diff options
Diffstat (limited to 'application/config/config.php')
| -rw-r--r-- | application/config/config.php | 75 |
1 files changed, 21 insertions, 54 deletions
diff --git a/application/config/config.php b/application/config/config.php index a4d883fab..c6e1a7af5 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -11,10 +11,16 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | | http://example.com/ | -| If this is not set then CodeIgniter will try guess the protocol, domain -| and path to your installation. However, you should always configure this -| explicitly and never rely on auto-guessing, especially in production -| environments. +| WARNING: You MUST set this value! +| +| If it is not set, then CodeIgniter will try guess the protocol and path +| your installation, but due to security concerns the hostname will be set +| to $_SERVER['SERVER_ADDR'] if available, or localhost otherwise. +| The auto-detection mechanism exists only for convenience during +| development and MUST NOT be used in production! +| +| If you need to allow multiple domains, remember that this file is still +| a PHP script and you can easily do that on your own. | */ $config['base_url'] = ''; @@ -56,7 +62,9 @@ $config['uri_protocol'] = 'REQUEST_URI'; | This option allows you to add a suffix to all URLs generated by CodeIgniter. | For more information please see the user guide: | -| http://codeigniter.com/user_guide/general/urls.html +| https://codeigniter.com/user_guide/general/urls.html +| +| Note: This option is ignored for CLI requests. */ $config['url_suffix'] = ''; @@ -104,8 +112,8 @@ $config['enable_hooks'] = FALSE; | This item allows you to set the filename/classname prefix when extending | native libraries. For more information please see the user guide: | -| http://codeigniter.com/user_guide/general/core_classes.html -| http://codeigniter.com/user_guide/general/creating_libraries.html +| https://codeigniter.com/user_guide/general/core_classes.html +| https://codeigniter.com/user_guide/general/creating_libraries.html | */ $config['subclass_prefix'] = 'MY_'; @@ -151,6 +159,8 @@ $config['composer_autoload'] = FALSE; | | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!! | +| Note: This option is ignored for CLI requests. +| */ $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; @@ -162,9 +172,6 @@ $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; | By default CodeIgniter uses search-engine friendly segment based URLs: | example.com/who/what/where/ | -| By default CodeIgniter enables access to the $_GET array. If for some -| reason you would like to disable it, set 'allow_get_array' to FALSE. -| | You can optionally enable standard query string based URLs: | example.com?who=me&what=something&where=here | @@ -179,7 +186,6 @@ $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; | use segment based URLs. | */ -$config['allow_get_array'] = TRUE; $config['enable_query_strings'] = FALSE; $config['controller_trigger'] = 'c'; $config['function_trigger'] = 'm'; @@ -305,7 +311,7 @@ $config['cache_query_string'] = FALSE; | If you use the Encryption class, you must set an encryption key. | See the user guide for more info. | -| http://codeigniter.com/user_guide/libraries/encryption.html +| https://codeigniter.com/user_guide/libraries/encryption.html | */ $config['encryption_key'] = ''; @@ -344,6 +350,9 @@ $config['encryption_key'] = ''; | | Whether to match the user's IP address when reading the session data. | +| WARNING: If you're using the database driver, don't forget to update +| your session table's PRIMARY KEY when changing this setting. +| | 'sess_time_to_update' | | How many seconds between CI regenerating the session ID. @@ -389,34 +398,6 @@ $config['cookie_httponly'] = FALSE; /* |-------------------------------------------------------------------------- -| Standardize newlines -|-------------------------------------------------------------------------- -| -| Determines whether to standardize newline characters in input data, -| meaning to replace \r\n, \r, \n occurrences with the PHP_EOL value. -| -| This is particularly useful for portability between UNIX-based OSes, -| (usually \n) and Windows (\r\n). -| -*/ -$config['standardize_newlines'] = FALSE; - -/* -|-------------------------------------------------------------------------- -| Global XSS Filtering -|-------------------------------------------------------------------------- -| -| Determines whether the XSS filter is always active when GET, POST or -| COOKIE data is encountered -| -| WARNING: This feature is DEPRECATED and currently available only -| for backwards compatibility purposes! -| -*/ -$config['global_xss_filtering'] = FALSE; - -/* -|-------------------------------------------------------------------------- | Cross Site Request Forgery |-------------------------------------------------------------------------- | Enables a CSRF cookie token to be set. When set to TRUE, token will be @@ -473,20 +454,6 @@ $config['time_reference'] = 'local'; /* |-------------------------------------------------------------------------- -| Rewrite PHP Short Tags -|-------------------------------------------------------------------------- -| -| If your PHP installation does not have short tag support enabled CI -| can rewrite the tags on-the-fly, enabling you to utilize that syntax -| in your view files. Options are TRUE or FALSE (boolean) -| -| Note: You need to have eval() enabled for this to work. -| -*/ -$config['rewrite_short_tags'] = FALSE; - -/* -|-------------------------------------------------------------------------- | Reverse Proxy IPs |-------------------------------------------------------------------------- | |