diff options
Diffstat (limited to 'application/config/config.php')
-rw-r--r-- | application/config/config.php | 144 |
1 files changed, 140 insertions, 4 deletions
diff --git a/application/config/config.php b/application/config/config.php index 1e37856fe..343528363 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -162,7 +162,11 @@ $config['composer_autoload'] = FALSE; | Note: This option is ignored for CLI requests. | */ -$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; +if (php_sapi_name() == "cli") { + $config['permitted_uri_chars'] = ''; +} else { + $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; +} /* |-------------------------------------------------------------------------- @@ -368,11 +372,11 @@ $config['encryption_key'] = ''; | except for 'cookie_prefix' and 'cookie_httponly', which are ignored here. | */ -$config['sess_driver'] = 'files'; +$config['sess_driver'] = 'database'; $config['sess_cookie_name'] = 'ci_session'; $config['sess_samesite'] = 'Lax'; $config['sess_expiration'] = 7200; -$config['sess_save_path'] = NULL; +$config['sess_save_path'] = "ci_sessions"; $config['sess_match_ip'] = FALSE; $config['sess_time_to_update'] = 300; $config['sess_regenerate_destroy'] = FALSE; @@ -414,7 +418,7 @@ $config['cookie_samesite'] = 'Lax'; | 'csrf_regenerate' = Regenerate token on every submission | 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks */ -$config['csrf_protection'] = FALSE; +$config['csrf_protection'] = FALSE; // our controller enables this later $config['csrf_token_name'] = 'csrf_test_name'; $config['csrf_cookie_name'] = 'csrf_cookie_name'; $config['csrf_expire'] = 7200; @@ -473,3 +477,135 @@ $config['time_reference'] = 'local'; | Array: array('10.0.1.200', '192.168.5.0/24') */ $config['proxy_ips'] = ''; + +/* +|-------------------------------------------------------------------------- +| FileBin +|-------------------------------------------------------------------------- + */ + +// This address will be used as the sender for emails (like password recovery mails). +$config['email_from'] = "webmaster@example.invalid"; + +// upload_path should NOT be readable/served by the server, but only by the script +$config['upload_path'] = FCPATH.'data/uploads'; + +// Make sure to adjust PHP's limits (post_max_size, upload_max_filesize) if necessary +$config['upload_max_size'] = 256*1024*1024; // 256MiB + +// Files smaller than this will be highlit, larger ones will simply be downloaded +// even if requested to be highlit. +$config['upload_max_text_size'] = 2*1024*1024; // 2MiB + +// Files older than this will be deleted by the cron job or when accessed. +// 0 disables deletion. +$config['upload_max_age'] = 60*60*24*5; // 5 days + +// Action keys (invitions, password resets) will be deleted after this time by +// the cron job. +$config['actions_max_age'] = 60*60*24*5; // 5 days + +// Files smaller than this won't be deleted (even if they are old enough) +$config['small_upload_size'] = 1024*10; // 10KiB + +// Maximum size for multipaste tarballs. 0 disables the feature +$config['tarball_max_size'] = 1024*1024*50; // 50MiB + +// Multipaste tarballs older than this will be deleted by the cron job +// Changing this is not recommended +$config['tarball_cache_time'] = 60*5; // 5 minutes + +// The maximum number of active invitation keys per account. +$config['max_invitation_keys'] = 3; //3 keys + + +// Possible values: +// - apc: needs the apc module and is only useful on long running php processes +// - file: you will have to clean up the cache directory yourself (./application/cache/) +// example cronjob: +// */15 * * * * find ./application/cache/ -mtime +0.5 -not \( -name .htaccess -or -name index.html \) -delete +// - memcached: config in application/config/memcached.php; you need the memcached module (with the D) +// - dummy: disables caching +// +// It is highly suggested to enable the cache. +$config['cache_backend'] = "dummy"; + + +// For possible drivers look into ./application/libraries/Duser/drivers/ +$config['authentication_driver'] = 'db'; + +// This is only used it the driver is set to ldap +if (extension_loaded("ldap")) { + $config['auth_ldap'] = array( + "host" => 'ldaps://ldap.example.com', + "port" => 636, + "basedn" => "dc=example,dc=com", + "scope" => "one", // possible values: base, one, subtree + "options" => array( + // key/values pairs for ldap_set_option + // http://php.net/manual/en/function.ldap-set-option.php + LDAP_OPT_PROTOCOL_VERSION => 3 + ), + // Please note that php-ldap converts attributes to lowercase + "userid_field" => "uidnumber", // This has to be a unique integer + "username_field" => "uid", // This is the value the user supplies on the login form + // Optional parameters + // "bind_rdn" => "uid=search-user,cn=users,dc=example,dc=com", // This is the user used to authenticate for searches + // "bind_password" => "***", // This is the password for the search user + // You can optionally filter the LDAP users who are allowed to log in using any valid LDAP filter. %s will be replaced + // by the user name. + // "filter" => "(&(uid=%s)(memberOf=cn=FileBinUsers,cn=groups,dc=example,dc=com))", + ); +} + +// This is only used if the driver is set to fluxbb +$config['auth_fluxbb'] = array( + 'database' => 'fluxbb' +); + +// This is only used if the driver is set to db. Changes to these settings will be +// applied when users sucessfully log in with their password. +// For information about these values refer to https://secure.php.net/manual/en/function.password-hash.php +$config['auth_db'] = array( + 'hashing_options' => array( + 'cost' => 10, + ), + 'hashing_algorithm' => PASSWORD_DEFAULT, +); + + +// Possible values: production, development +// "development" enables features like profiling and display of SQL queries. +$config['environment'] = "production"; + + +// This sets the download implementation. Possible values are php, nginx and lighttpd. +// The nginx and lighttpd drivers make use of the server's sendfile feature. +// +// The lighttpd driver requires the following directive to be set in your fastcgi.server configuration: +// "allow-x-send-file" => "enable" +// See http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModFastCGI#X-Sendfile +// +// When using the nginx download driver you need to define an internal location +// from which nginx will serve your uploads: +// location ^~ /protected-uploads/ { +// internal; +// alias <upload_path>/; +// } +// See http://wiki.nginx.org/X-accel +$config['download_driver'] = 'php'; + +$config['download_nginx_location'] = '/protected-uploads'; + +if (file_exists(APPPATH.'config/config-local.php')) { + include APPPATH.'config/config-local.php'; +} + +if (getenv("ENVIRONMENT") === "testsuite" && isset($_SERVER['SERVER_PORT'])) { + $config['base_url'] = 'http://127.0.0.1:'.$_SERVER['SERVER_PORT'].'/'; +} + +if (getenv("ENVIRONMENT") === "testsuite") { + $config['upload_path'] = FCPATH.'testsuite-tmp'; + $config['auth_db']['hashing_options']['cost'] = 5; +} |