From 65d603e03d3befd6e4f13361c78ab454ea57ba70 Mon Sep 17 00:00:00 2001 From: Dan Horrigan Date: Wed, 15 Dec 2010 08:38:30 -0500 Subject: Added full Query String and $_GET array support. This is enabled by default. Added a seperate config option to enable/disable the $_GET array. --- application/config/config.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'application/config/config.php') diff --git a/application/config/config.php b/application/config/config.php index 2a084ac22..477d7bfc4 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -134,6 +134,9 @@ $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; | By default CodeIgniter uses search-engine friendly segment based URLs: | example.com/who/what/where/ | +| By default CodeIgniter enables access to the $_GET array. If for some +| reason you would like to disable it, set 'allow_get_array' to FALSE. +| | You can optionally enable standard query string based URLs: | example.com?who=me&what=something&where=here | @@ -148,6 +151,7 @@ $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; | use segment based URLs. | */ +$config['allow_get_array'] = TRUE; $config['enable_query_strings'] = FALSE; $config['controller_trigger'] = 'c'; $config['function_trigger'] = 'm'; -- cgit v1.2.3-24-g4f1b From 4df8b2276bbcc7f025a41b0d09f2f8cd7927b51a Mon Sep 17 00:00:00 2001 From: Phil Sturgeon Date: Wed, 15 Dec 2010 14:23:14 +0000 Subject: ['base_url'] is now empty by default and will guess what it should be. --- application/config/config.php | 37 ++++++++++++++++++++----------------- 1 file changed, 20 insertions(+), 17 deletions(-) (limited to 'application/config/config.php') diff --git a/application/config/config.php b/application/config/config.php index 2a084ac22..251f1aa3f 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -10,8 +10,11 @@ | | http://example.com/ | +| If this is not set then CodeIgniter will guess the protocol, domain and +| path to your installation. +| */ -$config['base_url'] = "http://example.com/"; +$config['base_url'] = ''; /* |-------------------------------------------------------------------------- @@ -23,7 +26,7 @@ $config['base_url'] = "http://example.com/"; | variable so that it is blank. | */ -$config['index_page'] = "index.php"; +$config['index_page'] = 'index.php'; /* |-------------------------------------------------------------------------- @@ -31,7 +34,7 @@ $config['index_page'] = "index.php"; |-------------------------------------------------------------------------- | | This item determines which server global should be used to retrieve the -| URI string. The default setting of "AUTO" works for most servers. +| URI string. The default setting of 'AUTO' works for most servers. | If your links do not seem to work, try one of the other delicious flavors: | | 'AUTO' Default - auto detects @@ -41,7 +44,7 @@ $config['index_page'] = "index.php"; | 'ORIG_PATH_INFO' Uses the ORIG_PATH_INFO | */ -$config['uri_protocol'] = "AUTO"; +$config['uri_protocol'] = 'AUTO'; /* |-------------------------------------------------------------------------- @@ -54,7 +57,7 @@ $config['uri_protocol'] = "AUTO"; | http://codeigniter.com/user_guide/general/urls.html */ -$config['url_suffix'] = ""; +$config['url_suffix'] = ''; /* |-------------------------------------------------------------------------- @@ -66,7 +69,7 @@ $config['url_suffix'] = ""; | than english. | */ -$config['language'] = "english"; +$config['language'] = 'english'; /* |-------------------------------------------------------------------------- @@ -77,14 +80,14 @@ $config['language'] = "english"; | that require a character set to be provided. | */ -$config['charset'] = "UTF-8"; +$config['charset'] = 'UTF-8'; /* |-------------------------------------------------------------------------- | Enable/Disable System Hooks |-------------------------------------------------------------------------- | -| If you would like to use the "hooks" feature you must enable it by +| If you would like to use the 'hooks' feature you must enable it by | setting this variable to TRUE (boolean). See the user guide for details. | */ @@ -139,7 +142,7 @@ $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-'; | | Options are: TRUE or FALSE (boolean) | -| The other items let you set the query string "words" that will +| The other items let you set the query string 'words' that will | invoke your controllers and its functions: | example.com/index.php?c=controller&m=function | @@ -217,7 +220,7 @@ $config['cache_path'] = ''; | MUST set an encryption key. See the user guide for info. | */ -$config['encryption_key'] = ""; +$config['encryption_key'] = ''; /* |-------------------------------------------------------------------------- @@ -257,9 +260,9 @@ $config['sess_time_to_update'] = 300; | 'cookie_path' = Typically will be a forward slash | */ -$config['cookie_prefix'] = ""; -$config['cookie_domain'] = ""; -$config['cookie_path'] = "/"; +$config['cookie_prefix'] = ''; +$config['cookie_domain'] = ''; +$config['cookie_path'] = '/'; /* |-------------------------------------------------------------------------- @@ -297,7 +300,7 @@ $config['csrf_protection'] = FALSE; | means you are prematurely outputting something to your browser. It could | even be a line of whitespace at the end of one of your scripts. For | compression to work, nothing can be sent before the output buffer is called -| by the output class. Do not "echo" any values with compression enabled. +| by the output class. Do not 'echo' any values with compression enabled. | */ $config['compress_output'] = FALSE; @@ -307,9 +310,9 @@ $config['compress_output'] = FALSE; | Master Time Reference |-------------------------------------------------------------------------- | -| Options are "local" or "gmt". This pref tells the system whether to use -| your server's local time as the master "now" reference, or convert it to -| GMT. See the "date helper" page of the user guide for information +| Options are 'local' or 'gmt'. This pref tells the system whether to use +| your server's local time as the master 'now' reference, or convert it to +| GMT. See the 'date helper' page of the user guide for information | regarding date handling. | */ -- cgit v1.2.3-24-g4f1b From 3cf4c4eb3e25459763fef023435e3157178a08f5 Mon Sep 17 00:00:00 2001 From: Eric Barnes Date: Wed, 12 Jan 2011 09:10:08 -0500 Subject: Changed instructions for location of log path. Fixes #305 --- application/config/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'application/config/config.php') diff --git a/application/config/config.php b/application/config/config.php index a844f71ab..5c6cc0aec 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -188,7 +188,7 @@ $config['log_threshold'] = 0; |-------------------------------------------------------------------------- | | Leave this BLANK unless you would like to set something other than the default -| system/logs/ folder. Use a full server path with trailing slash. +| application/logs/ folder. Use a full server path with trailing slash. | */ $config['log_path'] = ''; -- cgit v1.2.3-24-g4f1b From 9805ecce97dbd3f60891c19f27111f75851bd666 Mon Sep 17 00:00:00 2001 From: Eric Barnes Date: Sun, 16 Jan 2011 23:35:16 -0500 Subject: Added access scope to security library and added config options for csrf protection --- application/config/config.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'application/config/config.php') diff --git a/application/config/config.php b/application/config/config.php index 5c6cc0aec..e22199685 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -286,9 +286,15 @@ $config['global_xss_filtering'] = FALSE; | Enables a CSRF cookie token to be set. When set to TRUE, token will be | checked on a submitted form. If you are accepting user data, it is strongly | recommended CSRF protection be enabled. +| +| 'csrf_token_name' = The token name +| 'csrf_cookie_name' = The cookie name +| 'csrf_expire' = The number in seconds the token should expire. */ -$config['csrf_protection'] = FALSE; - +$config['csrf_protection'] = TRUE; +$config['csrf_token_name'] = 'csrf_test_name'; +$config['csrf_cookie_name'] = 'csrf_cookie_name'; +$config['csrf_expire'] = 7200; /* |-------------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 8af74554043be56daa9fb278e60ee79a53be4b76 Mon Sep 17 00:00:00 2001 From: Eric Barnes Date: Sun, 16 Jan 2011 23:36:46 -0500 Subject: Accidentally left csrf to turned on in last commit --- application/config/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'application/config/config.php') diff --git a/application/config/config.php b/application/config/config.php index e22199685..dc029a94b 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -291,7 +291,7 @@ $config['global_xss_filtering'] = FALSE; | 'csrf_cookie_name' = The cookie name | 'csrf_expire' = The number in seconds the token should expire. */ -$config['csrf_protection'] = TRUE; +$config['csrf_protection'] = FALSE; $config['csrf_token_name'] = 'csrf_test_name'; $config['csrf_cookie_name'] = 'csrf_cookie_name'; $config['csrf_expire'] = 7200; -- cgit v1.2.3-24-g4f1b