diff options
| author | Anatol Belski <ab@php.net> | 2016-09-26 18:55:08 +0200 |
|---|---|---|
| committer | Anatol Belski <ab@php.net> | 2016-09-26 18:55:08 +0200 |
| commit | 5e4a93b28ecc1a1c55a2d2b17d5ecf4f1ffc4838 (patch) | |
| tree | cf9dc0774264230e160334e6ca3a4652d2da1d91 | |
| parent | 4e3746380a85c8b8a4fc7dce4535760a1fb80216 (diff) | |
| parent | b3f4bc759253a8226fe7d9a2451ff169b4cd81ce (diff) | |
| download | php-git-5e4a93b28ecc1a1c55a2d2b17d5ecf4f1ffc4838.tar.gz | |
Merge branch 'PHP-7.1' of git.php.net:php-src into PHP-7.1
| -rw-r--r-- | php.ini-development | 12 | ||||
| -rw-r--r-- | php.ini-production | 12 |
2 files changed, 24 insertions, 0 deletions
diff --git a/php.ini-development b/php.ini-development index 7bb3e3d71b..149b0a1688 100644 --- a/php.ini-development +++ b/php.ini-development @@ -774,6 +774,11 @@ enable_dl = Off ; http://php.net/cgi.fix-pathinfo ;cgi.fix_pathinfo=1 +; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +; of the web tree and people will not be able to circumvent .htaccess security. +; http://php.net/cgi.dicard-path +;cgi.discard_path=1 + ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate ; security tokens of the calling client. This allows IIS to define the ; security context that the request runs under. mod_fastcgi under Apache @@ -794,6 +799,13 @@ enable_dl = Off ; http://php.net/cgi.rfc2616-headers ;cgi.rfc2616_headers = 0 +; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +; (shebang) at the top of the running script. This line might be needed if the +; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +; mode skips this line and ignores its content if this directive is turned on. +; http://php.net/cgi.check-shebang-line +;cgi.check_shebang_line=1 + ;;;;;;;;;;;;;;;; ; File Uploads ; ;;;;;;;;;;;;;;;; diff --git a/php.ini-production b/php.ini-production index 6cf245f85e..c90238f35b 100644 --- a/php.ini-production +++ b/php.ini-production @@ -774,6 +774,11 @@ enable_dl = Off ; http://php.net/cgi.fix-pathinfo ;cgi.fix_pathinfo=1 +; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +; of the web tree and people will not be able to circumvent .htaccess security. +; http://php.net/cgi.dicard-path +;cgi.discard_path=1 + ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate ; security tokens of the calling client. This allows IIS to define the ; security context that the request runs under. mod_fastcgi under Apache @@ -794,6 +799,13 @@ enable_dl = Off ; http://php.net/cgi.rfc2616-headers ;cgi.rfc2616_headers = 0 +; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +; (shebang) at the top of the running script. This line might be needed if the +; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +; mode skips this line and ignores its content if this directive is turned on. +; http://php.net/cgi.check-shebang-line +;cgi.check_shebang_line=1 + ;;;;;;;;;;;;;;;; ; File Uploads ; ;;;;;;;;;;;;;;;; |