diff --git a/chapters/config.xml b/chapters/config.xml index 4dd3d2eb39..f368bd6f39 100644 --- a/chapters/config.xml +++ b/chapters/config.xml @@ -89,199 +89,199 @@ - allow_url_fopen - boolean + allow_url_fopen + boolean - - This option enables the URL-aware fopen wrappers that enable accessing URL object - like files. Default wrappers are provided for the access of - remote files - using the ftp or http protocol, some extensions like zlib may register additional wrappers. - + + This option enables the URL-aware fopen wrappers that enable accessing URL object + like files. Default wrappers are provided for the access of + remote files + using the ftp or http protocol, some extensions like zlib may register additional wrappers. + - - - This option was introduced immediately after the release of version 4.0.3. - For versions up to and including 4.0.3 you can only disable this feature at - compile time by using the configuration switch - --disable-url-fopen-wrapper. - - + + + This option was introduced immediately after the release of version 4.0.3. + For versions up to and including 4.0.3 you can only disable this feature at + compile time by using the configuration switch + --disable-url-fopen-wrapper. + + - asp_tags - boolean + asp_tags + boolean - - Enables the use of ASP-like <% %> tags in addition to - the usual <?php ?> tags. This includes the - variable-value printing shorthand of <%= $value %>. For - more information, see Escaping from HTML. - + + Enables the use of ASP-like <% %> tags in addition to + the usual <?php ?> tags. This includes the + variable-value printing shorthand of <%= $value %>. For + more information, see Escaping from HTML. + - - Support for ASP-style tags was added in 3.0.4. - + + Support for ASP-style tags was added in 3.0.4. + - auto_append_file - string + auto_append_file + string - - Specifies the name of a file that is automatically parsed - after the main file. The file is included as if it was - called with the include function, so - include_path is used. - - The special value none disables auto-appending. - - - If the script is terminated with exit, - auto-append will not occur. - + + Specifies the name of a file that is automatically parsed + after the main file. The file is included as if it was + called with the include function, so + include_path is used. + + The special value none disables auto-appending. + + + If the script is terminated with exit, + auto-append will not occur. + - auto_prepend_file - string + auto_prepend_file + string - - Specifies the name of a file that is automatically parsed - before the main file. The file is included as if it was - called with the include function, so - include_path is used. - - The special value none disables auto-prepending. + + Specifies the name of a file that is automatically parsed + before the main file. The file is included as if it was + called with the include function, so + include_path is used. + + The special value none disables auto-prepending. - cgi_ext - string + cgi_ext + string - - + + - display_errors - boolean + display_errors + boolean - - This determines whether errors should be printed to the screen - as part of the HTML output or not. - + + This determines whether errors should be printed to the screen + as part of the HTML output or not. + - doc_root - string + doc_root + string - - PHP's "root directory" on the server. Only used if - non-empty. If PHP is configured with safe mode, no files outside - this directory are served. - + + PHP's "root directory" on the server. Only used if + non-empty. If PHP is configured with safe mode, no files outside + this directory are served. + - engine - boolean + engine + boolean - - This directive is really only useful in the Apache module - version of PHP. It is used by sites that would like to turn - PHP parsing on and off on a per-directory or per-virtual - server basis. By putting engine - off in the appropriate places in the - httpd.conf file, PHP can be enabled or - disabled. - + + This directive is really only useful in the Apache module + version of PHP. It is used by sites that would like to turn + PHP parsing on and off on a per-directory or per-virtual + server basis. By putting engine + off in the appropriate places in the + httpd.conf file, PHP can be enabled or + disabled. + - error_log - string + error_log + string - - Name of file where script errors should be logged. If the - special value syslog is used, the errors - are sent to the system logger instead. On UNIX, this means - syslog(3) and on Windows NT it means the event log. The - system logger is not supported on Windows 95. + + Name of file where script errors should be logged. If the + special value syslog is used, the errors + are sent to the system logger instead. On UNIX, this means + syslog(3) and on Windows NT it means the event log. The + system logger is not supported on Windows 95. - error_reporting - integer + error_reporting + integer - - Set the error reporting level. The parameter is an integer - representing a bit field. Add the values of the error - reporting levels you want. - - Error Reporting Levels - - - - bit value - enabled reporting - - - - - 1 - normal errors - - - 2 - normal warnings - - - 4 - parser errors - - - 8 - non-critical style-related warnings - - - -
- The default value for this directive is 7 (normal errors, - normal warnings and parser errors are shown). - + + Set the error reporting level. The parameter is an integer + representing a bit field. Add the values of the error + reporting levels you want. + + Error Reporting Levels + + + + bit value + enabled reporting + + + + + 1 + normal errors + + + 2 + normal warnings + + + 4 + parser errors + + + 8 + non-critical style-related warnings + + + +
+ The default value for this directive is 7 (normal errors, + normal warnings and parser errors are shown). + @@ -293,178 +293,178 @@ Turn off HTML tags in error messages. - + - open_basedir - string + open_basedir + string - - Limit the files that can be opened by PHP to the specified - directory-tree. - - - When a script tries to open a file with, - for example, fopen or gzopen, the location of the file is - checked. When the file is outside the specified directory-tree, - PHP will refuse to open it. All symbolic links are resolved, - so it's not possible to avoid this restriction with a symlink. - - - The special value . - indicates that the directory in which the script is stored will - be used as base-directory. - - - Under Windows, separate the directories with a semicolon. On all - other systems, separate the directories with a colon. As an Apache - module, open_basedir paths from parent directories are now - automatically inherited. - + + Limit the files that can be opened by PHP to the specified + directory-tree. + + + When a script tries to open a file with, + for example, fopen or gzopen, the location of the file is + checked. When the file is outside the specified directory-tree, + PHP will refuse to open it. All symbolic links are resolved, + so it's not possible to avoid this restriction with a symlink. + + + The special value . + indicates that the directory in which the script is stored will + be used as base-directory. + + + Under Windows, separate the directories with a semicolon. On all + other systems, separate the directories with a colon. As an Apache + module, open_basedir paths from parent directories are now + automatically inherited. + Support for multiple directories was added in 3.0.7. - - The default is to allow all files to be opened. - + + The default is to allow all files to be opened. + - gpc_order - string + gpc_order + string - - Set the order of GET/POST/COOKIE variable parsing. The - default setting of this directive is "GPC". Setting this to - "GP", for example, will cause PHP to completely ignore cookies - and to overwrite any GET method variables with POST-method - variables of the same name. - + + Set the order of GET/POST/COOKIE variable parsing. The + default setting of this directive is "GPC". Setting this to + "GP", for example, will cause PHP to completely ignore cookies + and to overwrite any GET method variables with POST-method + variables of the same name. + - ignore_user_abort - string + ignore_user_abort + string - - On by default. If changed to Off scripts will be terminated as + + On by default. If changed to Off scripts will be terminated as soon as they try to output something after a client has aborted their connection. - ignore_user_abort. - + ignore_user_abort. + - include_path - string + include_path + string - - Specifies a list of directories where the - require, include - and fopen_with_path functions look for - files. The format is like the system's PATH - environment variable: a list of directories separated with a - colon in UNIX or semicolon in Windows. - - UNIX include_path - + + Specifies a list of directories where the + require, include + and fopen_with_path functions look for + files. The format is like the system's PATH + environment variable: a list of directories separated with a + colon in UNIX or semicolon in Windows. + + UNIX include_path + include_path=.:/home/httpd/php-lib - - - Windows include_path - + + + Windows include_path + include_path=".;c:\www\phplib" - - The default value for this directive is . - (only the current directory). + + The default value for this directive is . + (only the current directory). - isapi_ext - string + isapi_ext + string - - + + - log_errors - boolean + log_errors + boolean - - Tells whether script error messages should be logged to the - server's error log. This option is thus server-specific. + + Tells whether script error messages should be logged to the + server's error log. This option is thus server-specific. - magic_quotes_gpc - boolean + magic_quotes_gpc + boolean - - Sets the magic_quotes state for GPC (Get/Post/Cookie) - operations. When magic_quotes are on, all ' (single-quote), - " (double quote), \ (backslash) and NUL's are escaped - with a backslash automatically. If magic_quotes_sybase is - also on, a single-quote is escaped with a single-quote - instead of a backslash. - + + Sets the magic_quotes state for GPC (Get/Post/Cookie) + operations. When magic_quotes are on, all ' (single-quote), + " (double quote), \ (backslash) and NUL's are escaped + with a backslash automatically. If magic_quotes_sybase is + also on, a single-quote is escaped with a single-quote + instead of a backslash. + - magic_quotes_runtime - boolean + magic_quotes_runtime + boolean - - If magic_quotes_runtime is enabled, - most functions that return data from any sort of external - source including databases and text files will have quotes - escaped with a backslash. If - magic_quotes_sybase is also on, a - single-quote is escaped with a single-quote instead of a - backslash. - + + If magic_quotes_runtime is enabled, + most functions that return data from any sort of external + source including databases and text files will have quotes + escaped with a backslash. If + magic_quotes_sybase is also on, a + single-quote is escaped with a single-quote instead of a + backslash. + - magic_quotes_sybase - boolean + magic_quotes_sybase + boolean - + If magic_quotes_sybase is also on, a single-quote is escaped with a single-quote instead of a backslash if magic_quotes_gpc or magic_quotes_runtime is enabled. - + @@ -479,47 +479,47 @@ include_path=".;c:\www\phplib" run before it is terminated by the parser. This helps prevent poorly written scripts from tying up the server. The default setting is 30. - - - The maximum execution time is not affected by system calls, - the sleep function, etc. Please see the - set_time_limit function for more - details. + + + The maximum execution time is not affected by system calls, + the sleep function, etc. Please see the + set_time_limit function for more + details. - memory_limit - integer + memory_limit + integer - - This sets the maximum amount of memory in bytes that a script - is allowed to allocate. This helps prevent poorly written - scripts for eating up all available memory on a server. - + + This sets the maximum amount of memory in bytes that a script + is allowed to allocate. This helps prevent poorly written + scripts for eating up all available memory on a server. + - nsapi_ext - string + nsapi_ext + string - - + + - + register_globals boolean - + Tells whether or not to register the EGPCS (Environment, GET, POST, Cookie, Server) variables as global variables. You may @@ -535,44 +535,44 @@ include_path=".;c:\www\phplib" $HTTP_SERVER_VARS arrays in the global scope. - + - + - short_open_tag - boolean + short_open_tag + boolean - - Tells whether the short form (<? ?>) - of PHP's open tag should be allowed. If you want to use PHP in - combination with XML, you have to disable this option. If - disabled, you must use the long form of the open tag - (<?php ?>). + + Tells whether the short form (<? ?>) + of PHP's open tag should be allowed. If you want to use PHP in + combination with XML, you have to disable this option. If + disabled, you must use the long form of the open tag + (<?php ?>). - sql.safe_mode - boolean + sql.safe_mode + boolean - - + + - track_errors - boolean + track_errors + boolean - - If enabled, the last error message will always be present in the - global variable $php_errormsg. + + If enabled, the last error message will always be present in the + global variable $php_errormsg. @@ -600,42 +600,56 @@ include_path=".;c:\www\phplib" - upload_tmp_dir - string + upload_tmp_dir + string - - The temporary directory used for storing files when doing - file upload. Must be writable by whatever user PHP is - running as. + + The temporary directory used for storing files when doing + file upload. Must be writable by whatever user PHP is + running as. + + + + + + + upload_max_filesize + integer + + + + The maximum size of an uploaded file. The value is + in bytes. + - user_dir - string + user_dir + string - - The base name of the directory used on a user's home - directory for PHP files, for example - public_html. + + The base name of the directory used on a user's home + directory for PHP files, for example + public_html. - warn_plus_overloading - boolean + warn_plus_overloading + boolean - - If enabled, this option makes PHP output a warning when the - plus (+) operator is used on strings. - This is to make it easier to find scripts that need to be - rewritten to using the string concatenator instead - (.). + + If enabled, this option makes PHP output a warning when the + plus (+) operator is used on strings. + This is to make it easier to find scripts that need to be + rewritten to using the string concatenator instead + (.). @@ -654,9 +668,9 @@ include_path=".;c:\www\phplib" - DNS name or IP address of the SMTP server PHP under Windows - should use for mail sent with the mail - function. + DNS name or IP address of the SMTP server PHP under Windows + should use for mail sent with the mail + function. @@ -667,8 +681,8 @@ include_path=".;c:\www\phplib" - Which "From:" mail address should be used in mail sent from - PHP under Windows. + Which "From:" mail address should be used in mail sent from + PHP under Windows. @@ -679,18 +693,18 @@ include_path=".;c:\www\phplib" - Where the sendmail program can be found, - usually /usr/sbin/sendmail or - /usr/lib/sendmail - configure does an honest attempt of - locating this one for you and set a default, but if it fails, - you can set it here. + Where the sendmail program can be found, + usually /usr/sbin/sendmail or + /usr/lib/sendmail + configure does an honest attempt of + locating this one for you and set a default, but if it fails, + you can set it here. - Systems not using sendmail should set this directive to the - sendmail wrapper/replacement their mail system offers, if any. - For example, Qmail - users can normally set it to - /var/qmail/bin/sendmail. + Systems not using sendmail should set this directive to the + sendmail wrapper/replacement their mail system offers, if any. + For example, Qmail + users can normally set it to + /var/qmail/bin/sendmail. @@ -708,8 +722,8 @@ include_path=".;c:\www\phplib" - Whether to enable PHP's safe mode. Read the Security chapter for more - more information. + Whether to enable PHP's safe mode. Read the Security chapter for more + more information. @@ -720,9 +734,9 @@ include_path=".;c:\www\phplib" - If PHP is used in safe mode, system and - the other functions executing system programs refuse to start - programs that are not in this directory. + If PHP is used in safe mode, system and + the other functions executing system programs refuse to start + programs that are not in this directory. @@ -740,7 +754,7 @@ include_path=".;c:\www\phplib" - DNS name or IP address of host used by the debugger. + DNS name or IP address of host used by the debugger. @@ -751,7 +765,7 @@ include_path=".;c:\www\phplib" - Port number used by the debugger. + Port number used by the debugger. @@ -762,7 +776,7 @@ include_path=".;c:\www\phplib" - Whether the debugger is enabled. + Whether the debugger is enabled. @@ -775,26 +789,26 @@ include_path=".;c:\www\phplib" - enable_dl - boolean + enable_dl + boolean - - This directive is really only useful in the Apache module - version of PHP. You can turn dynamic loading of PHP - extensions with dl on and off per - virtual server or per directory. - - - The main reason for turning dynamic loading off is - security. With dynamic loading, it's possible to ignore all - the safe_mode and open_basedir restrictions. - - - The default is to allow dynamic loading, except when using - safe-mode. In safe-mode, it's always imposible to use - dl. - + + This directive is really only useful in the Apache module + version of PHP. You can turn dynamic loading of PHP + extensions with dl on and off per + virtual server or per directory. + + + The main reason for turning dynamic loading off is + security. With dynamic loading, it's possible to ignore all + the safe_mode and open_basedir restrictions. + + + The default is to allow dynamic loading, except when using + safe-mode. In safe-mode, it's always imposible to use + dl. + @@ -805,8 +819,8 @@ include_path=".;c:\www\phplib" - In what directory PHP should look for dynamically loadable - extensions. + In what directory PHP should look for dynamically loadable + extensions. @@ -817,8 +831,8 @@ include_path=".;c:\www\phplib" - Which dynamically loadable extensions to load when PHP starts - up. + Which dynamically loadable extensions to load when PHP starts + up. @@ -836,7 +850,7 @@ include_path=".;c:\www\phplib" - Whether to allow persistent MySQL connections. + Whether to allow persistent MySQL connections. @@ -848,8 +862,8 @@ include_path=".;c:\www\phplib" - The default server host to use when connecting to the database - server if no other host is specified. + The default server host to use when connecting to the database + server if no other host is specified. @@ -861,8 +875,8 @@ include_path=".;c:\www\phplib" - The default user name to use when connecting to the database - server if no other name is specified. + The default user name to use when connecting to the database + server if no other name is specified. @@ -874,8 +888,8 @@ include_path=".;c:\www\phplib" - The default password to use when connecting to the database - server if no other password is specified. + The default password to use when connecting to the database + server if no other password is specified. @@ -887,8 +901,8 @@ include_path=".;c:\www\phplib" - The maximum number of persistent MySQL connections per - process. + The maximum number of persistent MySQL connections per + process. @@ -900,8 +914,8 @@ include_path=".;c:\www\phplib" - The maximum number of MySQL connections per process, including - persistent connections. + The maximum number of MySQL connections per process, including + persistent connections. @@ -920,7 +934,7 @@ include_path=".;c:\www\phplib" - Whether to allow persistent mSQL connections. + Whether to allow persistent mSQL connections. @@ -932,7 +946,7 @@ include_path=".;c:\www\phplib" - The maximum number of persistent mSQL connections per process. + The maximum number of persistent mSQL connections per process. @@ -944,8 +958,8 @@ include_path=".;c:\www\phplib" - The maximum number of mSQL connections per process, including - persistent connections. + The maximum number of mSQL connections per process, including + persistent connections. @@ -964,7 +978,7 @@ include_path=".;c:\www\phplib" - Whether to allow persistent Postgres connections. + Whether to allow persistent Postgres connections. @@ -976,8 +990,8 @@ include_path=".;c:\www\phplib" - The maximum number of persistent Postgres connections per - process. + The maximum number of persistent Postgres connections per + process. @@ -989,8 +1003,8 @@ include_path=".;c:\www\phplib" - The maximum number of Postgres connections per process, - including persistent connections. + The maximum number of Postgres connections per process, + including persistent connections. @@ -1010,10 +1024,10 @@ include_path=".;c:\www\phplib" - Name of BS2000 PLAM library containing the loadable SESAM - driver modules. Required for using SESAM functions. The - BS2000 PLAM library must be set ACCESS=READ,SHARE=YES - because it must be readable by the apache server's user id. + Name of BS2000 PLAM library containing the loadable SESAM + driver modules. Required for using SESAM functions. The + BS2000 PLAM library must be set ACCESS=READ,SHARE=YES + because it must be readable by the apache server's user id. @@ -1026,13 +1040,13 @@ include_path=".;c:\www\phplib" Name of SESAM application configuration file. Required for - using SESAM functions. The BS2000 file must be readable by - the apache server's user id. + using SESAM functions. The BS2000 file must be readable by + the apache server's user id. The application configuration file will usually contain a - configuration like (see SESAM - reference manual): + configuration like (see SESAM + reference manual): CNF=B @@ -1050,14 +1064,14 @@ NOTYPE - Name of SESAM message catalog file. In most cases, this - directive is not neccessary. Only if the SESAM message file - is not installed in the system's BS2000 message file table, - it can be set with this directive. + Name of SESAM message catalog file. In most cases, this + directive is not neccessary. Only if the SESAM message file + is not installed in the system's BS2000 message file table, + it can be set with this directive. - The message catalog must be set ACCESS=READ,SHARE=YES because - it must be readable by the apache server's user id. + The message catalog must be set ACCESS=READ,SHARE=YES because + it must be readable by the apache server's user id. @@ -1077,7 +1091,7 @@ NOTYPE - Whether to allow persistent Sybase connections. + Whether to allow persistent Sybase connections. @@ -1089,8 +1103,8 @@ NOTYPE - The maximum number of persistent Sybase connections per - process. + The maximum number of persistent Sybase connections per + process. @@ -1102,8 +1116,8 @@ NOTYPE - The maximum number of Sybase connections per process, - including persistent connections. + The maximum number of Sybase connections per process, + including persistent connections. @@ -1122,8 +1136,8 @@ NOTYPE - Whether to allow persistent Sybase-CT connections. - The default is on. + Whether to allow persistent Sybase-CT connections. + The default is on. @@ -1135,8 +1149,8 @@ NOTYPE - The maximum number of persistent Sybase-CT connections per - process. The default is -1 meaning unlimited. + The maximum number of persistent Sybase-CT connections per + process. The default is -1 meaning unlimited. @@ -1148,9 +1162,9 @@ NOTYPE - The maximum number of Sybase-CT connections per process, - including persistent connections. The default is -1 meaning - unlimited. + The maximum number of Sybase-CT connections per process, + including persistent connections. The default is -1 meaning + unlimited. @@ -1410,7 +1424,7 @@ NOTYPE - Number of decimal digits for all bcmath functions. + Number of decimal digits for all bcmath functions. @@ -1429,8 +1443,8 @@ NOTYPE - Name of browser capabilities file. See also - get_browser. + Name of browser capabilities file. See also + get_browser. @@ -1449,9 +1463,9 @@ NOTYPE - ODBC data source to use if none is specified in - odbc_connect or - odbc_pconnect. + ODBC data source to use if none is specified in + odbc_connect or + odbc_pconnect. @@ -1463,9 +1477,9 @@ NOTYPE - User name to use if none is specified in - odbc_connect or - odbc_pconnect. + User name to use if none is specified in + odbc_connect or + odbc_pconnect. @@ -1477,9 +1491,9 @@ NOTYPE - Password to use if none is specified in - odbc_connect or - odbc_pconnect. + Password to use if none is specified in + odbc_connect or + odbc_pconnect. @@ -1491,7 +1505,7 @@ NOTYPE - Whether to allow persistent ODBC connections. + Whether to allow persistent ODBC connections. @@ -1503,7 +1517,7 @@ NOTYPE - The maximum number of persistent ODBC connections per process. + The maximum number of persistent ODBC connections per process. @@ -1515,8 +1529,8 @@ NOTYPE - The maximum number of ODBC connections per process, including - persistent connections. + The maximum number of ODBC connections per process, including + persistent connections. @@ -1536,7 +1550,7 @@ NOTYPE mbstring.internal_encoding defines default - internal character encoding. + internal character encoding. @@ -1549,7 +1563,7 @@ NOTYPE mbstring.http_input defines default - HTTP input character encoding. + HTTP input character encoding. @@ -1562,7 +1576,7 @@ NOTYPE mbstring.http_output defines default - HTTP output character encoding. + HTTP output character encoding. @@ -1575,7 +1589,7 @@ NOTYPE mbstring.detect_order defines default - character encoding detection order. + character encoding detection order. diff --git a/features/file-upload.xml b/features/file-upload.xml index e5886afd8a..562493d125 100644 --- a/features/file-upload.xml +++ b/features/file-upload.xml @@ -35,15 +35,23 @@ Send this file: <INPUT NAME="userfile" TYPE="file"> The _URL_ should point to a PHP file. The MAX_FILE_SIZE hidden field must precede the file input field and its value is the maximum filesize accepted. The value is in bytes. + + + The MAX_FILE_SIZE is advisory to the browser. It is easy to + circumvent this maximum. So don't count on it that the browser + obeys you wish! The PHP-settings for maximum-size, however, + cannot be fooled. + + - In PHP 3, the following variables will be defined within the + In PHP, the following variables will be defined within the destination script upon a successful upload, assuming that register_globals is turned - on in php3.ini. If php.ini. If track_vars is turned on, they will - also be available in PHP 3 within the global array + also be available in PHP within the global array $HTTP_POST_VARS. Note that the following variable names assume the use of the file upload name 'userfile', as used in the example above: @@ -215,9 +223,10 @@ if (is_uploaded_file($userfile)) { Common Pitfalls - The MAX_FILE_SIZE item cannot specify a file size greater than the file - size that has been set in the upload_max_filesize in the PHP 3.ini file - or the corresponding php3_upload_max_filesize Apache .conf directive. + The MAX_FILE_SIZE item cannot specify a file size + greater than the file + size that has been set in the upload_max_filesize ini-setting. The default is 2 Megabytes. @@ -232,7 +241,7 @@ if (is_uploaded_file($userfile)) { - + Uploading multiple files It is possible to upload multiple files simultaneously and have @@ -248,7 +257,7 @@ if (is_uploaded_file($userfile)) { Uploading multiple files - + <form action="file-upload.php" method="post" enctype="multipart/form-data"> Send these files:<br> <input name="userfile[]" type="file"><br> @@ -260,9 +269,9 @@ if (is_uploaded_file($userfile)) { When the above form is submitted, the arrays - $userfile, - $userfile_name, and - $userfile_size will be formed in + $userfile, + $userfile_name, and + $userfile_size will be formed in the global scope (as well as in $HTTP_POST_FILES ($HTTP_POST_VARS in PHP 3)). Each of these will be a numerically indexed array of the appropriate values for the submitted files. @@ -271,19 +280,19 @@ if (is_uploaded_file($userfile)) { For instance, assume that the filenames /home/test/review.html and /home/test/xwp.out are submitted. In this - case, $userfile_name[0] would - contain the value review.html, - and $userfile_name[1] would + case, $userfile_name[0] would + contain the value review.html, + and $userfile_name[1] would contain the value - xwp.out. Similarly, - $userfile_size[0] would contain + xwp.out. Similarly, + $userfile_size[0] would contain review.html's filesize, and so forth. - $userfile['name'][0], - $userfile['tmp_name'][0], - $userfile['size'][0], and - $userfile['type'][0] are also set. + $userfile['name'][0], + $userfile['tmp_name'][0], + $userfile['size'][0], and + $userfile['type'][0] are also set. @@ -313,18 +322,18 @@ PUT /path/filename.html HTTP/1.1 a <Virtualhost> block. A line like this would do the trick: -Script PUT /put.php3 +Script PUT /put.php This tells Apache to send all PUT requests for URIs that match the - context in which you put this line to the put.php3 script. This - assumes, of course, that you have PHP enabled for the .php3 + context in which you put this line to the put.php script. This + assumes, of course, that you have PHP enabled for the .php extension and PHP is active. - Inside your put.php3 file you would then do something like this: + Inside your put.php file you would then do something like this: diff --git a/features/safe-mode.xml b/features/safe-mode.xml index dad601b237..db3995a4d2 100644 --- a/features/safe-mode.xml +++ b/features/safe-mode.xml @@ -22,10 +22,10 @@ disable_functions = When safe_mode is on, PHP checks to see if the owner of the current script matches the owner of the file to be operated on by a file function. For example: - + -rw-rw-r-- 1 rasmus rasmus 33 Jul 1 19:20 script.php -rw-r--r-- 1 root root 1116 May 26 18:01 /etc/passwd - + Running this script.php <?php @@ -33,10 +33,10 @@ disable_functions = ?> results in this error when safe mode is enabled: - + Warning: SAFE MODE Restriction in effect. The script whose uid is 500 is not allowed to access /etc/passwd owned by uid 0 in /docroot/script.php on line 2 - + If instead of safe_mode, you set an open_basedir directory then all file @@ -49,10 +49,10 @@ php_admin_value open_basedir /docroot If you run the same script.php with this open_basedir setting then this is the result: - + Warning: open_basedir restriction in effect. File is in wrong directory in /docroot/script.php on line 2 - + You can also disable individual functions. If we add this to our php.ini @@ -61,9 +61,10 @@ Warning: open_basedir restriction in effect. File is in wrong directory in disable_functions readfile,system Then we get this output: - -Warning: readfile() has been disabled for security reasons in /docroot/script.php on line 2 - + +Warning: readfile() has been disabled for security reasons in +/docroot/script.php on line 2 +