diff options
| author | Christoph M. Becker <cmbecker69@gmx.de> | 2016-09-26 18:16:50 +0200 |
|---|---|---|
| committer | Christoph M. Becker <cmbecker69@gmx.de> | 2016-09-26 18:41:09 +0200 |
| commit | 4f0960a800202323ac0b9d1d8041ad8dce31db98 (patch) | |
| tree | 2574eabe7cc35f4e0d21077bd3d4f3f7df2d7a1e | |
| parent | 66baefec4465d679b9b156e11670477178c1ee8c (diff) | |
| download | php-git-4f0960a800202323ac0b9d1d8041ad8dce31db98.tar.gz | |
Fix #53745: cgi.discard_path option is missing from php.ini
Also cgi.check_shebang_line has been missing.
| -rw-r--r-- | php.ini-development | 12 | ||||
| -rw-r--r-- | php.ini-production | 12 |
2 files changed, 24 insertions, 0 deletions
diff --git a/php.ini-development b/php.ini-development index d38f672a59..76f2174f5e 100644 --- a/php.ini-development +++ b/php.ini-development @@ -770,6 +770,11 @@ enable_dl = Off ; http://php.net/cgi.fix-pathinfo ;cgi.fix_pathinfo=1 +; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +; of the web tree and people will not be able to circumvent .htaccess security. +; http://php.net/cgi.dicard-path +;cgi.discard_path=1 + ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate ; security tokens of the calling client. This allows IIS to define the ; security context that the request runs under. mod_fastcgi under Apache @@ -790,6 +795,13 @@ enable_dl = Off ; http://php.net/cgi.rfc2616-headers ;cgi.rfc2616_headers = 0 +; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +; (shebang) at the top of the running script. This line might be needed if the +; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +; mode skips this line and ignores its content if this directive is turned on. +; http://php.net/cgi.check-shebang-line +;cgi.check_shebang_line=1 + ;;;;;;;;;;;;;;;; ; File Uploads ; ;;;;;;;;;;;;;;;; diff --git a/php.ini-production b/php.ini-production index d295c46392..b593c24230 100644 --- a/php.ini-production +++ b/php.ini-production @@ -770,6 +770,11 @@ enable_dl = Off ; http://php.net/cgi.fix-pathinfo ;cgi.fix_pathinfo=1 +; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +; of the web tree and people will not be able to circumvent .htaccess security. +; http://php.net/cgi.dicard-path +;cgi.discard_path=1 + ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate ; security tokens of the calling client. This allows IIS to define the ; security context that the request runs under. mod_fastcgi under Apache @@ -790,6 +795,13 @@ enable_dl = Off ; http://php.net/cgi.rfc2616-headers ;cgi.rfc2616_headers = 0 +; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +; (shebang) at the top of the running script. This line might be needed if the +; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +; mode skips this line and ignores its content if this directive is turned on. +; http://php.net/cgi.check-shebang-line +;cgi.check_shebang_line=1 + ;;;;;;;;;;;;;;;; ; File Uploads ; ;;;;;;;;;;;;;;;; |