summaryrefslogtreecommitdiffstats
path: root/application/config/config.php
diff options
context:
space:
mode:
authorBrennan Thompson <brenjt@gmail.com>2014-02-14 20:03:57 +0100
committerBrennan Thompson <brenjt@gmail.com>2014-02-14 20:03:57 +0100
commit6949f95f6e21980f36095490bf38fc8a172dbc0f (patch)
treeb3141f390acd0051396cda6a3da51c1f98384cca /application/config/config.php
parent68a02a01a086bbb1b8128ea2744439de84873d11 (diff)
parent81f036753272391360ba5b64e6dd93c4101a8733 (diff)
Merge remote-tracking branch 'upstream/develop' into develop
Conflicts: system/helpers/form_helper.php
Diffstat (limited to 'application/config/config.php')
-rw-r--r--application/config/config.php33
1 files changed, 27 insertions, 6 deletions
diff --git a/application/config/config.php b/application/config/config.php
index 0608348c6..ae89715c0 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -1,4 +1,4 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php
/**
* CodeIgniter
*
@@ -18,12 +18,13 @@
*
* @package CodeIgniter
* @author EllisLab Dev Team
- * @copyright Copyright (c) 2008 - 2013, EllisLab, Inc. (http://ellislab.com/)
+ * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (http://ellislab.com/)
* @license http://opensource.org/licenses/AFL-3.0 Academic Free License (AFL 3.0)
* @link http://codeigniter.com
* @since Version 1.0
* @filesource
*/
+defined('BASEPATH') OR exit('No direct script access allowed');
/*
|--------------------------------------------------------------------------
@@ -141,15 +142,18 @@ $config['subclass_prefix'] = 'MY_';
| Allowed URL Characters
|--------------------------------------------------------------------------
|
-| This lets you specify with a regular expression which characters are permitted
-| within your URLs. When someone tries to submit a URL with disallowed
-| characters they will get a warning message.
+| This lets you specify which characters are permitted within your URLs.
+| When someone tries to submit a URL with disallowed characters they will
+| get a warning message.
|
| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_-
|
| Leave blank to allow all characters -- but only if you are insane.
|
+| The configured value is actually a regular expression character group
+| and it will be executed as: ! preg_match('/^[<permitted_uri_chars>]+$/i
+|
| DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
|
*/
@@ -282,7 +286,7 @@ $config['encryption_key'] = '';
| 'sess_driver' = the driver to load: cookie (Classic), native (PHP sessions),
| or your custom driver name
| 'sess_valid_drivers' = additional valid drivers which may be loaded
-| 'sess_cookie_name' = the name you want for the cookie
+| 'sess_cookie_name' = the name you want for the cookie, must contain only [0-9a-z_-] characters
| 'sess_expiration' = the number of SECONDS you want the session to last.
| by default sessions last 7200 seconds (two hours). Set to zero for no expiration.
| 'sess_expire_on_close' = Whether to cause the session to expire automatically
@@ -327,6 +331,20 @@ $config['cookie_httponly'] = FALSE;
/*
|--------------------------------------------------------------------------
+| Standardize newlines
+|--------------------------------------------------------------------------
+|
+| Determines whether to standardize newline characters in input data,
+| meaning to replace \r\n, \r, \n occurences with the PHP_EOL value.
+|
+| This is particularly useful for portability between UNIX-based OSes,
+| (usually \n) and Windows (\r\n).
+|
+*/
+$config['standardize_newlines'] = TRUE;
+
+/*
+|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
@@ -367,6 +385,9 @@ $config['csrf_exclude_uris'] = array();
| Even if it does, however, not all browsers support compression
| so enable only if you are reasonably sure your visitors can handle it.
|
+| Only used if zlib.output_compression is turned off in your php.ini.
+| Please do not use it together with httpd-level output compression.
+|
| VERY IMPORTANT: If you are getting a blank page when compression is enabled it
| means you are prematurely outputting something to your browser. It could
| even be a line of whitespace at the end of one of your scripts. For