New INI Configuration Directives
New php.ini directives introduced in PHP 5.2.0:
- allow_url_include This useful option makes it possible to differentiate between standard file operations on remote files, and the inclusion of remote files. While the former is usually desirable, the latter can be a security risk if used naively. Starting with PHP 5.2.0, you can allow remote file operations while disallowing the inclusion of remote files in local scripts. In fact, this is the default configuration.
- pcre.backtrack_limit PCRE's backtracking limit.
- pcre.recursion_limit PCRE's recursion limit. Please note that if you set this value to a high number you may consume all the available process stack and eventually crash PHP (due to reaching the stack size limit imposed by the Operating System).
- session.cookie_httponly Marks the cookie as accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers).
New directives in PHP 5.2.2:
- max_input_nesting_level Limits how deep input variables can be nested, default is 64.
English translation
You have asked to visit this site in English. For now, only the interface is translated, but not all the content yet.If you want to help me in translations, your contribution is welcome. All you need to do is register on the site, and send me a message asking me to add you to the group of translators, which will give you the opportunity to translate the pages you want. A link at the bottom of each translated page indicates that you are the translator, and has a link to your profile.
Thank you in advance.
Document created the 30/01/2003, last modified the 26/10/2018
Source of the printed document:https://www.gaudry.be/en/php-rf-migration52.newconf.html
The infobrol is a personal site whose content is my sole responsibility. The text is available under CreativeCommons license (BY-NC-SA). More info on the terms of use and the author.
References
These references and links indicate documents consulted during the writing of this page, or which may provide additional information, but the authors of these sources can not be held responsible for the content of this page.
The author This site is solely responsible for the way in which the various concepts, and the freedoms that are taken with the reference works, are presented here. Remember that you must cross multiple source information to reduce the risk of errors.