From 0bcfa0dcce5beefd3723430187934820ef8110b0 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Tue, 20 Aug 2013 14:44:34 +0200 Subject: php 5.5: fix typo and add missing entries in php.ini --- php.ini | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/php.ini b/php.ini index 8da53bb..7210341 100644 --- a/php.ini +++ b/php.ini @@ -1352,6 +1352,14 @@ session.save_handler = files ; for php-fpm, see /etc/php-fpm.d/*conf ;session.save_path = "/tmp" +; Whether to use strict session mode. +; Strict session mode does not accept uninitialized session ID and regenerate +; session ID if browser sends uninitialized session ID. Strict mode protects +; applications from session fixation via session adoption vulnerability. It is +; disabled by default for maximum compatibility, but enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +session.use_strict_mode = 0 + ; Whether to use cookies. ; http://php.net/session.use-cookies session.use_cookies = 1 @@ -1431,7 +1439,7 @@ session.gc_maxlifetime = 1440 ; collection through a shell script, cron entry, or some other method. ; For example, the following script would is the equivalent of ; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): -; find /path/to/sessions -cmin +24 | xargs rm +; find /path/to/sessions -cmin +24 -type f | xargs rm ; PHP 4.2 and less have an undocumented feature/bug that allows you to ; to initialize a session variable in the global scope. @@ -1593,7 +1601,7 @@ mssql.min_error_severity = 10 mssql.min_message_severity = 10 ; Compatibility mode with old versions of PHP 3.0. -mssql.compatability_mode = Off +mssql.compatibility_mode = Off ; Connect timeout ;mssql.connect_timeout = 5 @@ -1788,6 +1796,11 @@ ldap.max_links = -1 [dba] ;dba.default_handler= +[curl] +; A default value for the CURLOPT_CAINFO option. This is required to be an +; absolute path. +;curl.cainfo = + ; Local Variables: ; tab-width: 4 ; End: -- cgit