1 --- php-5.1.0.org/php.ini 2005-11-25 02:24:23.408519000 +0100
2 +++ php-5.1.0/php.ini 2005-11-25 02:26:06.570966750 +0100
7 -; This is the default settings file for new PHP installations.
8 -; By default, PHP installs itself with a configuration suitable for
9 -; development purposes, and *NOT* for production purposes.
10 -; For several security-oriented considerations that should be taken
11 -; before going online with your site, please consult php.ini-recommended
12 -; and http://php.net/manual/en/security.php.
14 +; This is the default settings file for new PHP installations from
15 +; PLD Linux Distribution.
16 +; It's based mainly on php.ini-dist, but with some changes made with
17 +; security in mind (see below, consult also
18 +; http://php.net/manual/en/security.php).
20 +; Please note, that in PLD installations /etc/php/php.ini file
21 +; contains global settings for all SAPIs (cgi, cli, apache...),
22 +; and after reading this file, SAPI-specific file (/etc/php/php-cgi.ini,
23 +; /etc/php/php-cli.ini, /etc/php/php-apache.ini...) is INCLUDED
24 +; (so you don't have to duplicate whole large file to override only
33 -; All the values in the php.ini-dist file correspond to the builtin
34 -; defaults (that is, if no php.ini is used, or if you delete these lines,
35 -; the builtin defaults will be identical).
36 +; If you use constants in your value, and these constants belong to a
37 +; dynamically loaded extension (either a PHP extension or a Zend extension),
38 +; you may only use these constants *after* the line that loads the extension.
41 +; Below is the list of settings changed from default as specified in
42 +; php.ini-recommended. These settings make PHP more secure and encourage
44 +; The price is that with these settings, PHP may be incompatible with some old
45 +; or bad-written applications, and sometimes, more difficult to develop with.
46 +; Using this settings is warmly recommended for production sites. As all of
47 +; the changes from the standard settings are thoroughly documented, you can
48 +; go over each one, and decide whether you want to use it or not.
50 +; - register_globals = Off [Security, Performance]
51 +; Global variables are no longer registered for input data (POST, GET, cookies,
52 +; environment and other server variables). Instead of using $foo, you must use
53 +; you can use $_REQUEST["foo"] (includes any variable that arrives through the
54 +; request, namely, POST, GET and cookie variables), or use one of the specific
55 +; $_GET["foo"], $_POST["foo"], $_COOKIE["foo"] or $_FILES["foo"], depending
56 +; on where the input originates. Also, you can look at the
57 +; import_request_variables() function.
58 +; Note that register_globals = Off is the default setting since PHP 4.2.0.
59 +; - display_errors = Off [Security]
60 +; With this directive set to off, errors that occur during the execution of
61 +; scripts will no longer be displayed as a part of the script output, and thus,
62 +; will no longer be exposed to remote users. With some errors, the error message
63 +; content may expose information about your script, web server, or database
64 +; server that may be exploitable for hacking. Production sites should have this
65 +; directive set to off.
66 +; - log_errors = On [Security]
67 +; This directive complements the above one. Any errors that occur during the
68 +; execution of your script will be logged (typically, to your server's error log,
69 +; but can be configured in several ways). Along with setting display_errors to off,
70 +; this setup gives you the ability to fully understand what may have gone wrong,
71 +; without exposing any sensitive information to remote users.
72 +; - error_reporting = E_ALL [Code Cleanliness, Security(?)]
73 +; By default, PHP surpresses errors of type E_NOTICE. These error messages
74 +; are emitted for non-critical errors, but that could be a symptom of a bigger
75 +; problem. Most notably, this will cause error messages about the use
76 +; of uninitialized variables to be displayed.
78 +; For completeness, below is list of the rest of changes recommended for
79 +; performance, but NOT applied in default php.ini in PLD (since they are
80 +; not needed for security or may cause problems with some applications
81 +; more likely than above).
83 +; - output_buffering = 4096 [Performance]
84 +; Set a 4KB output buffer. Enabling output buffering typically results in less
85 +; writes, and sometimes less packets sent on the wire, which can often lead to
86 +; better performance. The gain this directive actually yields greatly depends
87 +; on which Web server you're working with, and what kind of scripts you're using.
88 +; - register_argc_argv = Off [Performance]
89 +; Disables registration of the somewhat redundant $argv and $argc global
91 +; - magic_quotes_gpc = Off [Performance]
92 +; Input data is no longer escaped with slashes so that it can be sent into
93 +; SQL databases without further manipulation. Instead, you should use the
94 +; function addslashes() on each input element you wish to send to a database.
95 +; - variables_order = "GPCS" [Performance]
96 +; The environment variables are not hashed into the $HTTP_ENV_VARS[]. To access
97 +; environment variables, you can use getenv() instead.
98 +; - allow_call_time_pass_reference = Off [Code cleanliness]
99 +; It's not possible to decide to force a variable to be passed by reference
100 +; when calling a function. The PHP 4 style to do this is by making the
101 +; function require the relevant argument by reference.
109 ; The number of significant digits displayed in floating point numbers.
113 ; Enforce year 2000 compliance (will cause problems with non-compliant browsers)
115 @@ -289,14 +356,16 @@
117 ; - Show all errors except for notices and coding standards warnings
119 -error_reporting = E_ALL & ~E_NOTICE
120 +;error_reporting = E_ALL & ~E_NOTICE
122 +error_reporting = E_ALL
124 ; Print out errors (as a part of the output). For production web sites,
125 ; you're strongly encouraged to turn this feature off, and use error logging
126 ; instead (see below). Keeping display_errors enabled on a production web site
127 ; may reveal security information to end users, such as file paths on your Web
128 ; server, your database schema or other information.
130 +display_errors = Off
132 ; Even when display_errors is on, errors that occur during PHP's startup
133 ; sequence are not displayed. It's strongly recommended to keep
135 ; Log errors into a log file (server-specific log, stderr, or error_log (below))
136 ; As stated above, you're strongly advised to use error logging in place of
137 ; error displaying on production web sites.
141 ; Set maximum length of log_errors. In error_log information about the source is
142 ; added. The default is 1024 and 0 allows to not apply any maximum length at all.
146 ; Directory in which the loadable extensions (modules) reside.
147 -extension_dir = "./"
148 +extension_dir = "/usr/lib/php"
150 ; Whether or not to enable the dl() function. The dl() function does NOT work
151 ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
152 --- php-5.1.1/php.ini~ 2005-12-19 19:44:04.000000000 +0200
153 +++ php-5.1.1/php.ini 2005-12-19 20:01:09.000000000 +0200
155 ; needs to go here. Specify the location of the extension with the
156 ; extension_dir directive above.
159 -; Windows Extensions
160 -; Note that ODBC support is built in, so no dll is needed for it.
161 -; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5)
162 -; extension folders as well as the separate PECL DLL download (PHP 5).
163 -; Be sure to appropriately set the extension_dir directive.
165 -;extension=php_mbstring.dll
166 -;extension=php_bz2.dll
167 -;extension=php_curl.dll
168 -;extension=php_dba.dll
169 -;extension=php_dbase.dll
170 -;extension=php_exif.dll
171 -;extension=php_fdf.dll
172 -;extension=php_filepro.dll
173 -;extension=php_gd2.dll
174 -;extension=php_gettext.dll
175 -;extension=php_ifx.dll
176 -;extension=php_imap.dll
177 -;extension=php_interbase.dll
178 -;extension=php_ldap.dll
179 -;extension=php_mcrypt.dll
180 -;extension=php_mhash.dll
181 -;extension=php_mime_magic.dll
182 -;extension=php_ming.dll
183 -;extension=php_mssql.dll
184 -;extension=php_msql.dll
185 -;extension=php_mysql.dll
186 -;extension=php_oci8.dll
187 -;extension=php_openssl.dll
188 -;extension=php_oracle.dll
189 -;extension=php_pgsql.dll
190 -;extension=php_shmop.dll
191 -;extension=php_snmp.dll
192 -;extension=php_sockets.dll
193 -;extension=php_sqlite.dll
194 -;extension=php_sybase_ct.dll
195 -;extension=php_tidy.dll
196 -;extension=php_xmlrpc.dll
197 -;extension=php_xsl.dll
203 --- php-5.1.1/php.ini~ 2005-12-19 20:01:09.000000000 +0200
204 +++ php-5.1.1/php.ini 2005-12-19 20:04:03.000000000 +0200
206 ; This directive tells PHP whether to declare the argv&argc variables (that
207 ; would contain the GET information). If you don't use these variables, you
208 ; should turn it off for increased performance.
209 -register_argc_argv = On
210 +register_argc_argv = Off
212 ; When enabled, the SERVER and ENV variables are created when they're first
213 ; used (Just In Time) instead of when the script starts. If these variables
214 --- php-5.1.1/php.ini~ 2005-12-19 20:04:03.000000000 +0200
215 +++ php-5.1.1/php.ini 2005-12-19 20:08:54.000000000 +0200
217 ; Whether or not to register the old-style input arrays, HTTP_GET_VARS
218 ; and friends. If you're not using them, it's recommended to turn them off,
219 ; for performance reasons.
220 -register_long_arrays = On
221 +register_long_arrays = Off
223 ; This directive tells PHP whether to declare the argv&argc variables (that
224 ; would contain the GET information). If you don't use these variables, you
228 ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
229 -allow_url_fopen = On
230 +allow_url_fopen = Off
232 ; Define the anonymous ftp password (your email address)
234 --- php-5.1.4/php.ini~ 2006-05-30 16:45:33.193170093 +0300
235 +++ php-5.1.4/php.ini 2006-05-30 17:42:38.109721064 +0300
236 @@ -1219,7 +1219,7 @@
237 ; Enables or disables WSDL caching feature.
238 soap.wsdl_cache_enabled=1
239 ; Sets the directory name where SOAP extension will put cache files.
240 -soap.wsdl_cache_dir="/tmp"
241 +soap.wsdl_cache_dir="/var/run/php"
242 ; (time to live) Sets the number of second while cached file will be used
243 ; instead of original one.
244 soap.wsdl_cache_ttl=86400