migration52-php-newconf-4

  • Migrating from PHP 5.1.x to PHP
    5.2.x
  • New INI Configuration Directives

  • New INI Configuration Directives
  • New INI Configuration Directives

    New INI Configuration Directives

    New php.ini directives
    introduced in PHP 5.2.0:

    • allow_url_include This
      useful option makes it possible to differentiate between standard
      file operations on remote files, and the inclusion of remote files.
      While the former is usually desirable, the latter can be a security
      risk if used naively. Starting with PHP 5.2.0, you can allow remote
      file operations while disallowing the inclusion of remote files in
      local scripts. In fact, this is the default
      configuration.
    • pcre.backtrack_limit PCRE’s
      backtracking limit.
    • pcre.recursion_limit PCRE’s
      recursion limit. Please note that if you set this value to a high
      number you may consume all the available process stack and
      eventually crash PHP (due to reaching the stack size limit imposed
      by the Operating System).
    • session.cookie_httponly Marks the cookie as accessible only through the HTTP
      protocol. This means that the cookie won’t be accessible by
      scripting languages, such as JavaScript. This setting can
      effectively help to reduce identity theft through XSS attacks
      (although it is not supported by all browsers).

    New directives in PHP 5.2.2: