5.2.x
New INI Configuration Directives
New INI Configuration Directives
New INI Configuration Directives
New php.ini directives
introduced in PHP 5.2.0:
-
allow_url_include This
useful option makes it possible to differentiate between standard
file operations on remote files, and the inclusion of remote files.
While the former is usually desirable, the latter can be a security
risk if used naively. Starting with PHP 5.2.0, you can allow remote
file operations while disallowing the inclusion of remote files in
local scripts. In fact, this is the default
configuration. -
pcre.backtrack_limit PCRE’s
backtracking limit. -
pcre.recursion_limit PCRE’s
recursion limit. Please note that if you set this value to a high
number you may consume all the available process stack and
eventually crash PHP (due to reaching the stack size limit imposed
by the Operating System). -
session.cookie_httponly Marks the cookie as accessible only through the HTTP
protocol. This means that the cookie won’t be accessible by
scripting languages, such as JavaScript. This setting can
effectively help to reduce identity theft through XSS attacks
(although it is not supported by all browsers).
New directives in PHP 5.2.2:
-
max_input_nesting_level Limits how deep input variables
can be nested, default is 64.