From 9f540f9e097d21f500736538d653d4bd85f80a2a Mon Sep 17 00:00:00 2001 From: Yasuo Ohgaki Date: Thu, 1 Sep 2016 20:12:12 +0000 Subject: [PATCH] Reorganize ini list. Add use_strict_mode note git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@339972 c90b9560-bf6c-de11-be94-00142212c4b1 --- .../session/functions/session-create-id.xml | 1 + reference/session/ini.xml | 149 +++++++++--------- 2 files changed, 79 insertions(+), 71 deletions(-) diff --git a/reference/session/functions/session-create-id.xml b/reference/session/functions/session-create-id.xml index ea4957d520..a48819f94a 100644 --- a/reference/session/functions/session-create-id.xml +++ b/reference/session/functions/session-create-id.xml @@ -123,6 +123,7 @@ my_session_regenerate_id(); session_regenerate_id session_start + session.use_strict_mode diff --git a/reference/session/ini.xml b/reference/session/ini.xml index 2c3553f0e3..38d63a4620 100644 --- a/reference/session/ini.xml +++ b/reference/session/ini.xml @@ -118,18 +118,6 @@ PHP_INI_ALL - - session.entropy_file - "" - PHP_INI_ALL - Removed in PHP 7.1.0. - - - session.entropy_length - "0" - PHP_INI_ALL - Removed in PHP 7.1.0 - session.cache_limiter "nocache" @@ -160,24 +148,6 @@ PHP_INI_ALL Available since PHP 7.1.0. - - url_rewriter.tags - "a=href,area=href,frame=src,form=" - PHP_INI_ALL - Available since PHP 4.0.4. Since PHP 7.1.0, this INI is no longer used by session. - - - session.bug_compat_42 - "1" - PHP_INI_ALL - Available since PHP 4.3.0. Removed in PHP 5.4.0. - - - session.bug_compat_warn - "1" - PHP_INI_ALL - Available since PHP 4.3.0. Removed in PHP 5.4.0. - session.sid_length "32" @@ -190,6 +160,54 @@ PHP_INI_ALL Available since PHP 7.1.0. + + session.upload_progress.enabled + "1" + PHP_INI_PERDIR + Available since PHP 5.4.0. + + + session.upload_progress.cleanup + "1" + PHP_INI_PERDIR + Available since PHP 5.4.0. + + + session.upload_progress.prefix + "upload_progress_" + PHP_INI_PERDIR + Available since PHP 5.4.0. + + + session.upload_progress.name + "PHP_SESSION_UPLOAD_PROGRESS" + PHP_INI_PERDIR + Available since PHP 5.4.0. + + + session.upload_progress.freq + "1%" + PHP_INI_PERDIR + Available since PHP 5.4.0. + + + session.upload_progress.min_freq + "1" + PHP_INI_PERDIR + Available since PHP 5.4.0. + + + session.lazy_write + "1" + PHP_INI_ALL + Available since PHP 7.0.0. + + + url_rewriter.tags + "a=href,area=href,frame=src,form=" + PHP_INI_ALL + Available since PHP 4.0.4. Since PHP 7.1.0, this INI is no longer used by session. + session.hash_function "0" @@ -203,47 +221,29 @@ Available since PHP 5.0.0. Removed in PHP 7.1.0. - session.upload_progress.enabled - "1" - PHP_INI_PERDIR - Available since PHP 5.4.0. - - - session.upload_progress.cleanup - "1" - PHP_INI_PERDIR - Available since PHP 5.4.0. - - - session.upload_progress.prefix - "upload_progress_" - PHP_INI_PERDIR - Available since PHP 5.4.0. - - - session.upload_progress.name - "PHP_SESSION_UPLOAD_PROGRESS" - PHP_INI_PERDIR - Available since PHP 5.4.0. - - - session.upload_progress.freq - "1%" - PHP_INI_PERDIR - Available since PHP 5.4.0. - - - session.upload_progress.min_freq - "1" - PHP_INI_PERDIR - Available since PHP 5.4.0. - - - session.lazy_write - "1" - PHP_INI_ALL - Available since PHP 7.0.0. - + session.entropy_file + "" + PHP_INI_ALL + Removed in PHP 7.1.0. + + + session.entropy_length + "0" + PHP_INI_ALL + Removed in PHP 7.1.0 + + + session.bug_compat_42 + "1" + PHP_INI_ALL + Available since PHP 4.3.0. Removed in PHP 5.4.0. + + + session.bug_compat_warn + "1" + PHP_INI_ALL + Available since PHP 4.3.0. Removed in PHP 5.4.0. + @@ -540,6 +540,13 @@ with strict mode. Defaults to 0 (disabled). + + + Enabling session.use_strict_mode is mandatory for + general session security. All sites are advised to enable this. See + session_create_id example code for more details. + +