mirror of
https://github.com/sigmasternchen/php-doc-en
synced 2025-03-15 08:28:54 +00:00
Remove obsolete PHP 5 related info from ini.core and related pages
This commit is contained in:
parent
0eaef37f83
commit
3e08a8aae6
14 changed files with 71 additions and 1006 deletions
|
@ -36,12 +36,6 @@
|
|||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.asp-tags">asp_tags</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry>Removed in PHP 7.0.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.precision">precision</link></entry>
|
||||
<entry>"14"</entry>
|
||||
|
@ -53,22 +47,9 @@
|
|||
<entry>"-1"</entry>
|
||||
<entry>PHP_INI_ALL</entry>
|
||||
<entry>
|
||||
Before PHP 5.3.6, the default value was 100.
|
||||
Before PHP 7.1.0, the default value was 17.
|
||||
Prior to PHP 7.1.0, the default value was 17.
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.y2k-compliance">y2k_compliance</link></entry>
|
||||
<entry>"1"</entry>
|
||||
<entry>PHP_INI_ALL</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.allow-call-time-pass-reference">allow_call_time_pass_reference</link></entry>
|
||||
<entry>"1"</entry>
|
||||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.disable-functions">disable_functions</link></entry>
|
||||
<entry>""</entry>
|
||||
|
@ -85,7 +66,7 @@
|
|||
<entry><link linkend="ini.exit-on-timeout">exit_on_timeout</link></entry>
|
||||
<entry>""</entry>
|
||||
<entry>PHP_INI_ALL</entry>
|
||||
<entry>Available since PHP 5.3.0.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.expose-php">expose_php</link></entry>
|
||||
|
@ -97,49 +78,43 @@
|
|||
<entry><link linkend="ini.hard-timeout">hard_timeout</link></entry>
|
||||
<entry>"2"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Available since PHP 7.1.0.</entry>
|
||||
<entry>Available as of PHP 7.1.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.zend.exception-ignore-args">zend.exception_ignore_args</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_ALL</entry>
|
||||
<entry>Available since PHP 7.4.0</entry>
|
||||
<entry>Available as of PHP 7.4.0</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.zend.multibyte">zend.multibyte</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_ALL</entry>
|
||||
<entry>Available since PHP 5.4.0</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.zend.script-encoding">zend.script_encoding</link></entry>
|
||||
<entry>NULL</entry>
|
||||
<entry>PHP_INI_ALL</entry>
|
||||
<entry>Available since PHP 5.4.0</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.zend.detect-unicode">zend.detect-unicode</link></entry>
|
||||
<entry><link linkend="ini.zend.detect-unicode">zend.detect_unicode</link></entry>
|
||||
<entry>NULL</entry>
|
||||
<entry>PHP_INI_ALL</entry>
|
||||
<entry>Available since PHP 5.4.0</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.zend.signal-check">zend.signal_check</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Available since PHP 5.4.0</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.zend.assertions">zend.assertions</link></entry>
|
||||
<entry>"1"</entry>
|
||||
<entry>PHP_INI_ALL with restrictions</entry>
|
||||
<entry>Available since PHP 7.0.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>detect_unicode</entry>
|
||||
<entry>"1"</entry>
|
||||
<entry>PHP_INI_ALL</entry>
|
||||
<entry>Available since PHP 5.1.0. Renamed to <link linkend="ini.zend.detect-unicode">zend.detect-unicode</link> from PHP 5.4.0.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
|
@ -167,54 +142,13 @@
|
|||
</para>
|
||||
<note>
|
||||
<para>
|
||||
This directive also affected the shorthand
|
||||
<userinput><?=</userinput> before PHP 5.4.0,
|
||||
which is identical to <userinput><? echo</userinput>. Use of this
|
||||
shortcut required <systemitem role="directive">short_open_tag</systemitem>
|
||||
to be on.
|
||||
Since PHP 5.4.0, <userinput><?=</userinput> is always available.
|
||||
This directive does not affect the shorthand
|
||||
<userinput><?=</userinput>, which is always available.
|
||||
</para>
|
||||
</note>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry xml:id="ini.asp-tags">
|
||||
<term>
|
||||
<parameter>asp_tags</parameter>
|
||||
<type>bool</type>
|
||||
</term>
|
||||
<listitem>
|
||||
<simpara>
|
||||
Enables the use of ASP-like <% %> tags in addition to
|
||||
the usual <?php ?> tags. This includes the
|
||||
variable-value printing shorthand of <%= $value %>. For
|
||||
more information, see <link
|
||||
linkend="language.basic-syntax.phpmode">Escaping from HTML</link>.
|
||||
</simpara>
|
||||
<para>
|
||||
<table>
|
||||
<title>Changelog for <literal>asp_tags</literal></title>
|
||||
<tgroup cols="2">
|
||||
<thead>
|
||||
<row>
|
||||
<entry>&Version;</entry>
|
||||
<entry>&Description;</entry>
|
||||
</row>
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>7.0.0</entry>
|
||||
<entry>
|
||||
Removed from PHP.
|
||||
</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry xml:id="ini.precision">
|
||||
<term>
|
||||
<parameter>precision</parameter>
|
||||
|
@ -243,79 +177,6 @@
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry xml:id="ini.y2k-compliance">
|
||||
<term>
|
||||
<parameter>y2k_compliance</parameter>
|
||||
<type>bool</type>
|
||||
</term>
|
||||
<listitem>
|
||||
<simpara>
|
||||
Enforce year 2000 compliance (will cause problems with non-compliant browsers)
|
||||
</simpara>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
<varlistentry xml:id="ini.allow-call-time-pass-reference">
|
||||
<term>
|
||||
<parameter>allow_call_time_pass_reference</parameter>
|
||||
<type>bool</type>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Whether to warn when arguments are passed by reference at function call time.
|
||||
The encouraged method of specifying which arguments should be passed by
|
||||
reference is in the function declaration. You're encouraged to try and turn
|
||||
this option Off and make sure your scripts work properly with it in order to
|
||||
ensure they will work with future versions of the language (you will receive
|
||||
a warning each time you use this feature).
|
||||
</para>
|
||||
<para>
|
||||
Passing arguments by reference at function call time was deprecated for
|
||||
code-cleanliness reasons. A function can modify its arguments in an
|
||||
undocumented way if it didn't declare that the argument shall be passed by
|
||||
reference. To prevent side-effects it's better to specify which
|
||||
arguments are passed by reference in the function declaration only.
|
||||
</para>
|
||||
<para>
|
||||
See also <link linkend="language.references">References Explained</link>.
|
||||
</para>
|
||||
<para>
|
||||
<table>
|
||||
<title>Changelog for <literal>allow_call_time_pass_reference</literal></title>
|
||||
<tgroup cols="2">
|
||||
<thead>
|
||||
<row>
|
||||
<entry>&Version;</entry>
|
||||
<entry>&Description;</entry>
|
||||
</row>
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>5.4.0</entry>
|
||||
<entry>
|
||||
Removed from PHP.
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>5.3.0</entry>
|
||||
<entry>
|
||||
Emits an <constant>E_DEPRECATED</constant> level error.
|
||||
</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>5.0.0</entry>
|
||||
<entry>
|
||||
Deprecated, and generates an <constant>E_COMPILE_WARNING</constant> level error.
|
||||
</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry xml:id="ini.expose-php">
|
||||
<term>
|
||||
<parameter>expose_php</parameter>
|
||||
|
@ -325,23 +186,6 @@
|
|||
<para>
|
||||
Exposes to the world that PHP is installed on the server, which includes the
|
||||
PHP version within the HTTP header (e.g., X-Powered-By: PHP/5.3.7).
|
||||
Prior to PHP 5.5.0 the PHP logo guids are also exposed, thus appending them
|
||||
to the URL of your PHP script would display the appropriate logo
|
||||
(e.g., <link xlink:href="&url.php;?=PHPE9568F34-D428-11d2-A769-00AA001ACF42">&url.php;?=PHPE9568F34-D428-11d2-A769-00AA001ACF42</link>).
|
||||
This also affected the output of <function>phpinfo</function>, as when disabled, the PHP logo
|
||||
and credits information would not be displayed.
|
||||
</para>
|
||||
<note>
|
||||
<para>
|
||||
Since PHP 5.5.0 these guids and the <function>php_logo_guid</function> function
|
||||
have been removed from PHP and the guids are replaced with data URIs instead.
|
||||
Thus accessing the PHP logo via appending the guid to the URL no longer works.
|
||||
Similarly, turning <parameter>expose_php</parameter> off will not affect
|
||||
seeing the PHP logo in <function>phpinfo</function>.
|
||||
</para>
|
||||
</note>
|
||||
<para>
|
||||
See also <function>php_logo_guid</function> and <function>phpcredits</function>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -537,7 +381,7 @@
|
|||
<entry><link linkend="ini.memory-limit">memory_limit</link></entry>
|
||||
<entry>"128M"</entry>
|
||||
<entry>PHP_INI_ALL</entry>
|
||||
<entry>"8M" before PHP 5.2.0, "16M" in PHP 5.2.0</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
|
@ -560,14 +404,6 @@
|
|||
scripts for eating up all available memory on a server. Note that
|
||||
to have no memory limit, set this directive to <literal>-1</literal>.
|
||||
</para>
|
||||
<para>
|
||||
Prior to PHP 5.2.1, in order to use this directive it had to
|
||||
be enabled at compile time by using
|
||||
<option role="configure">--enable-memory-limit</option> in the
|
||||
configure line. This compile-time flag was also required to define
|
||||
the functions <function>memory_get_usage</function> and
|
||||
<function>memory_get_peak_usage</function> prior to 5.2.1.
|
||||
</para>
|
||||
|
||||
&ini.shorthandbytes;
|
||||
|
||||
|
@ -599,13 +435,13 @@
|
|||
<entry><link linkend="ini.realpath-cache-size">realpath_cache_size</link></entry>
|
||||
<entry>"4M"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Available since PHP 5.1.0. Prior to PHP 7.0.16 and 7.1.2, the default was <literal>"16K"</literal></entry>
|
||||
<entry>Prior to PHP 7.0.16 and 7.1.2, the default was <literal>"16K"</literal></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.realpath-cache-ttl">realpath_cache_ttl</link></entry>
|
||||
<entry>"120"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Available since PHP 5.1.0.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
|
@ -691,25 +527,19 @@
|
|||
<entry><link linkend="ini.variables-order">variables_order</link></entry>
|
||||
<entry>"EGPCS"</entry>
|
||||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry>PHP_INI_ALL in PHP <= 5.0.5.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.request-order">request_order</link></entry>
|
||||
<entry>""</entry>
|
||||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry>Available since PHP 5.3.0</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.auto-globals-jit">auto_globals_jit</link></entry>
|
||||
<entry>"1"</entry>
|
||||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry>Available since PHP 5.0.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.register-globals">register_globals</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.register-argc-argv">register_argc_argv</link></entry>
|
||||
|
@ -717,17 +547,11 @@
|
|||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.register-long-arrays">register_long_arrays</link></entry>
|
||||
<entry>"1"</entry>
|
||||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry>Deprecated in PHP 5.3.0. Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.enable-post-data-reading">enable_post_data_reading</link></entry>
|
||||
<entry>"1"</entry>
|
||||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry>Available since PHP 5.4.0</entry>
|
||||
<entry>Available as of PHP 5.4.0</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.post-max-size">post_max_size</link></entry>
|
||||
|
@ -757,13 +581,25 @@
|
|||
<entry><link linkend="ini.default-charset">default_charset</link></entry>
|
||||
<entry>"UTF-8"</entry>
|
||||
<entry>PHP_INI_ALL</entry>
|
||||
<entry>Defaults to "UTF-8" since PHP >= 5.6.0; empty for PHP < 5.6.0.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.always-populate-raw-post-data">always_populate_raw_post_data</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry>Removed in PHP 7.0.0.</entry>
|
||||
<entry><link linkend="ini.input-encoding">input_encoding</link></entry>
|
||||
<entry>""</entry>
|
||||
<entry>PHP_INI_ALL</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.output-encoding">output_encoding</link></entry>
|
||||
<entry>""</entry>
|
||||
<entry>PHP_INI_ALL</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.internal-encoding">internal_encoding</link></entry>
|
||||
<entry>""</entry>
|
||||
<entry>PHP_INI_ALL</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
|
@ -821,21 +657,6 @@
|
|||
<varname>$_COOKIE</varname>. Setting to "" means no
|
||||
&link.superglobals; will be set.
|
||||
</para>
|
||||
<para>
|
||||
If the deprecated
|
||||
<link linkend="ini.register-globals">register_globals</link>
|
||||
directive is on, then variables_order also
|
||||
configures the order the <literal>ENV</literal>,
|
||||
<literal>GET</literal>, <literal>POST</literal>,
|
||||
<literal>COOKIE</literal> and <literal>SERVER</literal> variables
|
||||
are populated in global scope. So for example if variables_order
|
||||
is set to <literal>"EGPCS"</literal>, register_globals is enabled,
|
||||
and both <varname>$_GET['action']</varname> and
|
||||
<varname>$_POST['action']</varname> are set, then
|
||||
<varname>$action</varname> will contain the value of
|
||||
<varname>$_POST['action']</varname> as <literal>P</literal> comes
|
||||
after <literal>G</literal> in our example directive value.
|
||||
</para>
|
||||
<warning>
|
||||
<para>
|
||||
In both the CGI and FastCGI SAPIs,
|
||||
|
@ -890,15 +711,6 @@
|
|||
variables are not used within a script, having this directive on will
|
||||
result in a performance gain.
|
||||
</para>
|
||||
<para>
|
||||
The PHP directives
|
||||
<link linkend="ini.register-globals">register_globals</link>,
|
||||
<link linkend="ini.register-long-arrays">register_long_arrays</link>,
|
||||
and <link linkend="ini.register-argc-argv">register_argc_argv</link>
|
||||
must be disabled for this directive to have any affect. Since PHP
|
||||
5.1.3 it is not necessary to have <link
|
||||
linkend="ini.register-argc-argv">register_argc_argv</link> disabled.
|
||||
</para>
|
||||
<warning>
|
||||
<para>
|
||||
Usage of SERVER, REQUEST, and ENV variables is checked during the compile time
|
||||
|
@ -910,43 +722,6 @@
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry xml:id="ini.register-globals">
|
||||
<term>
|
||||
<parameter>register_globals</parameter>
|
||||
<type>bool</type>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Whether or not to register the EGPCS (Environment, GET,
|
||||
POST, Cookie, Server) variables as global variables.
|
||||
</para>
|
||||
<para>
|
||||
As of <link xlink:href="&url.php.release4.2.0;">PHP 4.2.0</link>,
|
||||
this directive defaults to <emphasis>off</emphasis>.
|
||||
</para>
|
||||
<para>
|
||||
Please read the security chapter on
|
||||
<link linkend="security.globals">Using register_globals</link>
|
||||
for related information.
|
||||
</para>
|
||||
<para>
|
||||
Please note that <systemitem role="directive">register_globals</systemitem>
|
||||
cannot be set at runtime (<function>ini_set</function>). Although, you can
|
||||
use &htaccess; if your host allows it as described
|
||||
above. An example &htaccess; entry:
|
||||
<userinput>php_flag register_globals off</userinput>.
|
||||
</para>
|
||||
<note>
|
||||
<para>
|
||||
<systemitem role="directive">register_globals</systemitem> is affected
|
||||
by the <link linkend="ini.variables-order">variables_order</link>
|
||||
directive.
|
||||
</para>
|
||||
</note>
|
||||
&warn.deprecated.feature-5-3-0.removed-5-4-0;
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry xml:id="ini.register-argc-argv">
|
||||
<term>
|
||||
<parameter>register_argc_argv</parameter>
|
||||
|
@ -963,29 +738,6 @@
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry xml:id="ini.register-long-arrays">
|
||||
<term>
|
||||
<parameter>register_long_arrays</parameter>
|
||||
<type>bool</type>
|
||||
</term>
|
||||
<listitem>
|
||||
<simpara>
|
||||
Tells PHP whether or not to register the deprecated long
|
||||
<varname>$HTTP_*_VARS</varname> type
|
||||
<link linkend="language.variables.predefined">predefined
|
||||
variables</link>. When On (default), long predefined PHP
|
||||
variables like <varname>$HTTP_GET_VARS</varname> will be defined.
|
||||
If you're not using them, it's recommended to turn them off,
|
||||
for performance reasons. Instead, use the superglobal arrays,
|
||||
like <varname>$_GET</varname>.
|
||||
</simpara>
|
||||
<simpara>
|
||||
This directive became available in PHP 5.0.0.
|
||||
</simpara>
|
||||
&warn.deprecated.feature-5-3-0.removed-5-4-0;
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry xml:id="ini.enable-post-data-reading">
|
||||
<term>
|
||||
<parameter>enable_post_data_reading</parameter>
|
||||
|
@ -1137,7 +889,7 @@
|
|||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
In PHP 5.6 onwards, "UTF-8" is the default value and its value is used
|
||||
"UTF-8" is the default value and its value is used
|
||||
as the default character encoding for
|
||||
<function>htmlentities</function>,
|
||||
<function>html_entity_decode</function> and
|
||||
|
@ -1175,7 +927,7 @@
|
|||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Available from PHP 5.6.0. This setting is used for multibyte modules
|
||||
This setting is used for multibyte modules
|
||||
such as mbstring and iconv. Default is empty.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -1188,7 +940,7 @@
|
|||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Available from PHP 5.6.0. This setting is used for multibyte modules
|
||||
This setting is used for multibyte modules
|
||||
such as mbstring and iconv. Default is empty.
|
||||
</para>
|
||||
</listitem>
|
||||
|
@ -1201,42 +953,13 @@
|
|||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Available from PHP 5.6.0. This setting is used for multibyte modules
|
||||
This setting is used for multibyte modules
|
||||
such as mbstring and iconv. Default is empty. If empty,
|
||||
<link linkend="ini.default-charset">default_charset</link> is used.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry xml:id="ini.always-populate-raw-post-data">
|
||||
<term>
|
||||
<parameter>always_populate_raw_post_data</parameter>
|
||||
<type>mixed</type>
|
||||
</term>
|
||||
<listitem>
|
||||
&warn.deprecated.feature-5-6-0.removed-7-0-0;
|
||||
<para>
|
||||
If set to &true;, PHP will always populate the
|
||||
<varname>$HTTP_RAW_POST_DATA</varname> containing the raw POST data.
|
||||
Otherwise, the variable is populated only when the MIME type of the
|
||||
data is unrecognised.
|
||||
</para>
|
||||
<para>
|
||||
The preferred method for accessing raw POST data is
|
||||
<link linkend="wrappers.php">php://input</link>, and
|
||||
<varname>$HTTP_RAW_POST_DATA</varname> is deprecated in PHP 5.6.0
|
||||
onwards. Setting <parameter>always_populate_raw_post_data</parameter>
|
||||
to <literal>-1</literal> will opt into the new behaviour that will be
|
||||
implemented in a future version of PHP, in which
|
||||
<varname>$HTTP_RAW_POST_DATA</varname> is never defined.
|
||||
</para>
|
||||
<para>
|
||||
Regardless of the setting, <varname>$HTTP_RAW_POST_DATA</varname> is
|
||||
not available with <literal>enctype="multipart/form-data"</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
</variablelist>
|
||||
</para>
|
||||
<para>
|
||||
|
@ -1272,7 +995,7 @@
|
|||
<entry><link linkend="ini.open-basedir">open_basedir</link></entry>
|
||||
<entry>NULL</entry>
|
||||
<entry>PHP_INI_ALL</entry>
|
||||
<entry>PHP_INI_SYSTEM in PHP < 5.3.0</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.doc-root">doc_root</link></entry>
|
||||
|
@ -1290,13 +1013,13 @@
|
|||
<entry><link linkend="ini.user-ini.cache-ttl">user_ini.cache_ttl</link></entry>
|
||||
<entry>"300"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Available since PHP 5.3.0.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.user-ini.filename">user_ini.filename</link></entry>
|
||||
<entry>".user.ini"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Available since PHP 5.3.0.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.extension-dir">extension_dir</link></entry>
|
||||
|
@ -1316,59 +1039,41 @@
|
|||
<entry>&php.ini; only</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.zend-extension-debug">zend_extension_debug</link></entry>
|
||||
<entry>NULL</entry>
|
||||
<entry>&php.ini; only</entry>
|
||||
<entry>Available before PHP 5.3.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.zend-extension-debug-ts">zend_extension_debug_ts</link></entry>
|
||||
<entry>NULL</entry>
|
||||
<entry>&php.ini; only</entry>
|
||||
<entry>Available before PHP 5.3.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.zend-extension-ts">zend_extension_ts</link></entry>
|
||||
<entry>NULL</entry>
|
||||
<entry>&php.ini; only</entry>
|
||||
<entry>Available before PHP 5.3.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.cgi.check-shebang-line">cgi.check_shebang_line</link></entry>
|
||||
<entry>"1"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Available since PHP 5.2.0.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.cgi.discard-path">cgi.discard_path</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Available since PHP 5.3.0.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.cgi.fix-pathinfo">cgi.fix_pathinfo</link></entry>
|
||||
<entry>"1"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>PHP_INI_ALL prior to PHP 5.2.1.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.cgi.force-redirect">cgi.force_redirect</link></entry>
|
||||
<entry>"1"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>PHP_INI_ALL prior to PHP 5.2.1.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.cgi.nph">cgi.nph</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Available since PHP 5.3.0.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.cgi.redirect-status-env">cgi.redirect_status_env</link></entry>
|
||||
<entry>NULL</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>PHP_INI_ALL prior to PHP 5.2.1.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.cgi.rfc2616-headers">cgi.rfc2616_headers</link></entry>
|
||||
|
@ -1380,13 +1085,13 @@
|
|||
<entry><link linkend="ini.fastcgi.impersonate">fastcgi.impersonate</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>PHP_INI_ALL prior to PHP 5.2.1.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.fastcgi.logging">fastcgi.logging</link></entry>
|
||||
<entry>"1"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>PHP_INI_ALL prior to PHP 5.2.1.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
|
@ -1521,19 +1226,14 @@ include_path = ".:${USER}/pear/php"
|
|||
</para>
|
||||
<para>
|
||||
The restriction specified with <option>open_basedir</option> is a
|
||||
directory name since PHP 5.2.16 and 5.3.4. Previous versions used it
|
||||
as a prefix. This means that "<literal>open_basedir
|
||||
= /dir/incl</literal>" also allowed access to "<literal>/dir/include</literal>" and
|
||||
"<literal>/dir/incls</literal>" if they exist. When you want to restrict access
|
||||
to only the specified directory, end with a slash. For example:
|
||||
<literal>open_basedir = /dir/incl/</literal>
|
||||
directory name, not a prefix.
|
||||
</para>
|
||||
<para>
|
||||
The default is to allow all files to be opened.
|
||||
</para>
|
||||
<note>
|
||||
<para>
|
||||
As of PHP 5.3.0 open_basedir can be tightened at run-time. This means
|
||||
open_basedir can be tightened at run-time. This means
|
||||
that if open_basedir is set to <literal>/www/</literal> in &php.ini;
|
||||
a script can tighten the configuration to
|
||||
<literal>/www/tmp/</literal> at run-time with
|
||||
|
@ -1644,46 +1344,6 @@ include_path = ".:${USER}/pear/php"
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry xml:id="ini.zend-extension-debug">
|
||||
<term>
|
||||
<parameter>zend_extension_debug</parameter>
|
||||
<type>string</type>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Variant of <link linkend="ini.zend-extension">zend_extension</link>
|
||||
for extensions compiled with debug info prior to PHP 5.3.0.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry xml:id="ini.zend-extension-debug-ts">
|
||||
<term>
|
||||
<parameter>zend_extension_debug_ts</parameter>
|
||||
<type>string</type>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Variant of <link linkend="ini.zend-extension">zend_extension</link>
|
||||
for extensions compiled with debug info and thread safety prior to PHP
|
||||
5.3.0.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry xml:id="ini.zend-extension-ts">
|
||||
<term>
|
||||
<parameter>zend_extension_ts</parameter>
|
||||
<type>string</type>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Variant of <link linkend="ini.zend-extension">zend_extension</link>
|
||||
for extensions compiled with thread safety prior to PHP 5.3.0.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry xml:id="ini.cgi.check-shebang-line">
|
||||
<term>
|
||||
<parameter>cgi.check_shebang_line</parameter>
|
||||
|
@ -1881,13 +1541,13 @@ include_path = ".:${USER}/pear/php"
|
|||
<entry><link linkend="ini.max-input-nesting-level">max_input_nesting_level</link></entry>
|
||||
<entry>64</entry>
|
||||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry>Available since PHP 5.3.9.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.max-input-vars">max_input_vars</link></entry>
|
||||
<entry>1000</entry>
|
||||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry>Available since PHP 5.3.9.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.upload-max-filesize">upload_max_filesize</link></entry>
|
||||
|
@ -1899,7 +1559,7 @@ include_path = ".:${USER}/pear/php"
|
|||
<entry><link linkend="ini.max-file-uploads">max_file_uploads</link></entry>
|
||||
<entry>20</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Available since PHP 5.2.12.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
|
@ -1998,7 +1658,7 @@ include_path = ".:${USER}/pear/php"
|
|||
<entry><link linkend="ini.sql.safe-mode">sql.safe_mode</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Removed in PHP 7.2.0</entry>
|
||||
<entry>Removed as of PHP 7.2.0</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
|
@ -2051,7 +1711,7 @@ include_path = ".:${USER}/pear/php"
|
|||
<entry><link linkend="ini.windows-show-crt-warning">windows.show_crt_warning</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_ALL</entry>
|
||||
<entry>Available since PHP 5.4.0.</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
|
@ -2069,8 +1729,7 @@ include_path = ".:${USER}/pear/php"
|
|||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
This directive shows the Windows CRT warnings when enabled. These
|
||||
warnings were displayed by default until PHP 5.4.0.
|
||||
This directive shows the Windows CRT warnings when enabled.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
|
|
@ -24,12 +24,6 @@
|
|||
</row>
|
||||
</thead>
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><link linkend="ini.allow-call-time-pass-reference">allow_call_time_pass_reference</link></entry>
|
||||
<entry>"1"</entry>
|
||||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.allow-url-fopen">allow_url_fopen</link></entry>
|
||||
<entry>"1"</entry>
|
||||
|
@ -42,12 +36,6 @@
|
|||
<entry>PHP_INI_SYSTEM</entry>
|
||||
<entry>Available since PHP 5.2.0. Deprecated as of PHP 7.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.always-populate-raw-post-data">always_populate_raw_post_data</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.arg-separator.input">arg_separator.input</link></entry>
|
||||
<entry>"&"</entry>
|
||||
|
@ -60,12 +48,6 @@
|
|||
<entry>PHP_INI_ALL</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.asp-tags">asp_tags</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry>Removed in PHP 7.0.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.assert.active">assert.active</link></entry>
|
||||
<entry>"1"</entry>
|
||||
|
@ -1871,18 +1853,6 @@
|
|||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.register-globals">register_globals</link></entry>
|
||||
<entry>"0"</entry>
|
||||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry>Deprecated in PHP 5.3.0. Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.register-long-arrays">register_long_arrays</link></entry>
|
||||
<entry>"1"</entry>
|
||||
<entry>PHP_INI_PERDIR</entry>
|
||||
<entry>Deprecated in PHP 5.3.0. Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.report-memleaks">report_memleaks</link></entry>
|
||||
<entry>"1"</entry>
|
||||
|
@ -2249,12 +2219,6 @@
|
|||
<entry>PHP_INI_ALL</entry>
|
||||
<entry>Available since PHP 5.5.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.y2k-compliance">y2k_compliance</link></entry>
|
||||
<entry>"1"</entry>
|
||||
<entry>PHP_INI_ALL</entry>
|
||||
<entry>Removed in PHP 5.4.0.</entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry>yami.response.timeout</entry>
|
||||
<entry>"5"</entry>
|
||||
|
@ -2315,24 +2279,6 @@
|
|||
<entry>&php.ini; only</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.zend-extension-debug">zend_extension_debug</link></entry>
|
||||
<entry>NULL</entry>
|
||||
<entry>&php.ini; only</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.zend-extension-debug-ts">zend_extension_debug_ts</link></entry>
|
||||
<entry>NULL</entry>
|
||||
<entry>&php.ini; only</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.zend-extension-ts">zend_extension_ts</link></entry>
|
||||
<entry>NULL</entry>
|
||||
<entry>&php.ini; only</entry>
|
||||
<entry></entry>
|
||||
</row>
|
||||
<row>
|
||||
<entry><link linkend="ini.zlib.output-compression">zlib.output_compression</link></entry>
|
||||
<entry>"0"</entry>
|
||||
|
|
|
@ -45,10 +45,10 @@ B
|
|||
</sect2>
|
||||
|
||||
<sect2 xml:id="migration56.deprecated.raw-post-data">
|
||||
<title><varname>$HTTP_RAW_POST_DATA</varname> and <link linkend="ini.always-populate-raw-post-data">always_populate_raw_post_data</link></title>
|
||||
<title><varname>$HTTP_RAW_POST_DATA</varname> and <literal>always_populate_raw_post_data</literal></title>
|
||||
|
||||
<para>
|
||||
<link linkend="ini.always-populate-raw-post-data">always_populate_raw_post_data</link>
|
||||
<literal>always_populate_raw_post_data</literal>
|
||||
will now generate an <constant>E_DEPRECATED</constant> error when
|
||||
<varname>$HTTP_RAW_POST_DATA</varname> is populated.
|
||||
New code should use
|
||||
|
@ -57,7 +57,7 @@ B
|
|||
in a future release. You can opt in for the new behaviour (in which
|
||||
<varname>$HTTP_RAW_POST_DATA</varname> is never defined hence no
|
||||
<constant>E_DEPRECATED</constant> error will be generated) by setting
|
||||
<link linkend="ini.always-populate-raw-post-data">always_populate_raw_post_data</link>
|
||||
<literal>always_populate_raw_post_data</literal>
|
||||
to <literal>-1</literal>.
|
||||
</para>
|
||||
</sect2>
|
||||
|
|
|
@ -15,12 +15,12 @@
|
|||
<itemizedlist>
|
||||
<listitem>
|
||||
<simpara>
|
||||
<link linkend="ini.always-populate-raw-post-data"><parameter>always_populate_raw_post_data</parameter></link>
|
||||
<parameter>always_populate_raw_post_data</parameter>
|
||||
</simpara>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<simpara>
|
||||
<link linkend="ini.asp-tags"><parameter>asp_tags</parameter></link>
|
||||
<parameter>asp_tags</parameter>
|
||||
</simpara>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
|
|
@ -483,7 +483,7 @@ Hi Joe. You are 22 years old.
|
|||
External variables are no longer registered in the global scope by
|
||||
default. In other words, as of PHP
|
||||
<link xlink:href="&url.php.release4.2.0;">4.2.0</link> the PHP directive
|
||||
<link linkend="ini.register-globals">register_globals</link> is
|
||||
<literal>register_globals</literal> is
|
||||
<emphasis>off</emphasis> by default in &php.ini;. The preferred
|
||||
method of accessing these values is via the superglobal arrays mentioned
|
||||
above. Older scripts, books, and tutorials may rely on this
|
||||
|
|
119
faq/misc.xml
119
faq/misc.xml
|
@ -75,125 +75,6 @@
|
|||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
<qandaentry xml:id="faq.misc.arguments.references">
|
||||
<question>
|
||||
<para>
|
||||
What does & beside argument mean in function declaration of e.g.
|
||||
<function>asort</function>?
|
||||
</para>
|
||||
</question>
|
||||
<answer>
|
||||
<para>
|
||||
It means that the argument is
|
||||
<link linkend="language.references.pass">passed by reference</link> and
|
||||
the function will likely modify it corresponding to the documentation. You
|
||||
can pass only variables this way and you don't need to pass them with
|
||||
& in function call (it's even
|
||||
<link linkend="ini.allow-call-time-pass-reference">deprecated</link>).
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
<qandaentry xml:id="faq.misc.registerglobals">
|
||||
<question>
|
||||
<para>
|
||||
How do I deal with <literal>register_globals</literal>?
|
||||
</para>
|
||||
</question>
|
||||
<answer>
|
||||
<para>
|
||||
For information about the security implications of
|
||||
<literal>register_globals</literal>, read the security chapter on
|
||||
<link linkend="security.globals">Using register_globals</link>.
|
||||
</para>
|
||||
<para>
|
||||
It's preferred to use
|
||||
<link linkend="language.variables.superglobals">superglobals</link>,
|
||||
rather than relying upon <literal>register_globals</literal> being on.
|
||||
</para>
|
||||
<para>
|
||||
If you are on a shared host with <literal>register_globals</literal> turned
|
||||
off and need to use some legacy applications, which require this option
|
||||
to be turned on, or you are on some hosting server, where this feature
|
||||
is turned on, but you would like to eliminate security risks, you might
|
||||
need to emulate the opposite setting with PHP. It is always a good idea to
|
||||
first ask if it would be possible to change the option somehow in PHP's
|
||||
configuration, but if it is not possible, then you can use these
|
||||
compatibility snippets.
|
||||
</para>
|
||||
<para>
|
||||
<example>
|
||||
<title>Emulating Register Globals</title>
|
||||
<para>
|
||||
This will emulate register_globals On. If you altered your
|
||||
<link linkend="ini.variables-order">variables_order</link> directive,
|
||||
consider changing the <varname>$superglobals</varname> accordingly.
|
||||
</para>
|
||||
<programlisting role="php">
|
||||
<![CDATA[
|
||||
<?php
|
||||
// Emulate register_globals on
|
||||
if (!ini_get('register_globals')) {
|
||||
$superglobals = array($_SERVER, $_ENV,
|
||||
$_FILES, $_COOKIE, $_POST, $_GET);
|
||||
if (isset($_SESSION)) {
|
||||
array_unshift($superglobals, $_SESSION);
|
||||
}
|
||||
foreach ($superglobals as $superglobal) {
|
||||
extract($superglobal, EXTR_SKIP);
|
||||
}
|
||||
}
|
||||
?>
|
||||
]]>
|
||||
</programlisting>
|
||||
<para>
|
||||
This will emulate register_globals Off. Keep in mind, that this code
|
||||
should be called at the very beginning of your script, or after
|
||||
<function>session_start</function> if you use it to start your session.
|
||||
</para>
|
||||
<programlisting role="php">
|
||||
<![CDATA[
|
||||
<?php
|
||||
// Emulate register_globals off
|
||||
function unregister_GLOBALS()
|
||||
{
|
||||
if (!ini_get('register_globals')) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Might want to change this perhaps to a nicer error
|
||||
if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
|
||||
die('GLOBALS overwrite attempt detected');
|
||||
}
|
||||
|
||||
// Variables that shouldn't be unset
|
||||
$noUnset = array('GLOBALS', '_GET',
|
||||
'_POST', '_COOKIE',
|
||||
'_REQUEST', '_SERVER',
|
||||
'_ENV', '_FILES');
|
||||
|
||||
$input = array_merge($_GET, $_POST,
|
||||
$_COOKIE, $_SERVER,
|
||||
$_ENV, $_FILES,
|
||||
isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
|
||||
|
||||
foreach ($input as $k => $v) {
|
||||
if (!in_array($k, $noUnset) && isset($GLOBALS[$k])) {
|
||||
unset($GLOBALS[$k]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
unregister_GLOBALS();
|
||||
|
||||
?>
|
||||
]]>
|
||||
</programlisting>
|
||||
</example>
|
||||
</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
</qandaset>
|
||||
</chapter>
|
||||
|
||||
|
|
|
@ -100,68 +100,6 @@ if (empty($empty)) {
|
|||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
<qandaentry xml:id="faq.register-globals">
|
||||
<question>
|
||||
<para>
|
||||
How does the PHP directive register_globals affect me?
|
||||
</para>
|
||||
</question>
|
||||
<answer>
|
||||
&warn.deprecated.feature-5-3-0.removed-5-4-0;
|
||||
<para>
|
||||
First, an explanation about what this ini setting does. Let's say the
|
||||
following URL is used:
|
||||
<literal>http://example.com/foo.php?animal=cat</literal>
|
||||
and in <filename>foo.php</filename> we might have the following
|
||||
PHP code:
|
||||
</para>
|
||||
<para>
|
||||
<programlisting role="php">
|
||||
<![CDATA[
|
||||
<?php
|
||||
// Using $_GET here is preferred
|
||||
echo $_GET['animal'];
|
||||
|
||||
// For $animal to exist, register_globals must be on
|
||||
// DO NOT DO THIS
|
||||
echo $animal;
|
||||
|
||||
// This applies to all variables, so $_SERVER too
|
||||
echo $_SERVER['PHP_SELF'];
|
||||
|
||||
// Again, for $PHP_SELF to exist, register_globals must be on
|
||||
// DO NOT DO THIS
|
||||
echo $PHP_SELF;
|
||||
?>
|
||||
]]>
|
||||
</programlisting>
|
||||
</para>
|
||||
<para>
|
||||
The code above demonstrates how register_globals creates a lot of
|
||||
variables. For years this type of coding has been frowned upon, and for
|
||||
years it's been disabled by default. So although most web hosts disable
|
||||
register_globals, there are still outdated articles, tutorials, and books
|
||||
that require it to be on. Plan accordingly.
|
||||
</para>
|
||||
<para>
|
||||
See also the following resources for additional information:
|
||||
<simplelist>
|
||||
<member>The <link linkend="ini.register-globals">register_globals</link> directive</member>
|
||||
<member>The <link linkend="security.globals">security chapter about register globals</link></member>
|
||||
<member><link linkend="language.variables.external">Handling external variables</link></member>
|
||||
<member>Use <link linkend="language.variables.superglobals">superglobals</link> instead</member>
|
||||
</simplelist>
|
||||
</para>
|
||||
<note>
|
||||
<para>
|
||||
In the example above, we used an <acronym>URL</acronym> that contained
|
||||
a QUERY_STRING. Passing information like this is done through a GET HTTP
|
||||
Request, so this is why the superglobal <varname>$_GET</varname> was used.
|
||||
</para>
|
||||
</note>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
<qandaentry xml:id="faq.using.wrong-order">
|
||||
<question>
|
||||
<para>
|
||||
|
@ -397,25 +335,9 @@ foreach ($headers as $name => $content) {
|
|||
</question>
|
||||
<answer>
|
||||
<para>
|
||||
It's important to realize that the PHP directive <link
|
||||
linkend="ini.register-globals">register_globals</link> also affects
|
||||
server and environment variables. When register_globals = off (the
|
||||
default is off since PHP 4.2.0), <varname>$DOCUMENT_ROOT</varname>
|
||||
will not exist. Instead, use <varname>$_SERVER['DOCUMENT_ROOT']
|
||||
</varname>. If register_globals = on then the variables
|
||||
<varname>$DOCUMENT_ROOT</varname> and
|
||||
<varname>$GLOBALS['DOCUMENT_ROOT']</varname> will also exist.
|
||||
Use <varname>$_SERVER['DOCUMENT_ROOT']</varname> and
|
||||
<varname>$_SERVER['HTTP_REFERER']</varname> instead.
|
||||
</para>
|
||||
<para>
|
||||
If you're sure register_globals = on and wonder why
|
||||
<varname>$DOCUMENT_ROOT</varname> isn't available inside functions,
|
||||
it's because these are like any other variables and would
|
||||
require <literal>global $DOCUMENT_ROOT</literal> inside the
|
||||
function. See also the manual page on
|
||||
<link linkend="language.variables.scope">variable scope</link>. It's
|
||||
preferred to code with register_globals = off.
|
||||
</para>
|
||||
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
|
|
|
@ -24,13 +24,6 @@
|
|||
cookie, just add <literal>[]</literal> to the cookie name.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
On older PHP systems (5.3 or earlier),
|
||||
<link linkend="ini.register-globals">register_globals</link> may be enabled,
|
||||
which may cause undesirable and insecure operation. If this is enabled, cookies will
|
||||
be registered as global variables.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
For more details, including notes on browser bugs, see the
|
||||
<function>setcookie</function> and <function>setrawcookie</function>
|
||||
|
|
|
@ -435,10 +435,6 @@ foreach ($_FILES["pictures"]["error"] as $key => $error) {
|
|||
<varname>$_FILES['userfile']['name']</varname>, and
|
||||
<varname>$_FILES['userfile']['size']</varname> will be
|
||||
initialized.
|
||||
When
|
||||
<link linkend="ini.register-globals">register_globals</link> is on, globals for uploaded
|
||||
files are also initialized. Each of these will be a numerically
|
||||
indexed array of the appropriate values for the submitted files.
|
||||
</simpara>
|
||||
<simpara>
|
||||
For instance, assume that the filenames
|
||||
|
|
|
@ -101,7 +101,7 @@ to seed the random number generator with <function>srand</function> or
|
|||
|
||||
<!ENTITY note.registerglobals '<note xmlns="http://docbook.org/ns/docbook"><title>register_globals: important
|
||||
note</title><para>As of PHP 4.2.0, the default value for the PHP directive
|
||||
<link linkend="ini.register-globals">register_globals</link> is <emphasis>
|
||||
<literal>register_globals</literal> is <emphasis>
|
||||
off</emphasis>. The PHP community discourages developers from relying on this directive, and encourages the use
|
||||
of other means, such as the &link.superglobals;.</para></note>'>
|
||||
|
||||
|
@ -607,7 +607,7 @@ use.</simpara></note>'>
|
|||
<!ENTITY avail.register-long-arrays 'As of PHP 5.0.0, the long PHP
|
||||
<link xmlns="http://docbook.org/ns/docbook" linkend="language.variables.predefined">predefined variable</link>
|
||||
arrays may be disabled with the
|
||||
<link xmlns="http://docbook.org/ns/docbook" linkend="ini.register-long-arrays">register_long_arrays</link>
|
||||
<literal>register_long_arrays</literal>
|
||||
directive.'>
|
||||
|
||||
<!ENTITY ini.shorthandbytes '<simpara xmlns="http://docbook.org/ns/docbook">When an <type>int</type> is used, the
|
||||
|
|
|
@ -46,8 +46,8 @@
|
|||
preferable to use <filename>php://input</filename> instead of <varname>$HTTP_RAW_POST_DATA</varname> as it does not depend
|
||||
on special &php.ini; directives. Moreover, for those cases where
|
||||
<varname>$HTTP_RAW_POST_DATA</varname> is not populated by default, it is a
|
||||
potentially less memory intensive alternative to activating <link
|
||||
linkend="ini.always-populate-raw-post-data">always_populate_raw_post_data</link>.
|
||||
potentially less memory intensive alternative to activating
|
||||
<literal>always_populate_raw_post_data</literal>.
|
||||
<filename>php://input</filename> is not available with
|
||||
<literal>enctype="multipart/form-data"</literal>.
|
||||
</simpara>
|
||||
|
|
|
@ -1,163 +0,0 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- $Revision$ -->
|
||||
<refentry xmlns="http://docbook.org/ns/docbook" xml:id="function.session-register">
|
||||
<refnamediv>
|
||||
<refname>session_register</refname>
|
||||
<refpurpose>Register one or more global variables with the current session</refpurpose>
|
||||
</refnamediv>
|
||||
|
||||
<refsect1 role="description">
|
||||
&reftitle.description;
|
||||
<methodsynopsis>
|
||||
<type>bool</type><methodname>session_register</methodname>
|
||||
<methodparam><type>mixed</type><parameter>name</parameter></methodparam>
|
||||
<methodparam rep="repeat"><type>mixed</type><parameter>names</parameter></methodparam>
|
||||
</methodsynopsis>
|
||||
<para>
|
||||
<function>session_register</function> accepts a variable number of
|
||||
arguments, any of which can be either a string holding the name of a
|
||||
variable or an array consisting of variable names or other arrays. For
|
||||
each name, <function>session_register</function> registers the global
|
||||
variable with that name in the current session.
|
||||
</para>
|
||||
<para>
|
||||
You can also create a session variable by simply setting the
|
||||
appropriate member of the <varname>$_SESSION</varname> array.
|
||||
<informalexample>
|
||||
<programlisting role="php">
|
||||
<![CDATA[
|
||||
<?php
|
||||
// Use of session_register() is deprecated
|
||||
$barney = "A big purple dinosaur.";
|
||||
session_register("barney");
|
||||
|
||||
// Use of $_SESSION is preferred
|
||||
$_SESSION["zim"] = "An invader from another planet.";
|
||||
?>
|
||||
]]>
|
||||
</programlisting>
|
||||
</informalexample>
|
||||
</para>
|
||||
<para>
|
||||
If <function>session_start</function> was not called before this function
|
||||
is called, an implicit call to <function>session_start</function> with no
|
||||
parameters will be made. <varname>$_SESSION</varname> does not mimic
|
||||
this behavior and requires <function>session_start</function> before use.
|
||||
</para>
|
||||
&warn.deprecated.function-5-3-0.removed-5-4-0;
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="parameters">
|
||||
&reftitle.parameters;
|
||||
<para>
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><parameter>name</parameter></term>
|
||||
<listitem>
|
||||
<para>
|
||||
A string holding the name of a variable or an array consisting of
|
||||
variable names or other arrays.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term><parameter>names</parameter></term>
|
||||
<listitem>
|
||||
<para>
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="returnvalues">
|
||||
&reftitle.returnvalues;
|
||||
<para>
|
||||
&return.success;
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="notes">
|
||||
&reftitle.notes;
|
||||
<caution>
|
||||
<para>
|
||||
If you want your script to work regardless of <link
|
||||
linkend="ini.register-globals">register_globals</link>, you need to
|
||||
instead use the <varname>$_SESSION</varname> array as
|
||||
<varname>$_SESSION</varname> entries are automatically registered. If
|
||||
your script uses <function>session_register</function>, it will not work
|
||||
in environments where the PHP directive <link
|
||||
linkend="ini.register-globals">register_globals</link> is disabled.
|
||||
</para>
|
||||
</caution>
|
||||
¬e.registerglobals;
|
||||
<caution>
|
||||
<para>
|
||||
This registers a <emphasis>global</emphasis> variable. If you want to
|
||||
register a session variable from within a function, you need to make sure
|
||||
to make it global using the <link
|
||||
linkend="language.variables.scope"><command>global</command></link>
|
||||
keyword or the <varname>$GLOBALS[]</varname> array, or use the special
|
||||
session arrays as noted below.
|
||||
</para>
|
||||
</caution>
|
||||
<caution>
|
||||
<para>
|
||||
If you are using <varname>$_SESSION</varname>, do not use
|
||||
<function>session_register</function>,
|
||||
<function>session_is_registered</function>, and
|
||||
<function>session_unregister</function>.
|
||||
</para>
|
||||
</caution>
|
||||
<note>
|
||||
<para>
|
||||
It is currently impossible to register resource variables in a session.
|
||||
For example, you cannot create a connection to a database and store the
|
||||
connection id as a session variable and expect the connection to still be
|
||||
valid the next time the session is restored. PHP functions that return a
|
||||
resource are identified by having a return type of
|
||||
<literal>resource</literal> in their function definition. A list of
|
||||
functions that return resources are available in the <link
|
||||
linkend="resource">resource types</link> appendix.
|
||||
</para>
|
||||
<para>
|
||||
If <varname>$_SESSION</varname> is used, assign values to
|
||||
<varname>$_SESSION</varname>. For example: $_SESSION['var'] = 'ABC';
|
||||
</para>
|
||||
</note>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 role="seealso">
|
||||
&reftitle.seealso;
|
||||
<para>
|
||||
<simplelist>
|
||||
<member><function>session_is_registered</function></member>
|
||||
<member><function>session_unregister</function></member>
|
||||
<member><varname>$_SESSION</varname></member>
|
||||
</simplelist>
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
</refentry>
|
||||
|
||||
<!-- Keep this comment at the end of the file
|
||||
Local variables:
|
||||
mode: sgml
|
||||
sgml-omittag:t
|
||||
sgml-shorttag:t
|
||||
sgml-minimize-attributes:nil
|
||||
sgml-always-quote-attributes:t
|
||||
sgml-indent-step:1
|
||||
sgml-indent-data:t
|
||||
indent-tabs-mode:nil
|
||||
sgml-parent-document:nil
|
||||
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
|
||||
sgml-exposed-tags:nil
|
||||
sgml-local-catalogs:nil
|
||||
sgml-local-ecat-files:nil
|
||||
End:
|
||||
vim600: syn=xml fen fdm=syntax fdl=2 si
|
||||
vim: et tw=78 syn=sgml
|
||||
vi: ts=1 sw=1
|
||||
-->
|
|
@ -1014,14 +1014,6 @@
|
|||
</variablelist>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The
|
||||
<link
|
||||
linkend="ini.register-globals"><literal>register_globals</literal></link>
|
||||
configuration settings influence how the session variables get
|
||||
stored and restored.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
Upload progress will not be registered unless
|
||||
session.upload_progress.enabled is enabled, and the
|
||||
|
|
|
@ -1,161 +0,0 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!-- $Revision$ -->
|
||||
<!-- splitted from ./index.xml, last change in rev 1.66 -->
|
||||
<chapter xml:id="security.globals" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<title>Using Register Globals</title>
|
||||
&warn.deprecated.feature-5-3-0.removed-5-4-0;
|
||||
<para>
|
||||
Perhaps the most controversial change in <acronym>PHP</acronym> is when the default value
|
||||
for the <acronym>PHP</acronym> directive <link linkend="ini.register-globals">
|
||||
register_globals</link> went from ON to OFF in <acronym>PHP</acronym>
|
||||
<link xlink:href="&url.php.release4.2.0;">4.2.0</link>. Reliance on this
|
||||
directive was quite common and many people didn't even know it existed
|
||||
and assumed it's just how <acronym>PHP</acronym> works. This page will explain how one can
|
||||
write insecure code with this directive but keep in mind that the
|
||||
directive itself isn't insecure but rather it's the misuse of it.
|
||||
</para>
|
||||
<para>
|
||||
When on, register_globals will inject your scripts with all
|
||||
sorts of variables, like request variables from <acronym>HTML</acronym> forms. This
|
||||
coupled with the fact that <acronym>PHP</acronym> doesn't require variable initialization
|
||||
means writing insecure code is that much easier. It was a difficult
|
||||
decision, but the <acronym>PHP</acronym> community decided to disable this directive by
|
||||
default. When on, people use variables yet really don't know for sure
|
||||
where they come from and can only assume. Internal variables that are
|
||||
defined in the script itself get mixed up with request data sent by
|
||||
users and disabling register_globals changes this. Let's demonstrate
|
||||
with an example misuse of register_globals:
|
||||
</para>
|
||||
<para>
|
||||
<example>
|
||||
<title>Example misuse with register_globals = on</title>
|
||||
<programlisting role="php">
|
||||
<![CDATA[
|
||||
<?php
|
||||
// define $authorized = true only if user is authenticated
|
||||
if (authenticated_user()) {
|
||||
$authorized = true;
|
||||
}
|
||||
|
||||
// Because we didn't first initialize $authorized as false, this might be
|
||||
// defined through register_globals, like from GET auth.php?authorized=1
|
||||
// So, anyone can be seen as authenticated!
|
||||
if ($authorized) {
|
||||
include "/highly/sensitive/data.php";
|
||||
}
|
||||
?>
|
||||
]]>
|
||||
</programlisting>
|
||||
</example>
|
||||
</para>
|
||||
<para>
|
||||
When register_globals = on, our logic above may be compromised. When
|
||||
off, <varname>$authorized</varname> can't be set via request so it'll
|
||||
be fine, although it really is generally a good programming practice to
|
||||
initialize variables first. For example, in our example above we might
|
||||
have first done <literal>$authorized = false</literal>. Doing this
|
||||
first means our above code would work with register_globals on or off as
|
||||
users by default would be unauthorized.
|
||||
</para>
|
||||
<para>
|
||||
Another example is that of <link linkend="ref.session">sessions</link>.
|
||||
When register_globals = on, we could also use
|
||||
<varname>$username</varname> in our example below but again you must
|
||||
realize that <varname>$username</varname> could also come from other
|
||||
means, such as GET (through the <acronym>URL</acronym>).
|
||||
</para>
|
||||
<para>
|
||||
<example>
|
||||
<title>Example use of sessions with register_globals on or off</title>
|
||||
<programlisting role="php">
|
||||
<![CDATA[
|
||||
<?php
|
||||
// We wouldn't know where $username came from but do know $_SESSION is
|
||||
// for session data
|
||||
if (isset($_SESSION['username'])) {
|
||||
|
||||
echo "Hello <b>{$_SESSION['username']}</b>";
|
||||
|
||||
} else {
|
||||
|
||||
echo "Hello <b>Guest</b><br />";
|
||||
echo "Would you like to login?";
|
||||
|
||||
}
|
||||
?>
|
||||
]]>
|
||||
</programlisting>
|
||||
</example>
|
||||
</para>
|
||||
<para>
|
||||
It's even possible to take preventative measures to warn when forging is
|
||||
being attempted. If you know ahead of time exactly where a variable
|
||||
should be coming from, you can check to see if the submitted data is
|
||||
coming from an inappropriate kind of submission. While it doesn't
|
||||
guarantee that data has not been forged, it does require an attacker to
|
||||
guess the right kind of forging. If you don't care where the request
|
||||
data comes from, you can use <varname>$_REQUEST</varname> as it contains
|
||||
a mix of GET, POST and COOKIE data. See also the manual section on
|
||||
using <link linkend="language.variables.external">variables from external
|
||||
sources</link>.
|
||||
</para>
|
||||
<para>
|
||||
<example>
|
||||
<title>Detecting simple variable poisoning</title>
|
||||
<programlisting role="php">
|
||||
<![CDATA[
|
||||
<?php
|
||||
if (isset($_COOKIE['MAGIC_COOKIE'])) {
|
||||
|
||||
// MAGIC_COOKIE comes from a cookie.
|
||||
// Be sure to validate the cookie data!
|
||||
|
||||
} elseif (isset($_GET['MAGIC_COOKIE']) || isset($_POST['MAGIC_COOKIE'])) {
|
||||
|
||||
mail("admin@example.com", "Possible breakin attempt", $_SERVER['REMOTE_ADDR']);
|
||||
echo "Security violation, admin has been alerted.";
|
||||
exit;
|
||||
|
||||
} else {
|
||||
|
||||
// MAGIC_COOKIE isn't set through this REQUEST
|
||||
|
||||
}
|
||||
?>
|
||||
]]>
|
||||
</programlisting>
|
||||
</example>
|
||||
</para>
|
||||
<para>
|
||||
Of course, simply turning off register_globals does not mean your code
|
||||
is secure. For every piece of data that is submitted, it should also be
|
||||
checked in other ways. Always validate your user data and initialize
|
||||
your variables! To check for uninitialized variables you may turn up
|
||||
<function>error_reporting</function> to show
|
||||
<constant>E_NOTICE</constant> level errors.
|
||||
</para>
|
||||
<para>
|
||||
For information about emulating register_globals being On or Off, see this <link linkend="faq.misc.registerglobals">FAQ</link>.
|
||||
</para>
|
||||
</chapter>
|
||||
|
||||
<!-- Keep this comment at the end of the file
|
||||
Local variables:
|
||||
mode: sgml
|
||||
sgml-omittag:t
|
||||
sgml-shorttag:t
|
||||
sgml-minimize-attributes:nil
|
||||
sgml-always-quote-attributes:t
|
||||
sgml-indent-step:1
|
||||
sgml-indent-data:t
|
||||
indent-tabs-mode:nil
|
||||
sgml-parent-document:nil
|
||||
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
|
||||
sgml-exposed-tags:nil
|
||||
sgml-local-catalogs:nil
|
||||
sgml-local-ecat-files:nil
|
||||
End:
|
||||
vim600: syn=xml fen fdm=syntax fdl=2 si
|
||||
vim: et tw=78 syn=sgml
|
||||
vi: ts=1 sw=1
|
||||
-->
|
Loading…
Reference in a new issue