Remove mentions to register_globals
This commit is contained in:
Laurent Destailleur
parent
bb4618e2cf
commit
6df36866e1
@ -458,16 +458,6 @@ variables_order = "GPCS"
|
||||
; with user data. This makes most sense when coupled with track_vars - in which
|
||||
; case you can access all of the GPC variables through the $HTTP_*_VARS[],
|
||||
; variables.
|
||||
;
|
||||
; You should do your best to write your scripts so that they do not require
|
||||
; register_globals to be on; Using form variables as globals can easily lead
|
||||
; to possible security problems, if the code is not very well thought of.
|
||||
register_globals = Off
|
||||
|
||||
; Whether or not to register the old-style input arrays, HTTP_GET_VARS
|
||||
; and friends. If you're not using them, it's recommended to turn them off,
|
||||
; for performance reasons.
|
||||
register_long_arrays = Off
|
||||
|
||||
; This directive tells PHP whether to declare the argv&argc variables (that
|
||||
; would contain the GET information). If you don't use these variables, you
|
||||
@ -477,8 +467,7 @@ register_argc_argv = Off
|
||||
; When enabled, the SERVER and ENV variables are created when they're first
|
||||
; used (Just In Time) instead of when the script starts. If these variables
|
||||
; are not used within a script, having this directive on will result in a
|
||||
; performance gain. The PHP directives register_globals, register_long_arrays,
|
||||
; and register_argc_argv must be disabled for this directive to have any affect.
|
||||
; performance gain.
|
||||
auto_globals_jit = On
|
||||
|
||||
; Maximum size of POST data that PHP will accept.
|
||||
@ -1101,14 +1090,6 @@ session.gc_maxlifetime = 1800
|
||||
; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
|
||||
; cd /path/to/sessions; find -cmin +24 | xargs rm
|
||||
|
||||
; PHP 4.2 and less have an undocumented feature/bug that allows you to
|
||||
; to initialize a session variable in the global scope, albeit register_globals
|
||||
; is disabled. PHP 4.3 and later will warn you, if this feature is used.
|
||||
; You can disable the feature and the warning separately. At this time,
|
||||
; the warning is only displayed, if bug_compat_42 is enabled.
|
||||
|
||||
session.bug_compat_42 = 0
|
||||
session.bug_compat_warn = 1
|
||||
|
||||
; Check HTTP Referer to invalidate externally stored URLs containing ids.
|
||||
; HTTP_REFERER has to contain this substring for the session to be
|
||||
|
||||
@ -29,16 +29,6 @@ Alias /dolibarr /usr/share/dolibarr/htdocs
|
||||
ErrorDocument 401 /public/error-401.php
|
||||
ErrorDocument 404 /public/error-404.php
|
||||
|
||||
<IfModule mod_php4.c>
|
||||
php_flag magic_quotes_gpc Off
|
||||
php_flag register_globals Off
|
||||
</IfModule>
|
||||
|
||||
<IfModule mod_php5.c>
|
||||
php_flag magic_quotes_gpc Off
|
||||
php_flag register_globals Off
|
||||
</IfModule>
|
||||
|
||||
|
||||
# OPTIMIZE: To use gzip compressed files (for Dolibarr already compressed files).
|
||||
# Note that constant MAIN_OPTIMIZE_SPEED must have a value with bit 0 set.
|
||||
|
||||
@ -658,20 +658,6 @@ html_errors = Off
|
||||
; Example:
|
||||
;arg_separator.input = ";&"
|
||||
|
||||
; This directive determines which super global arrays are registered when PHP
|
||||
; starts up. If the register_globals directive is enabled, it also determines
|
||||
; what order variables are populated into the global space. G,P,C,E & S are
|
||||
; abbreviations for the following respective super globals: GET, POST, COOKIE,
|
||||
; ENV and SERVER. There is a performance penalty paid for the registration of
|
||||
; these arrays and because ENV is not as commonly used as the others, ENV is
|
||||
; is not recommended on productions servers. You can still get access to
|
||||
; the environment variables through getenv() should you need to.
|
||||
; Default Value: "EGPCS"
|
||||
; Development Value: "GPCS"
|
||||
; Production Value: "GPCS";
|
||||
; http://php.net/variables-order
|
||||
variables_order = "GPCS"
|
||||
|
||||
; This directive determines which super global data (G,P,C,E & S) should
|
||||
; be registered into the super global array REQUEST. If so, it also determines
|
||||
; the order in which that data is registered. The values for this directive are
|
||||
@ -685,15 +671,6 @@ variables_order = "GPCS"
|
||||
; http://php.net/request-order
|
||||
request_order = "GP"
|
||||
|
||||
; Whether or not to register the EGPCS variables as global variables. You may
|
||||
; want to turn this off if you don't want to clutter your scripts' global scope
|
||||
; with user data.
|
||||
; You should do your best to write your scripts so that they do not require
|
||||
; register_globals to be on; Using form variables as globals can easily lead
|
||||
; to possible security problems, if the code is not very well thought of.
|
||||
; http://php.net/register-globals
|
||||
register_globals = Off
|
||||
|
||||
; Determines whether the deprecated long $HTTP_*_VARS type predefined variables
|
||||
; are registered by PHP or not. As they are deprecated, we obviously don't
|
||||
; recommend you use them. They are on by default for compatibility reasons but
|
||||
@ -722,8 +699,7 @@ register_argc_argv = Off
|
||||
; When enabled, the SERVER and ENV variables are created when they're first
|
||||
; used (Just In Time) instead of when the script starts. If these variables
|
||||
; are not used within a script, having this directive on will result in a
|
||||
; performance gain. The PHP directives register_globals, register_long_arrays,
|
||||
; and register_argc_argv must be disabled for this directive to have any affect.
|
||||
; performance gain.
|
||||
; http://php.net/auto-globals-jit
|
||||
auto_globals_jit = On
|
||||
|
||||
@ -1516,22 +1492,6 @@ session.gc_maxlifetime = 1440
|
||||
; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
|
||||
; find /path/to/sessions -cmin +24 | xargs rm
|
||||
|
||||
; PHP 4.2 and less have an undocumented feature/bug that allows you to
|
||||
; to initialize a session variable in the global scope, even when register_globals
|
||||
; is disabled. PHP 4.3 and later will warn you, if this feature is used.
|
||||
; You can disable the feature and the warning separately. At this time,
|
||||
; the warning is only displayed, if bug_compat_42 is enabled. This feature
|
||||
; introduces some serious security problems if not handled correctly. It's
|
||||
; recommended that you do not use this feature on production servers. But you
|
||||
; should enable this on development servers and enable the warning as well. If you
|
||||
; do not enable the feature on development servers, you won't be warned when it's
|
||||
; used and debugging errors caused by this can be difficult to track down.
|
||||
; Default Value: On
|
||||
; Development Value: On
|
||||
; Production Value: Off
|
||||
; http://php.net/session.bug-compat-42
|
||||
session.bug_compat_42 = Off
|
||||
|
||||
; This setting controls whether or not you are warned by PHP when initializing a
|
||||
; session value into the global space. session.bug_compat_42 must be enabled before
|
||||
; these warnings can be issued by PHP. See the directive above for more information.
|
||||
|
||||
@ -624,7 +624,7 @@ if (! defined('NOLOGIN'))
|
||||
session_destroy();
|
||||
session_name($sessionname);
|
||||
session_set_cookie_params(0, '/', null, false, true); // Add tag httponly on session cookie
|
||||
session_start(); // Fixing the bug of register_globals here is useless since session is empty
|
||||
session_start();
|
||||
|
||||
if ($resultFetchUser == 0)
|
||||
{
|
||||
@ -681,7 +681,7 @@ if (! defined('NOLOGIN'))
|
||||
session_destroy();
|
||||
session_name($sessionname);
|
||||
session_set_cookie_params(0, '/', null, false, true); // Add tag httponly on session cookie
|
||||
session_start(); // Fixing the bug of register_globals here is useless since session is empty
|
||||
session_start();
|
||||
|
||||
if ($resultFetchUser == 0)
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user