From ba003a486ef671272812a61c1a808a81f4e5b250 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Fri, 3 Jul 2026 15:56:47 +0200 Subject: refresh ini from upstream (production) --- php.ini | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) (limited to 'php.ini') diff --git a/php.ini b/php.ini index 1d8e01a..b4724bb 100644 --- a/php.ini +++ b/php.ini @@ -613,6 +613,12 @@ ignore_repeated_source = Off ; Production Value: On ;fatal_error_backtraces = On +; This directive controls whether PHP will print the actual arguments of a +; function upon an error. If this is off (or there was an error fetching the +; arguments), the function providing the error may optionally provide some +; additional information after the problem function's name. +;error_include_args = Off + ;;;;;;;;;;;;;;;;; ; Data Handling ; ;;;;;;;;;;;;;;;;; @@ -809,10 +815,10 @@ enable_dl = Off ;fastcgi.impersonate = 1 ; Prevent decoding of SCRIPT_FILENAME when using Apache ProxyPass or -; ProxyPassMatch. This should only be used if script file paths are already -; stored in an encoded format on the file system. -; Default is 0. -;fastcgi.script_path_encoded = 1 +; ProxyPassMatch. This should be used if script file paths are not stored +; in an encoded format on the file system. +; Default is 1. +;fastcgi.script_path_encoded = 0 ; Disable logging through FastCGI connection. PHP's default behavior is to enable ; this feature. @@ -1265,10 +1271,9 @@ session.save_handler = files ; Strict session mode does not accept an uninitialized session ID, and ; regenerates the session ID if the browser sends an uninitialized session ID. ; Strict mode protects applications from session fixation via a session adoption -; vulnerability. It is disabled by default for maximum compatibility, but -; enabling it is encouraged. +; vulnerability. ; https://wiki.php.net/rfc/strict_sessions -session.use_strict_mode = 0 +session.use_strict_mode = 1 ; Whether to use cookies. ; https://php.net/session.use-cookies @@ -1310,13 +1315,13 @@ session.cookie_domain = ; Whether or not to add the httpOnly flag to the cookie, which makes it ; inaccessible to browser scripting languages such as JavaScript. ; https://php.net/session.cookie-httponly -session.cookie_httponly = +session.cookie_httponly = 1 ; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) ; Current valid values are "Strict", "Lax" or "None". When using "None", ; make sure to include the quotes, as `none` is interpreted like `false` in ini files. ; https://tools.ietf.org/html/draft-west-first-party-cookies-07 -session.cookie_samesite = +session.cookie_samesite = "Lax" ; Handler used to serialize data. php is the standard serializer of PHP. ; https://php.net/session.serialize-handler -- cgit