summaryrefslogtreecommitdiffstats
path: root/application/config/config.php
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2017-09-09 16:05:22 +0200
committerFlorian Pritz <bluewind@xinu.at>2017-09-09 16:05:22 +0200
commit27639d64d06b62f237bbde253c46cd28fdce8884 (patch)
tree7a2f00cfd44cfcdfe6cb1abc1cfc0675632948c4 /application/config/config.php
parent9c5bfbee5b42ea50a5611c537b8dbf01d7a64f79 (diff)
parent6c7a4266410070d30f8f6bcdf9c9e67f3d6478e3 (diff)
Merge tag '3.1.5' into dev-ci3
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/config/config.php')
-rw-r--r--application/config/config.php310
1 files changed, 236 insertions, 74 deletions
diff --git a/application/config/config.php b/application/config/config.php
index 5ec10e233..1f71d74eb 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -1,4 +1,5 @@
-<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
+<?php
+defined('BASEPATH') OR exit('No direct script access allowed');
/*
|--------------------------------------------------------------------------
@@ -10,11 +11,19 @@
|
| http://example.com/
|
-| If this is not set then CodeIgniter will guess the protocol, domain and
-| path to your installation.
+| WARNING: You MUST set this value!
+|
+| If it is not set, then CodeIgniter will try guess the protocol and path
+| your installation, but due to security concerns the hostname will be set
+| to $_SERVER['SERVER_ADDR'] if available, or localhost otherwise.
+| The auto-detection mechanism exists only for convenience during
+| development and MUST NOT be used in production!
+|
+| If you need to allow multiple domains, remember that this file is still
+| a PHP script and you can easily do that on your own.
|
*/
-$config['base_url'] = '';
+$config['base_url'] = '';
/*
|--------------------------------------------------------------------------
@@ -34,17 +43,16 @@ $config['index_page'] = 'index.php';
|--------------------------------------------------------------------------
|
| This item determines which server global should be used to retrieve the
-| URI string. The default setting of 'AUTO' works for most servers.
+| URI string. The default setting of 'REQUEST_URI' works for most servers.
| If your links do not seem to work, try one of the other delicious flavors:
|
-| 'AUTO' Default - auto detects
-| 'PATH_INFO' Uses the PATH_INFO
-| 'QUERY_STRING' Uses the QUERY_STRING
-| 'REQUEST_URI' Uses the REQUEST_URI
-| 'ORIG_PATH_INFO' Uses the ORIG_PATH_INFO
+| 'REQUEST_URI' Uses $_SERVER['REQUEST_URI']
+| 'QUERY_STRING' Uses $_SERVER['QUERY_STRING']
+| 'PATH_INFO' Uses $_SERVER['PATH_INFO']
|
+| WARNING: If you set this to 'PATH_INFO', URIs will always be URL-decoded!
*/
-$config['uri_protocol'] = 'AUTO';
+$config['uri_protocol'] = 'REQUEST_URI';
/*
|--------------------------------------------------------------------------
@@ -54,9 +62,8 @@ $config['uri_protocol'] = 'AUTO';
| This option allows you to add a suffix to all URLs generated by CodeIgniter.
| For more information please see the user guide:
|
-| http://codeigniter.com/user_guide/general/urls.html
+| https://codeigniter.com/user_guide/general/urls.html
*/
-
$config['url_suffix'] = '';
/*
@@ -79,6 +86,8 @@ $config['language'] = 'english';
| This determines which character set is used by default in various methods
| that require a character set to be provided.
|
+| See http://php.net/htmlspecialchars for a list of supported charsets.
+|
*/
$config['charset'] = 'UTF-8';
@@ -93,7 +102,6 @@ $config['charset'] = 'UTF-8';
*/
$config['enable_hooks'] = FALSE;
-
/*
|--------------------------------------------------------------------------
| Class Extension Prefix
@@ -102,27 +110,51 @@ $config['enable_hooks'] = FALSE;
| This item allows you to set the filename/classname prefix when extending
| native libraries. For more information please see the user guide:
|
-| http://codeigniter.com/user_guide/general/core_classes.html
-| http://codeigniter.com/user_guide/general/creating_libraries.html
+| https://codeigniter.com/user_guide/general/core_classes.html
+| https://codeigniter.com/user_guide/general/creating_libraries.html
|
*/
$config['subclass_prefix'] = 'MY_';
+/*
+|--------------------------------------------------------------------------
+| Composer auto-loading
+|--------------------------------------------------------------------------
+|
+| Enabling this setting will tell CodeIgniter to look for a Composer
+| package auto-loader script in application/vendor/autoload.php.
+|
+| $config['composer_autoload'] = TRUE;
+|
+| Or if you have your vendor/ directory located somewhere else, you
+| can opt to set a specific path as well:
+|
+| $config['composer_autoload'] = '/path/to/vendor/autoload.php';
+|
+| For more information about Composer, please visit http://getcomposer.org/
+|
+| Note: This will NOT disable or override the CodeIgniter-specific
+| autoloading (application/config/autoload.php)
+*/
+$config['composer_autoload'] = FALSE;
/*
|--------------------------------------------------------------------------
| Allowed URL Characters
|--------------------------------------------------------------------------
|
-| This lets you specify with a regular expression which characters are permitted
-| within your URLs. When someone tries to submit a URL with disallowed
-| characters they will get a warning message.
+| This lets you specify which characters are permitted within your URLs.
+| When someone tries to submit a URL with disallowed characters they will
+| get a warning message.
|
| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_-
|
| Leave blank to allow all characters -- but only if you are insane.
|
+| The configured value is actually a regular expression character group
+| and it will be executed as: ! preg_match('/^[<permitted_uri_chars>]+$/i
+|
| DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
|
*/
@@ -132,7 +164,6 @@ if (php_sapi_name() == "cli") {
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';
}
-
/*
|--------------------------------------------------------------------------
| Enable Query Strings
@@ -141,9 +172,6 @@ if (php_sapi_name() == "cli") {
| By default CodeIgniter uses search-engine friendly segment based URLs:
| example.com/who/what/where/
|
-| By default CodeIgniter enables access to the $_GET array. If for some
-| reason you would like to disable it, set 'allow_get_array' to FALSE.
-|
| You can optionally enable standard query string based URLs:
| example.com?who=me&what=something&where=here
|
@@ -158,19 +186,30 @@ if (php_sapi_name() == "cli") {
| use segment based URLs.
|
*/
-$config['allow_get_array'] = TRUE;
$config['enable_query_strings'] = FALSE;
-$config['controller_trigger'] = 'c';
-$config['function_trigger'] = 'm';
-$config['directory_trigger'] = 'd'; // experimental not currently in use
+$config['controller_trigger'] = 'c';
+$config['function_trigger'] = 'm';
+$config['directory_trigger'] = 'd';
+
+/*
+|--------------------------------------------------------------------------
+| Allow $_GET array
+|--------------------------------------------------------------------------
+|
+| By default CodeIgniter enables access to the $_GET array. If for some
+| reason you would like to disable it, set 'allow_get_array' to FALSE.
+|
+| WARNING: This feature is DEPRECATED and currently available only
+| for backwards compatibility purposes!
+|
+*/
+$config['allow_get_array'] = TRUE;
/*
|--------------------------------------------------------------------------
| Error Logging Threshold
|--------------------------------------------------------------------------
|
-| If you have enabled error logging, you can set an error threshold to
-| determine what gets logged. Threshold options are:
| You can enable error logging by setting a threshold over zero. The
| threshold determines what gets logged. Threshold options are:
|
@@ -180,6 +219,10 @@ $config['directory_trigger'] = 'd'; // experimental not currently in use
| 3 = Informational Messages
| 4 = All Messages
|
+| You can also pass an array with threshold levels to show individual error types
+|
+| array(2) = Debug Messages, without Error Messages
+|
| For a live site you'll usually only enable Errors (1) to be logged otherwise
| your log files will fill up very fast.
|
@@ -192,13 +235,39 @@ $config['log_threshold'] = 0;
|--------------------------------------------------------------------------
|
| Leave this BLANK unless you would like to set something other than the default
-| application/logs/ folder. Use a full server path with trailing slash.
+| application/logs/ directory. Use a full server path with trailing slash.
|
*/
$config['log_path'] = '';
/*
|--------------------------------------------------------------------------
+| Log File Extension
+|--------------------------------------------------------------------------
+|
+| The default filename extension for log files. The default 'php' allows for
+| protecting the log files via basic scripting, when they are to be stored
+| under a publicly accessible directory.
+|
+| Note: Leaving it blank will default to 'php'.
+|
+*/
+$config['log_file_extension'] = '';
+
+/*
+|--------------------------------------------------------------------------
+| Log File Permissions
+|--------------------------------------------------------------------------
+|
+| The file system permissions to be applied on newly created log files.
+|
+| IMPORTANT: This MUST be an integer (no quotes) and you MUST use octal
+| integer notation (i.e. 0700, 0644, etc.)
+*/
+$config['log_file_permissions'] = 0644;
+
+/*
+|--------------------------------------------------------------------------
| Date Format for Logs
|--------------------------------------------------------------------------
|
@@ -210,22 +279,53 @@ $config['log_date_format'] = 'Y-m-d H:i:s';
/*
|--------------------------------------------------------------------------
+| Error Views Directory Path
+|--------------------------------------------------------------------------
+|
+| Leave this BLANK unless you would like to set something other than the default
+| application/views/errors/ directory. Use a full server path with trailing slash.
+|
+*/
+$config['error_views_path'] = '';
+
+/*
+|--------------------------------------------------------------------------
| Cache Directory Path
|--------------------------------------------------------------------------
|
| Leave this BLANK unless you would like to set something other than the default
-| system/cache/ folder. Use a full server path with trailing slash.
+| application/cache/ directory. Use a full server path with trailing slash.
|
*/
$config['cache_path'] = '';
/*
|--------------------------------------------------------------------------
+| Cache Include Query String
+|--------------------------------------------------------------------------
+|
+| Whether to take the URL query string into consideration when generating
+| output cache files. Valid options are:
+|
+| FALSE = Disabled
+| TRUE = Enabled, take all query parameters into account.
+| Please be aware that this may result in numerous cache
+| files generated for the same page over and over again.
+| array('q') = Enabled, but only take into account the specified list
+| of query parameters.
+|
+*/
+$config['cache_query_string'] = FALSE;
+
+/*
+|--------------------------------------------------------------------------
| Encryption Key
|--------------------------------------------------------------------------
|
-| If you use the Encryption class or the Session class you
-| MUST set an encryption key. See the user guide for info.
+| If you use the Encryption class, you must set an encryption key.
+| See the user guide for more info.
+|
+| https://codeigniter.com/user_guide/libraries/encryption.html
|
*/
$config['encryption_key'] = '';
@@ -235,44 +335,94 @@ $config['encryption_key'] = '';
| Session Variables
|--------------------------------------------------------------------------
|
-| 'sess_cookie_name' = the name you want for the cookie
-| 'sess_expiration' = the number of SECONDS you want the session to last.
-| by default sessions last 7200 seconds (two hours). Set to zero for no expiration.
-| 'sess_expire_on_close' = Whether to cause the session to expire automatically
-| when the browser window is closed
-| 'sess_encrypt_cookie' = Whether to encrypt the cookie
-| 'sess_use_database' = Whether to save the session data to a database
-| 'sess_table_name' = The name of the session database table
-| 'sess_match_ip' = Whether to match the user's IP address when reading the session data
-| 'sess_match_useragent' = Whether to match the User Agent when reading the session data
-| 'sess_time_to_update' = how many seconds between CI refreshing Session Information
+| 'sess_driver'
+|
+| The storage driver to use: files, database, redis, memcached
+|
+| 'sess_cookie_name'
+|
+| The session cookie name, must contain only [0-9a-z_-] characters
+|
+| 'sess_expiration'
+|
+| The number of SECONDS you want the session to last.
+| Setting to 0 (zero) means expire when the browser is closed.
+|
+| 'sess_save_path'
+|
+| The location to save sessions to, driver dependent.
+|
+| For the 'files' driver, it's a path to a writable directory.
+| WARNING: Only absolute paths are supported!
+|
+| For the 'database' driver, it's a table name.
+| Please read up the manual for the format with other session drivers.
+|
+| IMPORTANT: You are REQUIRED to set a valid save path!
+|
+| 'sess_match_ip'
+|
+| Whether to match the user's IP address when reading the session data.
+|
+| WARNING: If you're using the database driver, don't forget to update
+| your session table's PRIMARY KEY when changing this setting.
+|
+| 'sess_time_to_update'
+|
+| How many seconds between CI regenerating the session ID.
+|
+| 'sess_regenerate_destroy'
+|
+| Whether to destroy session data associated with the old session ID
+| when auto-regenerating the session ID. When set to FALSE, the data
+| will be later deleted by the garbage collector.
+|
+| Other session cookie settings are shared with the rest of the application,
+| except for 'cookie_prefix' and 'cookie_httponly', which are ignored here.
|
*/
-$config['sess_cookie_name'] = 'ci_session';
-$config['sess_expiration'] = 7200;
-$config['sess_expire_on_close'] = FALSE;
-$config['sess_encrypt_cookie'] = FALSE;
-$config['sess_use_database'] = true;
-$config['sess_table_name'] = 'ci_sessions';
-$config['sess_match_ip'] = FALSE;
-$config['sess_match_useragent'] = TRUE;
-$config['sess_time_to_update'] = 300;
+$config['sess_driver'] = 'database';
+$config['sess_cookie_name'] = 'ci_session';
+$config['sess_expiration'] = 7200;
+$config['sess_save_path'] = NULL;
+$config['sess_match_ip'] = FALSE;
+$config['sess_time_to_update'] = 300;
+$config['sess_regenerate_destroy'] = FALSE;
/*
|--------------------------------------------------------------------------
| Cookie Related Variables
|--------------------------------------------------------------------------
|
-| 'cookie_prefix' = Set a prefix if you need to avoid collisions
-| 'cookie_domain' = Set to .your-domain.com for site-wide cookies
-| 'cookie_path' = Typically will be a forward slash
-| 'cookie_secure' = Cookies will only be set if a secure HTTPS connection exists.
+| 'cookie_prefix' = Set a cookie name prefix if you need to avoid collisions
+| 'cookie_domain' = Set to .your-domain.com for site-wide cookies
+| 'cookie_path' = Typically will be a forward slash
+| 'cookie_secure' = Cookie will only be set if a secure HTTPS connection exists.
+| 'cookie_httponly' = Cookie will only be accessible via HTTP(S) (no javascript)
+|
+| Note: These settings (with the exception of 'cookie_prefix' and
+| 'cookie_httponly') will also affect sessions.
|
*/
-$config['cookie_prefix'] = "";
-$config['cookie_domain'] = "";
-$config['cookie_path'] = "/";
+$config['cookie_prefix'] = '';
+$config['cookie_domain'] = '';
+$config['cookie_path'] = '/';
$config['cookie_secure'] = FALSE;
+$config['cookie_httponly'] = FALSE;
+
+/*
+|--------------------------------------------------------------------------
+| Standardize newlines
+|--------------------------------------------------------------------------
+|
+| Determines whether to standardize newline characters in input data,
+| meaning to replace \r\n, \r, \n occurrences with the PHP_EOL value.
+|
+| WARNING: This feature is DEPRECATED and currently available only
+| for backwards compatibility purposes!
+|
+*/
+$config['standardize_newlines'] = FALSE;
/*
|--------------------------------------------------------------------------
@@ -282,6 +432,9 @@ $config['cookie_secure'] = FALSE;
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
+| WARNING: This feature is DEPRECATED and currently available only
+| for backwards compatibility purposes!
+|
*/
$config['global_xss_filtering'] = FALSE;
@@ -296,11 +449,15 @@ $config['global_xss_filtering'] = FALSE;
| 'csrf_token_name' = The token name
| 'csrf_cookie_name' = The cookie name
| 'csrf_expire' = The number in seconds the token should expire.
+| 'csrf_regenerate' = Regenerate token on every submission
+| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks
*/
$config['csrf_protection'] = FALSE; // our controller enables this later
$config['csrf_token_name'] = 'csrf_test_name';
$config['csrf_cookie_name'] = 'csrf_cookie_name';
$config['csrf_expire'] = 7200;
+$config['csrf_regenerate'] = TRUE;
+$config['csrf_exclude_uris'] = array();
/*
|--------------------------------------------------------------------------
@@ -312,6 +469,9 @@ $config['csrf_expire'] = 7200;
| Even if it does, however, not all browsers support compression
| so enable only if you are reasonably sure your visitors can handle it.
|
+| Only used if zlib.output_compression is turned off in your php.ini.
+| Please do not use it together with httpd-level output compression.
+|
| VERY IMPORTANT: If you are getting a blank page when compression is enabled it
| means you are prematurely outputting something to your browser. It could
| even be a line of whitespace at the end of one of your scripts. For
@@ -326,15 +486,14 @@ $config['compress_output'] = FALSE;
| Master Time Reference
|--------------------------------------------------------------------------
|
-| Options are 'local' or 'gmt'. This pref tells the system whether to use
-| your server's local time as the master 'now' reference, or convert it to
-| GMT. See the 'date helper' page of the user guide for information
-| regarding date handling.
+| Options are 'local' or any PHP supported timezone. This preference tells
+| the system whether to use your server's local time as the master 'now'
+| reference, or convert it to the configured one timezone. See the 'date
+| helper' page of the user guide for information regarding date handling.
|
*/
$config['time_reference'] = 'local';
-
/*
|--------------------------------------------------------------------------
| Rewrite PHP Short Tags
@@ -344,20 +503,26 @@ $config['time_reference'] = 'local';
| can rewrite the tags on-the-fly, enabling you to utilize that syntax
| in your view files. Options are TRUE or FALSE (boolean)
|
+| Note: You need to have eval() enabled for this to work.
+|
*/
$config['rewrite_short_tags'] = FALSE;
-
/*
|--------------------------------------------------------------------------
| Reverse Proxy IPs
|--------------------------------------------------------------------------
|
-| If your server is behind a reverse proxy, you must whitelist the proxy IP
-| addresses from which CodeIgniter should trust the HTTP_X_FORWARDED_FOR
-| header in order to properly identify the visitor's IP address.
-| Comma-delimited, e.g. '10.0.1.200,10.0.1.201'
+| If your server is behind a reverse proxy, you must whitelist the proxy
+| IP addresses from which CodeIgniter should trust headers such as
+| HTTP_X_FORWARDED_FOR and HTTP_CLIENT_IP in order to properly identify
+| the visitor's IP address.
|
+| You can use both an array or a comma-separated list of proxy addresses,
+| as well as specifying whole subnets. Here are a few examples:
+|
+| Comma-separated: '10.0.1.200,192.168.5.0/24'
+| Array: array('10.0.1.200', '192.168.5.0/24')
*/
$config['proxy_ips'] = '';
@@ -476,7 +641,4 @@ $config['download_nginx_location'] = '/protected-uploads';
if (file_exists(APPPATH.'config/config-local.php')) {
include APPPATH.'config/config-local.php';
-}
-
-/* End of file config.php */
-/* Location: ./application/config/config.php */
+} \ No newline at end of file