bcit-ci · narfbg · Jan 10, 2012 · Jan 10, 2012 · Jan 10, 2012 · Jan 10, 2012
diff --git a/application/config/config.php b/application/config/config.php
@@ -37,7 +37,6 @@
 |
 | If this is not set then CodeIgniter will guess the protocol, domain and
 | path to your installation.
-|
 */
 $config['base_url']	= '';
 
@@ -49,7 +48,6 @@
 | Typically this will be your index.php file, unless you've renamed it to
 | something else. If you are using mod_rewrite to remove the page set this
 | variable so that it is blank.
-|
 */
 $config['index_page'] = 'index.php';
 
@@ -59,15 +57,14 @@
 |--------------------------------------------------------------------------
 |
 | This item determines which server global should be used to retrieve the
-| URI string.  The default setting of 'AUTO' works for most servers.
+| URI string. The default setting of 'AUTO' works for most servers.
 | If your links do not seem to work, try one of the other delicious flavors:
 |
 | 'AUTO'			Default - auto detects
 | 'PATH_INFO'		Uses the PATH_INFO
 | 'QUERY_STRING'	Uses the QUERY_STRING
 | 'REQUEST_URI'		Uses the REQUEST_URI
 | 'ORIG_PATH_INFO'	Uses the ORIG_PATH_INFO
-|
 */
 $config['uri_protocol']	= 'AUTO';
 
@@ -81,7 +78,6 @@
 |
 | http://codeigniter.com/user_guide/general/urls.html
 */
-
 $config['url_suffix'] = '';
 
 /*
@@ -92,7 +88,6 @@
 | This determines which set of language files should be used. Make sure
 | there is an available translation if you intend to use something other
 | than english.
-|
 */
 $config['language']	= 'english';
 
@@ -105,7 +100,6 @@
 | that require a character set to be provided.
 |
 | See http://php.net/htmlspecialchars for a list of supported charsets.
-|
 */
 $config['charset'] = 'UTF-8';
 
@@ -115,47 +109,41 @@
 |--------------------------------------------------------------------------
 |
 | If you would like to use the 'hooks' feature you must enable it by
-| setting this variable to TRUE (boolean).  See the user guide for details.
-|
+| setting this variable to TRUE (boolean). See the user guide for details.
 */
 $config['enable_hooks'] = FALSE;
 
-
 /*
 |--------------------------------------------------------------------------
 | Class Extension Prefix
 |--------------------------------------------------------------------------
 |
 | This item allows you to set the filename/classname prefix when extending
-| native libraries.  For more information please see the user guide:
+| native libraries. For more information please see the user guide:
 |
 | http://codeigniter.com/user_guide/general/core_classes.html
 | http://codeigniter.com/user_guide/general/creating_libraries.html
-|
 */
 $config['subclass_prefix'] = 'MY_';
 
-
 /*
 |--------------------------------------------------------------------------
 | Allowed URL Characters
 |--------------------------------------------------------------------------
 |
 | This lets you specify with a regular expression which characters are permitted
-| within your URLs.  When someone tries to submit a URL with disallowed
+| within your URLs. When someone tries to submit a URL with disallowed
 | characters they will get a warning message.
 |
 | As a security measure you are STRONGLY encouraged to restrict URLs to
-| as few characters as possible.  By default only these are allowed: a-z 0-9~%.:_-
+| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_-
 |
 | Leave blank to allow all characters -- but only if you are insane.
 |
 | DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
-|
 */
 $config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';
 
-
 /*
 |--------------------------------------------------------------------------
 | Enable Query Strings
@@ -164,7 +152,7 @@
 | By default CodeIgniter uses search-engine friendly segment based URLs:
 | example.com/who/what/where/
 |
-| By default CodeIgniter enables access to the $_GET array.  If for some
+| By default CodeIgniter enables access to the $_GET array. If for some
 | reason you would like to disable it, set 'allow_get_array' to FALSE.
 |
 | You can optionally enable standard query string based URLs:
@@ -179,12 +167,11 @@
 | Please note that some of the helpers won't work as expected when
 | this feature is enabled, since CodeIgniter is designed primarily to
 | use segment based URLs.
-|
 */
-$config['allow_get_array']		= TRUE;
+$config['allow_get_array']	= TRUE;
 $config['enable_query_strings'] = FALSE;
 $config['controller_trigger']	= 'c';
-$config['function_trigger']		= 'm';
+$config['function_trigger']	= 'm';
 $config['directory_trigger']	= 'd'; // experimental not currently in use
 
 /*
@@ -193,7 +180,7 @@
 |--------------------------------------------------------------------------
 |
 | If you have enabled error logging, you can set an error threshold to
-| determine what gets logged. Threshold options are:
+| determine what gets logged.
 | You can enable error logging by setting a threshold over zero. The
 | threshold determines what gets logged. Threshold options are:
 |
@@ -204,12 +191,11 @@
 |	4 = All Messages
 |
 | You can also pass in a array with threshold levels to show individual error types
-| 
+|
 | 	array(2) = Debug Messages, without Error Messages
 |
 | For a live site you'll usually only enable Errors (1) to be logged otherwise
 | your log files will fill up very fast.
-|
 */
 $config['log_threshold'] = 0;
 
@@ -220,7 +206,6 @@
 |
 | Leave this BLANK unless you would like to set something other than the default
 | application/logs/ folder. Use a full server path with trailing slash.
-|
 */
 $config['log_path'] = '';
 
@@ -231,7 +216,6 @@
 |
 | Each item that is logged has an associated date. You can use PHP date
 | codes to set your own date formatting
-|
 */
 $config['log_date_format'] = 'Y-m-d H:i:s';
 
@@ -242,7 +226,6 @@
 |
 | Leave this BLANK unless you would like to set something other than the default
 | system/cache/ folder.  Use a full server path with trailing slash.
-|
 */
 $config['cache_path'] = '';
 
@@ -253,10 +236,9 @@
 |
 | If you use the Encryption class or the Session class you
 | MUST set an encryption key.  See the user guide for info.
-|  
+|
 | http://codeigniter.com/user_guide/libraries/encryption.html
 | http://codeigniter.com/user_guide/libraries/sessions.html
-|
 */
 $config['encryption_key'] = '';
 
@@ -266,17 +248,17 @@
 |--------------------------------------------------------------------------
 |
 | 'sess_cookie_name'		= the name you want for the cookie
-| 'sess_expiration'			= the number of SECONDS you want the session to last.
-|   by default sessions last 7200 seconds (two hours).  Set to zero for no expiration.
+| 'sess_expiration'		= the number of SECONDS you want the session to last.
+|				  by default sessions last 7200 seconds (two hours).
+|				  Set to zero for no expiration.
 | 'sess_expire_on_close'	= Whether to cause the session to expire automatically
-|   when the browser window is closed
+|				  when the browser window is closed
 | 'sess_encrypt_cookie'		= Whether to encrypt the cookie
 | 'sess_use_database'		= Whether to save the session data to a database
-| 'sess_table_name'			= The name of the session database table
-| 'sess_match_ip'			= Whether to match the user's IP address when reading the session data
+| 'sess_table_name'		= The name of the session database table
+| 'sess_match_ip'		= Whether to match the user's IP address when reading the session data
 | 'sess_match_useragent'	= Whether to match the User Agent when reading the session data
 | 'sess_time_to_update'		= how many seconds between CI refreshing Session Information
-|
 */
 $config['sess_cookie_name']		= 'ci_session';
 $config['sess_expiration']		= 7200;
@@ -293,16 +275,15 @@
 | Cookie Related Variables
 |--------------------------------------------------------------------------
 |
-| 'cookie_prefix' = Set a prefix if you need to avoid collisions
-| 'cookie_domain' = Set to .your-domain.com for site-wide cookies
-| 'cookie_path'   =  Typically will be a forward slash
-| 'cookie_secure' =  Cookies will only be set if a secure HTTPS connection exists.
-| 'cookie_httponly' = Cookie will only be accessible via HTTP(S) (no javascript) 
-|
+| 'cookie_prefix'	= Set a prefix if you need to avoid collisions
+| 'cookie_domain'	= Set to .your-domain.com for site-wide cookies
+| 'cookie_path'  	= Typically will be a forward slash
+| 'cookie_secure'	= Cookies will only be set if a secure HTTPS connection exists.
+| 'cookie_httponly'	= Cookies will only be accessible via HTTP(S) (no javascript)
 */
-$config['cookie_prefix']	= "";
-$config['cookie_domain']	= "";
-$config['cookie_path']		= "/";
+$config['cookie_prefix']	= '';
+$config['cookie_domain']	= '';
+$config['cookie_path']		= '/';
 $config['cookie_secure']	= FALSE;
 $config['cookie_httponly'] 	= FALSE;
 
@@ -312,8 +293,7 @@
 |--------------------------------------------------------------------------
 |
 | Determines whether the XSS filter is always active when GET, POST or
-| COOKIE data is encountered
-|
+| COOKIE data is encountered.
 */
 $config['global_xss_filtering'] = FALSE;
 
@@ -343,17 +323,16 @@
 | Output Compression
 |--------------------------------------------------------------------------
 |
-| Enables Gzip output compression for faster page loads.  When enabled,
+| Enables Gzip output compression for faster page loads. When enabled,
 | the output class will test whether your server supports Gzip.
 | Even if it does, however, not all browsers support compression
 | so enable only if you are reasonably sure your visitors can handle it.
 |
-| VERY IMPORTANT:  If you are getting a blank page when compression is enabled it
+| VERY IMPORTANT: If you are getting a blank page when compression is enabled it
 | means you are prematurely outputting something to your browser. It could
-| even be a line of whitespace at the end of one of your scripts.  For
+| even be a line of whitespace at the end of one of your scripts. For
 | compression to work, nothing can be sent before the output buffer is called
-| by the output class.  Do not 'echo' any values with compression enabled.
-|
+| by the output class. Do not 'echo' any values with compression enabled.
 */
 $config['compress_output'] = FALSE;
 
@@ -366,37 +345,56 @@
 | your server's local time as the master 'now' reference, or convert it to
 | GMT.  See the 'date helper' page of the user guide for information
 | regarding date handling.
-|
 */
 $config['time_reference'] = 'local';
 
-
 /*
 |--------------------------------------------------------------------------
 | Rewrite PHP Short Tags
 |--------------------------------------------------------------------------
 |
 | If your PHP installation does not have short tag support enabled CI
 | can rewrite the tags on-the-fly, enabling you to utilize that syntax
-| in your view files.  Options are TRUE or FALSE (boolean)
-|
+| in your view files. Options are TRUE or FALSE (boolean)
 */
 $config['rewrite_short_tags'] = FALSE;
 
-
 /*
 |--------------------------------------------------------------------------
-| Reverse Proxy IPs
-|--------------------------------------------------------------------------
-|
-| If your server is behind a reverse proxy, you must whitelist the proxy IP
-| addresses from which CodeIgniter should trust the HTTP_X_FORWARDED_FOR
-| header in order to properly identify the visitor's IP address.
-| Comma-delimited, e.g. '10.0.1.200,10.0.1.201'
-|
+| Override REMOTE_ADDR
+|--------------------------------------------------------------------------
+|
+| Those are useful if you have clients accessing your application through a
+| proxy or if the server itself is behind a firewall/proxy. In those cases
+| REMOTE_ADDR can appear to always be the same for either a specific group
+| of clients or all of them.
+|
+| Headers used to get the client IP are (if available; first to last order):
+|	- HTTP_X_FORWARDED_FOR
+|	- HTTP_CLIENT_IP
+|	- HTTP_X_CLUSTER_CLIENT_IP
+|
+| 'proxy_ips'	= Specifies a whilelist of trusted proxy IP addresses for
+|		  which to enable overriding. Mostly useful if you have a
+|		  group of clients using a trusted proxy. This setting
+|		  doesn't depend on 'header_ips' and will work even if it's
+|		  disabled. Can be set to:
+|			(array)  each element must be a valid IP address
+				 (this is preferred over string values)
+|				 e.g. array('10.0.1.200', '10.0.1.201')
+|			(string) a comma-separated list of IP addresses
+|				 e.g. '10.0.1.200,10.0.1.201'
+|
+| 'header_ips'	= Whether to always enable overriding of REMOTE_ADDR.
+|			TRUE to enable
+|			FALSE to disable (default)
+|
+|		  WARNING: Enabling 'header_ips' causes a potential
+|			   security risk! Do NOT set to TRUE unless you
+|			   are certain that you need to!
 */
-$config['proxy_ips'] = '';
-
+$config['proxy_ips']	= array();
+$config['header_ips']	= FALSE;
 
 /* End of file config.php */
 /* Location: ./application/config/config.php */