diff options
author | Andrey Andreev <narf@devilix.net> | 2014-01-20 14:03:43 +0100 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2014-01-20 14:03:43 +0100 |
commit | ea801ab4ab80042638ffddc6056483a1ec43fa80 (patch) | |
tree | f75f30c0df6a8f861ca7df22af09fa3240b0bbd6 /application/config/config.php | |
parent | 1c08d557a21ecb0f79cd1a1de4e06817a26e0537 (diff) | |
parent | 4d0571666d03511ac5b4a1f2a6882ccb1509a209 (diff) |
Merge branch 'develop' into feature/user-guide-cleanup
Diffstat (limited to 'application/config/config.php')
-rw-r--r-- | application/config/config.php | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/application/config/config.php b/application/config/config.php index 0608348c6..ae748defd 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -141,15 +141,18 @@ $config['subclass_prefix'] = 'MY_'; | Allowed URL Characters |-------------------------------------------------------------------------- | -| This lets you specify with a regular expression which characters are permitted -| within your URLs. When someone tries to submit a URL with disallowed -| characters they will get a warning message. +| This lets you specify which characters are permitted within your URLs. +| When someone tries to submit a URL with disallowed characters they will +| get a warning message. | | As a security measure you are STRONGLY encouraged to restrict URLs to | as few characters as possible. By default only these are allowed: a-z 0-9~%.:_- | | Leave blank to allow all characters -- but only if you are insane. | +| The configured value is actually a regular expression character group +| and it will be executed as: ! preg_match('/^[<permitted_uri_chars>]+$/i +| | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!! | */ @@ -282,7 +285,7 @@ $config['encryption_key'] = ''; | 'sess_driver' = the driver to load: cookie (Classic), native (PHP sessions), | or your custom driver name | 'sess_valid_drivers' = additional valid drivers which may be loaded -| 'sess_cookie_name' = the name you want for the cookie +| 'sess_cookie_name' = the name you want for the cookie, must contain only [0-9a-z_-] characters | 'sess_expiration' = the number of SECONDS you want the session to last. | by default sessions last 7200 seconds (two hours). Set to zero for no expiration. | 'sess_expire_on_close' = Whether to cause the session to expire automatically @@ -327,6 +330,20 @@ $config['cookie_httponly'] = FALSE; /* |-------------------------------------------------------------------------- +| Standardize newlines +|-------------------------------------------------------------------------- +| +| Determines whether to standardize newline characters in input data, +| meaning to replace \r\n, \r, \n occurences with the PHP_EOL value. +| +| This is particularly useful for portability between UNIX-based OSes, +| (usually \n) and Windows (\r\n). +| +*/ +$config['standardize_newlines'] = TRUE; + +/* +|-------------------------------------------------------------------------- | Global XSS Filtering |-------------------------------------------------------------------------- | @@ -367,6 +384,9 @@ $config['csrf_exclude_uris'] = array(); | Even if it does, however, not all browsers support compression | so enable only if you are reasonably sure your visitors can handle it. | +| Only used if zlib.output_compression is turned off in your php.ini. +| Please do not use it together with httpd-level output compression. +| | VERY IMPORTANT: If you are getting a blank page when compression is enabled it | means you are prematurely outputting something to your browser. It could | even be a line of whitespace at the end of one of your scripts. For |