SOURCES: php4-ini.patch, php4-cgi.ini, php4-cgi-fcgi.ini - move sapi option...
glen
glen at pld-linux.org
Wed Jul 2 18:02:21 CEST 2008
Author: glen Date: Wed Jul 2 16:02:21 2008 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- move sapi options to sapi config
---- Files affected:
SOURCES:
php4-ini.patch (1.16 -> 1.17) , php4-cgi.ini (1.3 -> 1.4) , php4-cgi-fcgi.ini (1.1 -> 1.2)
---- Diffs:
================================================================
Index: SOURCES/php4-ini.patch
diff -u SOURCES/php4-ini.patch:1.16 SOURCES/php4-ini.patch:1.17
--- SOURCES/php4-ini.patch:1.16 Sat Sep 24 14:56:44 2005
+++ SOURCES/php4-ini.patch Wed Jul 2 18:02:15 2008
@@ -253,3 +253,71 @@
; Define the anonymous ftp password (your email address)
;from="john at doe.com"
+--- php-4.4.8/php.ini-dist~ 2008-07-02 18:50:01.000000000 +0300
++++ php-4.4.8/php.ini-dist 2008-07-02 18:56:09.636680270 +0300
+@@ -482,7 +482,7 @@
+ ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
+ ; if you are running php as a CGI under any web server (other than IIS)
+ ; see documentation for security issues. The alternate is to use the
+-; cgi.force_redirect configuration below
++; cgi.force_redirect elsewhere
+ doc_root =
+
+ ; The directory under which PHP opens the script using /~username used only
+@@ -497,48 +497,6 @@
+ ; disabled on them.
+ enable_dl = On
+
+-; cgi.force_redirect is necessary to provide security running PHP as a CGI under
+-; most web servers. Left undefined, PHP turns this on by default. You can
+-; turn it off here AT YOUR OWN RISK
+-; **You CAN safely turn this off for IIS, in fact, you MUST.**
+-; cgi.force_redirect = 1
+-
+-; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
+-; every request.
+-; cgi.nph = 1
+-
+-; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
+-; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
+-; will look for to know it is OK to continue execution. Setting this variable MAY
+-; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
+-; cgi.redirect_status_env = ;
+-
+-; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
+-; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
+-; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
+-; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting
+-; of zero causes PHP to behave as before. Default is zero. You should fix your scripts
+-; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
+-; cgi.fix_pathinfo=0
+-
+-; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
+-; security tokens of the calling client. This allows IIS to define the
+-; security context that the request runs under. mod_fastcgi under Apache
+-; does not currently support this feature (03/17/2002)
+-; Set to 1 if running under IIS. Default is zero.
+-; fastcgi.impersonate = 1;
+-
+-; Disable logging through FastCGI connection
+-; fastcgi.log = 0
+-
+-; cgi.rfc2616_headers configuration option tells PHP what type of headers to
+-; use when sending HTTP response code. If it's set 0 PHP sends Status: header that
+-; is supported by Apache. When this option is set to 1 PHP will send
+-; RFC2616 compliant header.
+-; Default is zero.
+-;cgi.rfc2616_headers = 0
+-
+-
+ ;;;;;;;;;;;;;;;;
+ ; File Uploads ;
+ ;;;;;;;;;;;;;;;;
+@@ -553,7 +511,6 @@
+ ; Maximum allowed size for uploaded files.
+ upload_max_filesize = 2M
+
+-
+ ;;;;;;;;;;;;;;;;;;
+ ; Fopen wrappers ;
+ ;;;;;;;;;;;;;;;;;;
================================================================
Index: SOURCES/php4-cgi.ini
diff -u SOURCES/php4-cgi.ini:1.3 SOURCES/php4-cgi.ini:1.4
--- SOURCES/php4-cgi.ini:1.3 Sat Jan 4 21:39:42 2003
+++ SOURCES/php4-cgi.ini Wed Jul 2 18:02:15 2008
@@ -7,6 +7,38 @@
; and override some settings in SAPI-specific files without need of
; copying whole large php.ini.
+; cgi.force_redirect is necessary to provide security running PHP as a CGI under
+; most web servers. Left undefined, PHP turns this on by default. You can
+; turn it off here AT YOUR OWN RISK
+; **You CAN safely turn this off for IIS, in fact, you MUST.**
+; cgi.force_redirect = 1
+
+; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
+; every request.
+; cgi.nph = 1
+
+; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
+; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
+; will look for to know it is OK to continue execution. Setting this variable MAY
+; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
+; cgi.redirect_status_env = ;
+
+; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
+; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
+; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
+; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting
+; of zero causes PHP to behave as before. Default is zero. You should fix your scripts
+; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
+; cgi.fix_pathinfo=0
+
+; cgi.rfc2616_headers configuration option tells PHP what type of headers to
+; use when sending HTTP response code. If it's set 0 PHP sends Status: header that
+; is supported by Apache. When this option is set to 1 PHP will send
+; RFC2616 compliant header.
+; Default is zero.
+;cgi.rfc2616_headers = 0
+
+
[Session]
session.save_path = /tmp ; argument passed to save_handler
; in the case of files, this is the
================================================================
Index: SOURCES/php4-cgi-fcgi.ini
diff -u SOURCES/php4-cgi-fcgi.ini:1.1 SOURCES/php4-cgi-fcgi.ini:1.2
--- SOURCES/php4-cgi-fcgi.ini:1.1 Wed Oct 20 13:17:17 2004
+++ SOURCES/php4-cgi-fcgi.ini Wed Jul 2 18:02:15 2008
@@ -7,6 +7,47 @@
; and override some settings in SAPI-specific files without need of
; copying whole large php.ini.
+; cgi.force_redirect is necessary to provide security running PHP as a CGI under
+; most web servers. Left undefined, PHP turns this on by default. You can
+; turn it off here AT YOUR OWN RISK
+; **You CAN safely turn this off for IIS, in fact, you MUST.**
+; cgi.force_redirect = 1
+
+; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
+; every request.
+; cgi.nph = 1
+
+; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
+; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
+; will look for to know it is OK to continue execution. Setting this variable MAY
+; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
+; cgi.redirect_status_env = ;
+
+; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
+; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
+; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
+; this to 1 will cause PHP CGI to fix it's paths to conform to the spec. A setting
+; of zero causes PHP to behave as before. Default is zero. You should fix your scripts
+; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
+; cgi.fix_pathinfo=0
+
+; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
+; security tokens of the calling client. This allows IIS to define the
+; security context that the request runs under. mod_fastcgi under Apache
+; does not currently support this feature (03/17/2002)
+; Set to 1 if running under IIS. Default is zero.
+; fastcgi.impersonate = 1;
+
+; Disable logging through FastCGI connection
+; fastcgi.log = 0
+
+; cgi.rfc2616_headers configuration option tells PHP what type of headers to
+; use when sending HTTP response code. If it's set 0 PHP sends Status: header that
+; is supported by Apache. When this option is set to 1 PHP will send
+; RFC2616 compliant header.
+; Default is zero.
+;cgi.rfc2616_headers = 0
+
[Session]
session.save_path = /tmp ; argument passed to save_handler
; in the case of files, this is the
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/php4-ini.patch?r1=1.16&r2=1.17&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/php4-cgi.ini?r1=1.3&r2=1.4&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/php4-cgi-fcgi.ini?r1=1.1&r2=1.2&f=u
More information about the pld-cvs-commit
mailing list