From f79db1baf158d1a68ce29e756c83d37e038075d9 Mon Sep 17 00:00:00 2001
From: Damien Seguy <dams@php.net>
Date: Mon, 25 Jun 2001 13:39:59 +0000
Subject: [PATCH] Adding some details about putenv and safe mode (from
 php.ini).

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@50181 c90b9560-bf6c-de11-be94-00142212c4b1
---
 functions/info.xml | 47 +++++++++++++++++++++++++++++++---------------
 1 file changed, 32 insertions(+), 15 deletions(-)

diff --git a/functions/info.xml b/functions/info.xml
index 1172ae7ab9..8f53a526ee 100644
--- a/functions/info.xml
+++ b/functions/info.xml
@@ -31,7 +31,7 @@
     <para>
      Assertion should be used as a debugging feature only. You may
      use them for sanity-checks that test for conditions that should
-     always be TRUE and that indicate some programming errors if not
+     always be <literal>TRUE</literal> and that indicate some programming errors if not
      or to check for the presence of certain features like extension
      functions or certain system limits and features.
     </para>
@@ -139,7 +139,7 @@
      </funcprototype>
     </funcsynopsis>
     <simpara>
-     Returns TRUE if the extension identified by
+     Returns <literal>TRUE</literal> if the extension identified by
      <parameter>name</parameter> is loaded. You can see the names of
      various extensions by using <function>phpinfo</function>.
     </simpara>
@@ -191,8 +191,7 @@
     </funcsynopsis>
     <para>
      Returns the value of the environment variable
-     <parameter>varname</parameter>, or FALSE on an error.
-
+     <parameter>varname</parameter>, or <literal>FALSE</literal> on an error.
      <informalexample>
       <programlisting>
 $ip = getenv ("REMOTE_ADDR"); // get the ip number of the user 
@@ -203,9 +202,8 @@ $ip = getenv ("REMOTE_ADDR"); // get the ip number of the user
      You can see a list of all the environmental variables by using
      <function>phpinfo</function>. You can find out what many of them
      mean by taking a look at the <ulink url="&url.cgispecs;">CGI
-   specification</ulink>, specifically the <ulink
-   url="&url.cgispec;">page on
-   environmental variables</ulink>.
+     specification</ulink>, specifically the <ulink url="&url.cgispec;">page on
+     environmental variables</ulink>.
      <note>
       <para>
        This function does not work in ISAPI mode.
@@ -236,7 +234,7 @@ $ip = getenv ("REMOTE_ADDR"); // get the ip number of the user
     </funcsynopsis>
     <simpara>
      Returns the current value of the PHP configuration variable
-     specified by <parameter>varname</parameter>, or FALSE if an error
+     specified by <parameter>varname</parameter>, or <literal>FALSE</literal> if an error
      occurs.
     </simpara>
     <simpara>
@@ -353,7 +351,7 @@ $ip = getenv ("REMOTE_ADDR"); // get the ip number of the user
     <para>
      Returns the time of the last modification of the current
      page. The value returned is a Unix timestamp, suitable for
-     feeding to <function>date</function>. Returns FALSE on error.
+     feeding to <function>date</function>. Returns <literal>FALSE</literal> on error.
      <example>
       <title>getlastmod() example</title>
       <programlisting role="php">
@@ -386,7 +384,7 @@ echo "Last modified: ".date ("F d Y H:i:s.", getlastmod());
      </funcprototype>
     </funcsynopsis>
     <para>
-     Returns the current script's inode, or FALSE on error.
+     Returns the current script's inode, or <literal>FALSE</literal> on error.
     </para>
     <para>
      See also <function>getmyuid</function>,
@@ -416,7 +414,7 @@ echo "Last modified: ".date ("F d Y H:i:s.", getlastmod());
      </funcprototype>
     </funcsynopsis>
     <para>
-     Returns the current PHP process ID, or FALSE on error.
+     Returns the current PHP process ID, or <literal>FALSE</literal> on error.
     </para>
     <warning>
      <para>
@@ -448,7 +446,7 @@ echo "Last modified: ".date ("F d Y H:i:s.", getlastmod());
      </funcprototype>
     </funcsynopsis>
     <simpara>
-     Returns the user ID of the current script, or FALSE on error.
+     Returns the user ID of the current script, or <literal>FALSE</literal> on error.
     </simpara>
     <simpara>
      See also <function>getmypid</function>,
@@ -1265,8 +1263,26 @@ if (substr(php_uname(), 0, 7) == "Windows") {
     </funcsynopsis>
     <para>
      Adds <parameter>setting</parameter> to the server environment.  The
-environment variable will only exist for the duration of the current request.
-At the end of the request the environment is restored to its original state.
+     environment variable will only exist for the duration of the current 
+     request. At the end of the request the environment is restored to 
+     its original state.
+    </para>
+    <para>
+     Setting certain environment variables may be a potential security breach.
+     The <literal>safe_mode_allowed_env_vars</literal> directive contains a 
+     comma-delimited list of prefixes. In Safe Mode, the user may only 
+     alter environment variables whose names begin with the prefixes 
+     supplied by this directive. By default, users will only be able 
+     to set environment variables that begin with <literal>PHP_</literal> 
+     (e.g. <literal>PHP_FOO=BAR</literal>). Note:  if this directive is empty,
+     PHP will let the user modify ANY environment variable!
+    </para>
+    <para>
+     The <literal>safe_mode_protected_env_vars</literal> directive 
+     contains a comma-delimited list of environment variables, that 
+     the end user won't be able to change using <function>putenv</function>.
+     These variables will be protected even if <literal>safe_mode_allowed_env_vars</literal>
+     is set to allow to change them.
     </para>
     <para>
      <example>
@@ -1425,7 +1441,8 @@ Array
      </informalexample>
     </para>
     <para>
-     See also: <function>get_loaded_extensions</function>.
+     See also
+     <function>get_loaded_extensions</function>.
     </para>
    </refsect1>
   </refentry>