summaryrefslogtreecommitdiffstats
path: root/application/config/config.php
diff options
context:
space:
mode:
authorAndrey Andreev <narf@devilix.net>2014-01-20 14:03:43 +0100
committerAndrey Andreev <narf@devilix.net>2014-01-20 14:03:43 +0100
commitea801ab4ab80042638ffddc6056483a1ec43fa80 (patch)
treef75f30c0df6a8f861ca7df22af09fa3240b0bbd6 /application/config/config.php
parent1c08d557a21ecb0f79cd1a1de4e06817a26e0537 (diff)
parent4d0571666d03511ac5b4a1f2a6882ccb1509a209 (diff)
Merge branch 'develop' into feature/user-guide-cleanup
Diffstat (limited to 'application/config/config.php')
-rw-r--r--application/config/config.php28
1 files changed, 24 insertions, 4 deletions
diff --git a/application/config/config.php b/application/config/config.php
index 0608348c6..ae748defd 100644
--- a/application/config/config.php
+++ b/application/config/config.php
@@ -141,15 +141,18 @@ $config['subclass_prefix'] = 'MY_';
| Allowed URL Characters
|--------------------------------------------------------------------------
|
-| This lets you specify with a regular expression which characters are permitted
-| within your URLs. When someone tries to submit a URL with disallowed
-| characters they will get a warning message.
+| This lets you specify which characters are permitted within your URLs.
+| When someone tries to submit a URL with disallowed characters they will
+| get a warning message.
|
| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_-
|
| Leave blank to allow all characters -- but only if you are insane.
|
+| The configured value is actually a regular expression character group
+| and it will be executed as: ! preg_match('/^[<permitted_uri_chars>]+$/i
+|
| DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
|
*/
@@ -282,7 +285,7 @@ $config['encryption_key'] = '';
| 'sess_driver' = the driver to load: cookie (Classic), native (PHP sessions),
| or your custom driver name
| 'sess_valid_drivers' = additional valid drivers which may be loaded
-| 'sess_cookie_name' = the name you want for the cookie
+| 'sess_cookie_name' = the name you want for the cookie, must contain only [0-9a-z_-] characters
| 'sess_expiration' = the number of SECONDS you want the session to last.
| by default sessions last 7200 seconds (two hours). Set to zero for no expiration.
| 'sess_expire_on_close' = Whether to cause the session to expire automatically
@@ -327,6 +330,20 @@ $config['cookie_httponly'] = FALSE;
/*
|--------------------------------------------------------------------------
+| Standardize newlines
+|--------------------------------------------------------------------------
+|
+| Determines whether to standardize newline characters in input data,
+| meaning to replace \r\n, \r, \n occurences with the PHP_EOL value.
+|
+| This is particularly useful for portability between UNIX-based OSes,
+| (usually \n) and Windows (\r\n).
+|
+*/
+$config['standardize_newlines'] = TRUE;
+
+/*
+|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
@@ -367,6 +384,9 @@ $config['csrf_exclude_uris'] = array();
| Even if it does, however, not all browsers support compression
| so enable only if you are reasonably sure your visitors can handle it.
|
+| Only used if zlib.output_compression is turned off in your php.ini.
+| Please do not use it together with httpd-level output compression.
+|
| VERY IMPORTANT: If you are getting a blank page when compression is enabled it
| means you are prematurely outputting something to your browser. It could
| even be a line of whitespace at the end of one of your scripts. For