]>
Commit | Line | Data |
---|---|---|
4bf4f400 ER |
1 | --- php-5.2.8/php.ini-dist 2008-11-28 21:07:09.000000000 +0200 |
2 | +++ php-5.2.8/php.ini 2009-01-05 14:53:55.914702890 +0200 | |
917119c9 | 3 | @@ -3,13 +3,18 @@ |
4342041a JB |
4 | ;;;;;;;;;;; |
5 | ; WARNING ; | |
6 | ;;;;;;;;;;; | |
7 | -; This is the default settings file for new PHP installations. | |
8 | -; By default, PHP installs itself with a configuration suitable for | |
9 | -; development purposes, and *NOT* for production purposes. | |
10 | -; For several security-oriented considerations that should be taken | |
11 | -; before going online with your site, please consult php.ini-recommended | |
12 | -; and http://php.net/manual/en/security.php. | |
917119c9 | 13 | - |
4342041a JB |
14 | +; This is the default settings file for new PHP installations from |
15 | +; PLD Linux Distribution. | |
16 | +; It's based mainly on php.ini-dist, but with some changes made with | |
17 | +; security in mind (see below, consult also | |
18 | +; http://php.net/manual/en/security.php). | |
19 | +; | |
917119c9 AM |
20 | +; Please note, that in PLD installations /etc/php/php.ini file |
21 | +; contains global settings for all SAPIs (cgi, cli, apache...), | |
4342041a JB |
22 | +; and after reading this file, SAPI-specific file (/etc/php/php-cgi.ini, |
23 | +; /etc/php/php-cli.ini, /etc/php/php-apache.ini...) is INCLUDED | |
917119c9 AM |
24 | +; (so you don't have to duplicate whole large file to override only |
25 | +; few options) | |
4342041a | 26 | |
a00e0eb8 AM |
27 | ;;;;;;;;;;;;;;;;;;; |
28 | ; About php.ini ; | |
cb94c0c6 | 29 | @@ -59,10 +64,72 @@ |
4bf4f400 | 30 | ;;;;;;;;;;;;;;;;;;; |
917119c9 | 31 | ; About this file ; |
a00e0eb8 | 32 | ;;;;;;;;;;;;;;;;;;; |
4342041a JB |
33 | -; All the values in the php.ini-dist file correspond to the builtin |
34 | -; defaults (that is, if no php.ini is used, or if you delete these lines, | |
35 | -; the builtin defaults will be identical). | |
a00e0eb8 AM |
36 | +; If you use constants in your value, and these constants belong to a |
37 | +; dynamically loaded extension (either a PHP extension or a Zend extension), | |
38 | +; you may only use these constants *after* the line that loads the extension. | |
cb94c0c6 | 39 | + |
62277197 | 40 | |
4342041a JB |
41 | +; Below is the list of settings changed from default as specified in |
42 | +; php.ini-recommended. These settings make PHP more secure and encourage | |
43 | +; cleaner coding. | |
44 | +; The price is that with these settings, PHP may be incompatible with some old | |
45 | +; or bad-written applications, and sometimes, more difficult to develop with. | |
46 | +; Using this settings is warmly recommended for production sites. As all of | |
47 | +; the changes from the standard settings are thoroughly documented, you can | |
48 | +; go over each one, and decide whether you want to use it or not. | |
49 | +; | |
50 | +; - register_globals = Off [Security, Performance] | |
51 | +; Global variables are no longer registered for input data (POST, GET, cookies, | |
52 | +; environment and other server variables). Instead of using $foo, you must use | |
53 | +; you can use $_REQUEST["foo"] (includes any variable that arrives through the | |
54 | +; request, namely, POST, GET and cookie variables), or use one of the specific | |
55 | +; $_GET["foo"], $_POST["foo"], $_COOKIE["foo"] or $_FILES["foo"], depending | |
56 | +; on where the input originates. Also, you can look at the | |
57 | +; import_request_variables() function. | |
58 | +; Note that register_globals = Off is the default setting since PHP 4.2.0. | |
59 | +; - display_errors = Off [Security] | |
60 | +; With this directive set to off, errors that occur during the execution of | |
61 | +; scripts will no longer be displayed as a part of the script output, and thus, | |
62 | +; will no longer be exposed to remote users. With some errors, the error message | |
63 | +; content may expose information about your script, web server, or database | |
64 | +; server that may be exploitable for hacking. Production sites should have this | |
65 | +; directive set to off. | |
66 | +; - log_errors = On [Security] | |
67 | +; This directive complements the above one. Any errors that occur during the | |
68 | +; execution of your script will be logged (typically, to your server's error log, | |
69 | +; but can be configured in several ways). Along with setting display_errors to off, | |
70 | +; this setup gives you the ability to fully understand what may have gone wrong, | |
71 | +; without exposing any sensitive information to remote users. | |
72 | +; - error_reporting = E_ALL [Code Cleanliness, Security(?)] | |
73 | +; By default, PHP surpresses errors of type E_NOTICE. These error messages | |
74 | +; are emitted for non-critical errors, but that could be a symptom of a bigger | |
75 | +; problem. Most notably, this will cause error messages about the use | |
76 | +; of uninitialized variables to be displayed. | |
20e4fbdf ER |
77 | +; - register_argc_argv = Off [Performance] |
78 | +; Disables registration of the somewhat redundant $argv and $argc global | |
79 | +; variables. | |
80 | +; - magic_quotes_gpc = Off [Performance] | |
81 | +; Input data is no longer escaped with slashes so that it can be sent into | |
82 | +; SQL databases without further manipulation. Instead, you should use the | |
83 | +; function addslashes() on each input element you wish to send to a database. | |
84 | +; - variables_order = "GPCS" [Performance] | |
85 | +; The environment variables are not hashed into the $HTTP_ENV_VARS[]. To access | |
86 | +; environment variables, you can use getenv() instead. | |
4342041a JB |
87 | + |
88 | +; For completeness, below is list of the rest of changes recommended for | |
89 | +; performance, but NOT applied in default php.ini in PLD (since they are | |
90 | +; not needed for security or may cause problems with some applications | |
91 | +; more likely than above). | |
ff83cd8b | 92 | + |
4342041a JB |
93 | +; - output_buffering = 4096 [Performance] |
94 | +; Set a 4KB output buffer. Enabling output buffering typically results in less | |
95 | +; writes, and sometimes less packets sent on the wire, which can often lead to | |
96 | +; better performance. The gain this directive actually yields greatly depends | |
97 | +; on which Web server you're working with, and what kind of scripts you're using. | |
4342041a JB |
98 | +; - allow_call_time_pass_reference = Off [Code cleanliness] |
99 | +; It's not possible to decide to force a variable to be passed by reference | |
100 | +; when calling a function. The PHP 4 style to do this is by making the | |
101 | +; function require the relevant argument by reference. | |
cb94c0c6 | 102 | |
4342041a | 103 | ;;;;;;;;;;;;;;;;;;;; |
a00e0eb8 AM |
104 | ; Language Options ; |
105 | @@ -86,7 +153,7 @@ | |
9fab2fdf JK |
106 | asp_tags = Off |
107 | ||
108 | ; The number of significant digits displayed in floating point numbers. | |
cc1337ae JK |
109 | -precision = 12 |
110 | +precision = 14 | |
9fab2fdf JK |
111 | |
112 | ; Enforce year 2000 compliance (will cause problems with non-compliant browsers) | |
4342041a | 113 | y2k_compliance = On |
c5eb76fc ER |
114 | @@ -245,7 +312,7 @@ |
115 | ; (e.g. by adding its signature to the Web server header). It is no security | |
116 | ; threat in any way, but it makes it possible to determine whether you use PHP | |
117 | ; on your server or not. | |
118 | -expose_php = On | |
119 | +expose_php = Off | |
120 | ||
121 | ||
122 | ;;;;;;;;;;;;;;;;;;; | |
4bf4f400 ER |
123 | @@ -302,7 +369,9 @@ |
124 | ; | |
125 | ; - Show all errors except for notices and coding standards warnings | |
126 | ; | |
ed74ad62 | 127 | -error_reporting = E_ALL & ~E_NOTICE |
4bf4f400 ER |
128 | +;error_reporting = E_ALL & ~E_NOTICE |
129 | + | |
130 | +error_reporting = E_ALL | |
ed74ad62 | 131 | |
4bf4f400 ER |
132 | ; Print out errors (as a part of the output). For production web sites, |
133 | ; you're strongly encouraged to turn this feature off, and use error logging | |
134 | @@ -319,7 +388,7 @@ | |
135 | ; | |
136 | ; stdout (On) - Display errors to STDOUT | |
137 | ; | |
138 | -display_errors = On | |
139 | +display_errors = Off | |
140 | ||
141 | ; Even when display_errors is on, errors that occur during PHP's startup | |
142 | ; sequence are not displayed. It's strongly recommended to keep | |
143 | @@ -329,7 +398,7 @@ | |
2f814ad2 ER |
144 | ; Log errors into a log file (server-specific log, stderr, or error_log (below)) |
145 | ; As stated above, you're strongly advised to use error logging in place of | |
146 | ; error displaying on production web sites. | |
147 | -log_errors = Off | |
148 | +log_errors = On | |
149 | ||
150 | ; Set maximum length of log_errors. In error_log information about the source is | |
151 | ; added. The default is 1024 and 0 allows to not apply any maximum length at all. | |
cb94c0c6 ER |
152 | @@ -352,7 +421,7 @@ |
153 | ;report_zend_debug = 0 | |
154 | ||
155 | ; Store the last error/warning message in $php_errormsg (boolean). | |
156 | -track_errors = Off | |
157 | +track_errors = On | |
158 | ||
159 | ; Turn off normal error reporting and emit XML-RPC error XML | |
160 | ;xmlrpc_errors = 0 | |
4bf4f400 | 161 | @@ -361,7 +430,7 @@ |
87831047 ER |
162 | |
163 | ; Disable the inclusion of HTML tags in error messages. | |
164 | ; Note: Never use this feature for production boxes. | |
165 | -;html_errors = Off | |
166 | +html_errors = Off | |
167 | ||
168 | ; If html_errors is set On PHP produces clickable error messages that direct | |
169 | ; to a page describing the error or function causing the error in detail. | |
4bf4f400 | 170 | @@ -405,7 +474,7 @@ |
20e4fbdf ER |
171 | ; Environment and Built-in variables (G, P, C, E & S respectively, often |
172 | ; referred to as EGPCS or GPC). Registration is done from left to right, newer | |
173 | ; values override older values. | |
174 | -variables_order = "EGPCS" | |
175 | +variables_order = "GPCS" | |
176 | ||
177 | ; Whether or not to register the EGPCS variables as global variables. You may | |
178 | ; want to turn this off if you don't want to clutter your scripts' global scope | |
4bf4f400 | 179 | @@ -421,12 +490,12 @@ |
20e4fbdf ER |
180 | ; Whether or not to register the old-style input arrays, HTTP_GET_VARS |
181 | ; and friends. If you're not using them, it's recommended to turn them off, | |
182 | ; for performance reasons. | |
183 | -register_long_arrays = On | |
184 | +register_long_arrays = Off | |
185 | ||
186 | ; This directive tells PHP whether to declare the argv&argc variables (that | |
187 | ; would contain the GET information). If you don't use these variables, you | |
188 | ; should turn it off for increased performance. | |
189 | -register_argc_argv = On | |
190 | +register_argc_argv = Off | |
191 | ||
192 | ; When enabled, the SERVER and ENV variables are created when they're first | |
193 | ; used (Just In Time) instead of when the script starts. If these variables | |
4bf4f400 | 194 | @@ -442,7 +511,7 @@ |
20e4fbdf ER |
195 | ; |
196 | ||
197 | ; Magic quotes for incoming GET/POST/Cookie data. | |
198 | -magic_quotes_gpc = On | |
199 | +magic_quotes_gpc = Off | |
200 | ||
201 | ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. | |
202 | magic_quotes_runtime = Off | |
4bf4f400 | 203 | @@ -488,55 +557,13 @@ |
62277197 AM |
204 | user_dir = |
205 | ||
206 | ; Directory in which the loadable extensions (modules) reside. | |
207 | -extension_dir = "./" | |
208 | +extension_dir = "/usr/lib/php" | |
209 | ||
210 | ; Whether or not to enable the dl() function. The dl() function does NOT work | |
211 | ; properly in multithreaded servers, such as IIS or Zeus, and is automatically | |
4bf4f400 ER |
212 | ; disabled on them. |
213 | enable_dl = On | |
214 | ||
215 | -; cgi.force_redirect is necessary to provide security running PHP as a CGI under | |
216 | -; most web servers. Left undefined, PHP turns this on by default. You can | |
217 | -; turn it off here AT YOUR OWN RISK | |
218 | -; **You CAN safely turn this off for IIS, in fact, you MUST.** | |
219 | -; cgi.force_redirect = 1 | |
220 | - | |
221 | -; if cgi.nph is enabled it will force cgi to always sent Status: 200 with | |
222 | -; every request. | |
223 | -; cgi.nph = 1 | |
224 | - | |
225 | -; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape | |
226 | -; (iPlanet) web servers, you MAY need to set an environment variable name that PHP | |
227 | -; will look for to know it is OK to continue execution. Setting this variable MAY | |
228 | -; cause security issues, KNOW WHAT YOU ARE DOING FIRST. | |
229 | -; cgi.redirect_status_env = ; | |
230 | - | |
231 | -; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's | |
232 | -; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok | |
233 | -; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting | |
234 | -; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting | |
235 | -; of zero causes PHP to behave as before. Default is 1. You should fix your scripts | |
236 | -; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. | |
237 | -; cgi.fix_pathinfo=0 | |
238 | - | |
239 | -; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate | |
240 | -; security tokens of the calling client. This allows IIS to define the | |
241 | -; security context that the request runs under. mod_fastcgi under Apache | |
242 | -; does not currently support this feature (03/17/2002) | |
243 | -; Set to 1 if running under IIS. Default is zero. | |
244 | -; fastcgi.impersonate = 1; | |
245 | - | |
246 | -; Disable logging through FastCGI connection | |
247 | -; fastcgi.logging = 0 | |
248 | - | |
249 | -; cgi.rfc2616_headers configuration option tells PHP what type of headers to | |
250 | -; use when sending HTTP response code. If it's set 0 PHP sends Status: header that | |
251 | -; is supported by Apache. When this option is set to 1 PHP will send | |
252 | -; RFC2616 compliant header. | |
253 | -; Default is zero. | |
254 | -;cgi.rfc2616_headers = 0 | |
255 | - | |
256 | - | |
257 | ;;;;;;;;;;;;;;;; | |
258 | ; File Uploads ; | |
259 | ;;;;;;;;;;;;;;;; | |
260 | @@ -600,59 +627,6 @@ | |
bdc88c24 ER |
261 | ; needs to go here. Specify the location of the extension with the |
262 | ; extension_dir directive above. | |
263 | ||
264 | - | |
265 | -; Windows Extensions | |
266 | -; Note that ODBC support is built in, so no dll is needed for it. | |
267 | -; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5) | |
268 | -; extension folders as well as the separate PECL DLL download (PHP 5). | |
269 | -; Be sure to appropriately set the extension_dir directive. | |
270 | - | |
bdc88c24 ER |
271 | -;extension=php_bz2.dll |
272 | -;extension=php_curl.dll | |
273 | -;extension=php_dba.dll | |
274 | -;extension=php_dbase.dll | |
275 | -;extension=php_exif.dll | |
276 | -;extension=php_fdf.dll | |
bdc88c24 ER |
277 | -;extension=php_gd2.dll |
278 | -;extension=php_gettext.dll | |
e8baea14 | 279 | -;extension=php_gmp.dll |
bdc88c24 ER |
280 | -;extension=php_ifx.dll |
281 | -;extension=php_imap.dll | |
282 | -;extension=php_interbase.dll | |
283 | -;extension=php_ldap.dll | |
e8baea14 | 284 | -;extension=php_mbstring.dll |
bdc88c24 ER |
285 | -;extension=php_mcrypt.dll |
286 | -;extension=php_mhash.dll | |
287 | -;extension=php_mime_magic.dll | |
288 | -;extension=php_ming.dll | |
bdc88c24 | 289 | -;extension=php_msql.dll |
e8baea14 | 290 | -;extension=php_mssql.dll |
bdc88c24 | 291 | -;extension=php_mysql.dll |
e8baea14 | 292 | -;extension=php_mysqli.dll |
bdc88c24 ER |
293 | -;extension=php_oci8.dll |
294 | -;extension=php_openssl.dll | |
e8baea14 ER |
295 | -;extension=php_pdo.dll |
296 | -;extension=php_pdo_firebird.dll | |
297 | -;extension=php_pdo_mssql.dll | |
298 | -;extension=php_pdo_mysql.dll | |
299 | -;extension=php_pdo_oci.dll | |
300 | -;extension=php_pdo_oci8.dll | |
301 | -;extension=php_pdo_odbc.dll | |
302 | -;extension=php_pdo_pgsql.dll | |
303 | -;extension=php_pdo_sqlite.dll | |
bdc88c24 | 304 | -;extension=php_pgsql.dll |
e8baea14 | 305 | -;extension=php_pspell.dll |
bdc88c24 ER |
306 | -;extension=php_shmop.dll |
307 | -;extension=php_snmp.dll | |
e8baea14 | 308 | -;extension=php_soap.dll |
bdc88c24 ER |
309 | -;extension=php_sockets.dll |
310 | -;extension=php_sqlite.dll | |
311 | -;extension=php_sybase_ct.dll | |
312 | -;extension=php_tidy.dll | |
313 | -;extension=php_xmlrpc.dll | |
314 | -;extension=php_xsl.dll | |
e8baea14 | 315 | -;extension=php_zip.dll |
bdc88c24 ER |
316 | - |
317 | ;;;;;;;;;;;;;;;;;;; | |
318 | ; Module Settings ; | |
319 | ;;;;;;;;;;;;;;;;;;; | |
4bf4f400 ER |
320 | @@ -776,6 +750,9 @@ |
321 | ; Maximum time (in seconds) for connect timeout. -1 means no limit | |
322 | mysql.connect_timeout = 60 | |
323 | ||
324 | +; The name of the character set to use as the default character set. | |
325 | +;mysql.connect_charset=utf8 | |
326 | + | |
327 | ; Trace mode. When trace_mode is active (=On), warnings for table/index scans and | |
328 | ; SQL-Errors will be displayed. | |
329 | mysql.trace_mode = Off | |
330 | @@ -795,6 +772,9 @@ | |
331 | ; MySQL defaults. | |
332 | mysqli.default_socket = | |
333 | ||
334 | +; The name of the character set to use as the default character set. | |
335 | +;mysqli.connect_charset=utf8 | |
336 | + | |
337 | ; Default host for mysql_connect() (doesn't apply in safe mode). | |
338 | mysqli.default_host = | |
339 | ||
340 | @@ -811,6 +791,10 @@ | |
341 | ; Allow or prevent reconnect | |
342 | mysqli.reconnect = Off | |
343 | ||
344 | +[pdo_mysql] | |
345 | +; The name of the character set to use as the default character set. | |
346 | +;pdo_mysql.connect_charset=utf8 | |
347 | + | |
348 | [mSQL] | |
349 | ; Allow or prevent persistent links. | |
350 | msql.allow_persistent = On | |
351 | @@ -920,7 +904,7 @@ | |
55309ada | 352 | bcmath.scale = 0 |
4bf4f400 | 353 | |
55309ada PG |
354 | [browscap] |
355 | -;browscap = extra/browscap.ini | |
7be993d3 | 356 | +browscap = /etc/php/browscap.ini |
4bf4f400 | 357 | |
55309ada PG |
358 | [Informix] |
359 | ; Default host for ifx_connect() (doesn't apply in safe mode). | |
4bf4f400 | 360 | @@ -1273,7 +1257,7 @@ |
614d53e4 ER |
361 | ; Enables or disables WSDL caching feature. |
362 | soap.wsdl_cache_enabled=1 | |
363 | ; Sets the directory name where SOAP extension will put cache files. | |
364 | -soap.wsdl_cache_dir="/tmp" | |
365 | +soap.wsdl_cache_dir="/var/run/php" | |
366 | ; (time to live) Sets the number of second while cached file will be used | |
367 | ; instead of original one. | |
368 | soap.wsdl_cache_ttl=86400 |