From 71f51c333d0465c96ca6c36b00b65471caa87f26 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Elan=20Ruusam=C3=A4e?= Date: Wed, 2 Jul 2008 16:02:15 +0000 Subject: [PATCH] - move sapi options to sapi config Changed files: php4-cgi-fcgi.ini -> 1.2 php4-cgi.ini -> 1.4 php4-ini.patch -> 1.17 --- php4-cgi-fcgi.ini | 41 ++++++++++++++++++++++++++++ php4-cgi.ini | 32 ++++++++++++++++++++++ php4-ini.patch | 68 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 141 insertions(+) diff --git a/php4-cgi-fcgi.ini b/php4-cgi-fcgi.ini index 1953edd..9114440 100644 --- a/php4-cgi-fcgi.ini +++ b/php4-cgi-fcgi.ini @@ -7,6 +7,47 @@ ; and override some settings in SAPI-specific files without need of ; copying whole large php.ini. +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. +; cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; cgi.redirect_status_env = ; + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is zero. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; cgi.fix_pathinfo=0 + +; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; fastcgi.impersonate = 1; + +; Disable logging through FastCGI connection +; fastcgi.log = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If it's set 0 PHP sends Status: header that +; is supported by Apache. When this option is set to 1 PHP will send +; RFC2616 compliant header. +; Default is zero. +;cgi.rfc2616_headers = 0 + [Session] session.save_path = /tmp ; argument passed to save_handler ; in the case of files, this is the diff --git a/php4-cgi.ini b/php4-cgi.ini index 6bdc817..0e152cc 100644 --- a/php4-cgi.ini +++ b/php4-cgi.ini @@ -7,6 +7,38 @@ ; and override some settings in SAPI-specific files without need of ; copying whole large php.ini. +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. +; cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; cgi.redirect_status_env = ; + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is zero. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; cgi.fix_pathinfo=0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If it's set 0 PHP sends Status: header that +; is supported by Apache. When this option is set to 1 PHP will send +; RFC2616 compliant header. +; Default is zero. +;cgi.rfc2616_headers = 0 + + [Session] session.save_path = /tmp ; argument passed to save_handler ; in the case of files, this is the diff --git a/php4-ini.patch b/php4-ini.patch index 1eb5f4d..b295975 100644 --- a/php4-ini.patch +++ b/php4-ini.patch @@ -253,3 +253,71 @@ ; Define the anonymous ftp password (your email address) ;from="john@doe.com" +--- php-4.4.8/php.ini-dist~ 2008-07-02 18:50:01.000000000 +0300 ++++ php-4.4.8/php.ini-dist 2008-07-02 18:56:09.636680270 +0300 +@@ -482,7 +482,7 @@ + ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root + ; if you are running php as a CGI under any web server (other than IIS) + ; see documentation for security issues. The alternate is to use the +-; cgi.force_redirect configuration below ++; cgi.force_redirect elsewhere + doc_root = + + ; The directory under which PHP opens the script using /~username used only +@@ -497,48 +497,6 @@ + ; disabled on them. + enable_dl = On + +-; cgi.force_redirect is necessary to provide security running PHP as a CGI under +-; most web servers. Left undefined, PHP turns this on by default. You can +-; turn it off here AT YOUR OWN RISK +-; **You CAN safely turn this off for IIS, in fact, you MUST.** +-; cgi.force_redirect = 1 +- +-; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +-; every request. +-; cgi.nph = 1 +- +-; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +-; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +-; will look for to know it is OK to continue execution. Setting this variable MAY +-; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +-; cgi.redirect_status_env = ; +- +-; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +-; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +-; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +-; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting +-; of zero causes PHP to behave as before. Default is zero. You should fix your scripts +-; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +-; cgi.fix_pathinfo=0 +- +-; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate +-; security tokens of the calling client. This allows IIS to define the +-; security context that the request runs under. mod_fastcgi under Apache +-; does not currently support this feature (03/17/2002) +-; Set to 1 if running under IIS. Default is zero. +-; fastcgi.impersonate = 1; +- +-; Disable logging through FastCGI connection +-; fastcgi.log = 0 +- +-; cgi.rfc2616_headers configuration option tells PHP what type of headers to +-; use when sending HTTP response code. If it's set 0 PHP sends Status: header that +-; is supported by Apache. When this option is set to 1 PHP will send +-; RFC2616 compliant header. +-; Default is zero. +-;cgi.rfc2616_headers = 0 +- +- + ;;;;;;;;;;;;;;;; + ; File Uploads ; + ;;;;;;;;;;;;;;;; +@@ -553,7 +511,6 @@ + ; Maximum allowed size for uploaded files. + upload_max_filesize = 2M + +- + ;;;;;;;;;;;;;;;;;; + ; Fopen wrappers ; + ;;;;;;;;;;;;;;;;;; -- 2.44.0