From e93259bb23500e26a7b0317cde9ad5398eec074e Mon Sep 17 00:00:00 2001
From: bohwaz <github.bohwaz@miam.kd2.org>
Date: Sun, 16 Dec 2018 22:52:37 +0100
Subject: SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation
 strategy against potential security flaws

---
 php.ini-development | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'php.ini-development')

diff --git a/php.ini-development b/php.ini-development
index d6e219b295..b8141af076 100644
--- a/php.ini-development
+++ b/php.ini-development
@@ -986,8 +986,19 @@ cli_server.color = On
 ;intl.use_exceptions = 0
 
 [sqlite3]
+; Directory pointing to SQLite3 extensions
+; http://php.net/sqlite3.extension-dir
 ;sqlite3.extension_dir =
 
+; SQLite defensive mode flag (only available from SQLite 3.26+)
+; When the defensive flag is enabled, language features that allow ordinary
+; SQL to deliberately corrupt the database file are disabled. This forbids
+; writing directly to the schema, shadow tables (eg. FTS data tables), or
+; the sqlite_dbpage virtual table.
+; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+; (for older SQLite versions, this flag has no use)
+sqlite3.defensive = 1
+
 [Pcre]
 ;PCRE library backtracking limit.
 ; http://php.net/pcre.backtrack-limit
-- 
cgit v1.2.1