magic quotes for incoming GET/POST/Cookie data.
--magic_quotes_gpc = On
-+magic_quotes_gpc = Off
-
- ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
- magic_quotes_runtime = Off
-@@ -488,55 +557,13 @@
- user_dir =
+ ; Resource Limits ;
+@@ -804,7 +804,7 @@
; Directory in which the loadable extensions (modules) reside.
--extension_dir = "./"
+ ; http://php.net/extension-dir
+-; extension_dir = "./"
+extension_dir = "/usr/lib/php"
+ ; On windows:
+ ; extension_dir = "ext"
- ; Whether or not to enable the dl() function. The dl() function does NOT work
- ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
- ; disabled on them.
- enable_dl = On
+@@ -826,53 +826,6 @@
+ ; http://php.net/enable-dl
+ enable_dl = Off
-; cgi.force_redirect is necessary to provide security running PHP as a CGI under
-; most web servers. Left undefined, PHP turns this on by default. You can
-; turn it off here AT YOUR OWN RISK
-; **You CAN safely turn this off for IIS, in fact, you MUST.**
--; cgi.force_redirect = 1
+-; http://php.net/cgi.force-redirect
+-;cgi.force_redirect = 1
-
-; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
--; every request.
--; cgi.nph = 1
+-; every request. PHP's default behavior is to disable this feature.
+-;cgi.nph = 1
-
-; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
-; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
-; will look for to know it is OK to continue execution. Setting this variable MAY
-; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
--; cgi.redirect_status_env = ;
+-; http://php.net/cgi.redirect-status-env
+-;cgi.redirect_status_env =
-
-; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
-; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
-; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
--; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting
+-; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
-; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
-; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
--; cgi.fix_pathinfo=0
+-; http://php.net/cgi.fix-pathinfo
+-;cgi.fix_pathinfo=1
-
-; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
-; security tokens of the calling client. This allows IIS to define the
-; security context that the request runs under. mod_fastcgi under Apache
-; does not currently support this feature (03/17/2002)
-; Set to 1 if running under IIS. Default is zero.
--; fastcgi.impersonate = 1;
+-; http://php.net/fastcgi.impersonate
+-;fastcgi.impersonate = 1
-
--; Disable logging through FastCGI connection
--; fastcgi.logging = 0
+-; Disable logging through FastCGI connection. PHP's default behavior is to enable
+-; this feature.
+-;fastcgi.logging = 0
-
-; cgi.rfc2616_headers configuration option tells PHP what type of headers to
-; use when sending HTTP response code. If it's set 0 PHP sends Status: header that
-; is supported by Apache. When this option is set to 1 PHP will send
-; RFC2616 compliant header.
-; Default is zero.
+-; http://php.net/cgi.rfc2616-headers
-;cgi.rfc2616_headers = 0
--
-
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
-@@ -600,59 +627,6 @@
- ; needs to go here. Specify the location of the extension with the
- ; extension_dir directive above.
-
--
+@@ -876,11 +876,7 @@
+ ;
+ ; extension=modulename.extension
+ ;
+-; For example, on Windows:
+-;
+-; extension=msql.dll
+-;
+-; ... or under UNIX:
++; For example under UNIX:
+ ;
+ ; extension=msql.so
+ ;
+@@ -899,53 +899,8 @@
+ ; If you only provide the name of the extension, PHP will look for it in its
+ ; default extension directory.
+ ;
-; Windows Extensions
-; Note that ODBC support is built in, so no dll is needed for it.
-; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5)
-; extension folders as well as the separate PECL DLL download (PHP 5).
-; Be sure to appropriately set the extension_dir directive.
--
+-;
-;extension=php_bz2.dll
-;extension=php_curl.dll
--;extension=php_dba.dll
--;extension=php_dbase.dll
--;extension=php_exif.dll
--;extension=php_fdf.dll
+-;extension=php_fileinfo.dll
-;extension=php_gd2.dll
-;extension=php_gettext.dll
-;extension=php_gmp.dll
--;extension=php_ifx.dll
+-;extension=php_intl.dll
-;extension=php_imap.dll
-;extension=php_interbase.dll
-;extension=php_ldap.dll
-;extension=php_mbstring.dll
--;extension=php_mcrypt.dll
--;extension=php_mhash.dll
--;extension=php_mime_magic.dll
--;extension=php_ming.dll
--;extension=php_msql.dll
--;extension=php_mssql.dll
+-;extension=php_exif.dll ; Must be after mbstring as it depends on it
-;extension=php_mysql.dll
-;extension=php_mysqli.dll
--;extension=php_oci8.dll
+-;extension=php_oci8.dll ; Use with Oracle 10gR2 Instant Client
+-;extension=php_oci8_11g.dll ; Use with Oracle 11gR2 Instant Client
-;extension=php_openssl.dll
--;extension=php_pdo.dll
-;extension=php_pdo_firebird.dll
-;extension=php_pdo_mssql.dll
-;extension=php_pdo_mysql.dll
-;extension=php_pdo_oci.dll
--;extension=php_pdo_oci8.dll
-;extension=php_pdo_odbc.dll
-;extension=php_pdo_pgsql.dll
-;extension=php_pdo_sqlite.dll
-;extension=php_pgsql.dll
-;extension=php_pspell.dll
-;extension=php_shmop.dll
+-
+-; The MIBS data available in the PHP distribution must be installed.
+-; See http://www.php.net/manual/en/snmp.installation.php
-;extension=php_snmp.dll
+-
-;extension=php_soap.dll
-;extension=php_sockets.dll
-;extension=php_sqlite.dll
+-;extension=php_sqlite3.dll
-;extension=php_sybase_ct.dll
-;extension=php_tidy.dll
-;extension=php_xmlrpc.dll
-;extension=php_xsl.dll
-;extension=php_zip.dll
--
++; Ideally in PLD Linux you should install appropriate php-<extension> or
++; php-pecl-<extension> package.
+
;;;;;;;;;;;;;;;;;;;
; Module Settings ;
- ;;;;;;;;;;;;;;;;;;;
-@@ -776,6 +750,9 @@
- ; Maximum time (in seconds) for connect timeout. -1 means no limit
+@@ -1235,6 +1140,9 @@
+ ; http://php.net/mysql.connect-timeout
mysql.connect_timeout = 60
+; The name of the character set to use as the default character set.
+
; Trace mode. When trace_mode is active (=On), warnings for table/index scans and
; SQL-Errors will be displayed.
- mysql.trace_mode = Off
-@@ -795,6 +772,9 @@
- ; MySQL defaults.
+ ; http://php.net/mysql.trace-mode
+@@ -1274,6 +1182,9 @@
+ ; http://php.net/mysqli.default-socket
mysqli.default_socket =
+; The name of the character set to use as the default character set.
+;mysqli.connect_charset=utf8
+
; Default host for mysql_connect() (doesn't apply in safe mode).
+ ; http://php.net/mysqli.default-host
mysqli.default_host =
-
-@@ -811,6 +791,10 @@
- ; Allow or prevent reconnect
- mysqli.reconnect = Off
-
-+[pdo_mysql]
-+; The name of the character set to use as the default character set.
-+;pdo_mysql.connect_charset=utf8
-+
- [mSQL]
- ; Allow or prevent persistent links.
- msql.allow_persistent = On
-@@ -920,7 +904,7 @@
- bcmath.scale = 0
+@@ -1440,7 +1351,7 @@
[browscap]
+ ; http://php.net/browscap
-;browscap = extra/browscap.ini
+browscap = /etc/php/browscap.ini
- [Informix]
- ; Default host for ifx_connect() (doesn't apply in safe mode).
-@@ -1273,7 +1257,7 @@
- ; Enables or disables WSDL caching feature.
- soap.wsdl_cache_enabled=1
+ [Session]
+ ; Handler used to store/retrieve data.
+@@ -1863,7 +1774,7 @@
+
; Sets the directory name where SOAP extension will put cache files.
+ ; http://php.net/soap.wsdl-cache-dir
-soap.wsdl_cache_dir="/tmp"
-+soap.wsdl_cache_dir="/var/run/php"
- ; (time to live) Sets the number of second while cached file will be used
++soap.wsdl_cache_dir="/var/cache/php"
+
+ ; (time to live) Sets the number of second while cached file will be used
; instead of original one.
- soap.wsdl_cache_ttl=86400