-
Notifications
You must be signed in to change notification settings - Fork 724
/
ini.xml
157 lines (152 loc) · 4.84 KB
/
ini.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<section xml:id="phar.configuration" xmlns="http://docbook.org/ns/docbook">
&reftitle.runtime;
&extension.runtime;
<para>
<table>
<title>Filesystem and Streams Configuration Options</title>
<tgroup cols="4">
<thead>
<row>
<entry>&Name;</entry>
<entry>&Default;</entry>
<entry>&Changeable;</entry>
<entry>&Changelog;</entry>
</row>
</thead>
<tbody xml:id="phar.configuration.list">
<row>
<entry><link linkend="ini.phar.readonly">phar.readonly</link></entry>
<entry>"1"</entry>
<entry><constant>INI_ALL</constant></entry>
<entry></entry>
</row>
<row>
<entry><link linkend="ini.phar.require-hash">phar.require_hash</link></entry>
<entry>"1"</entry>
<entry><constant>INI_ALL</constant></entry>
<entry></entry>
</row>
<row>
<entry><link linkend="ini.phar.cache-list">phar.cache_list</link></entry>
<entry>""</entry>
<entry><constant>INI_SYSTEM</constant></entry>
<entry></entry>
</row>
</tbody>
</tgroup>
</table>
</para>
&ini.descriptions.title;
<para>
<variablelist>
<varlistentry xml:id="ini.phar.readonly">
<term>
<parameter>phar.readonly</parameter>
<type>bool</type>
</term>
<listitem>
<para>
This option disables creation or modification of Phar archives
using the <literal>phar</literal> stream or <classname>Phar</classname>
object's write support. This setting should always be enabled on
production machines, as the phar extension's convenient write support
could allow straightforward creation of a php-based virus when coupled
with other common security vulnerabilities.
</para>
<note>
<para>
This setting can only be unset in php.ini due to security reasons.
If <literal>phar.readonly</literal> is disabled in php.ini, the
user may enable <literal>phar.readonly</literal> in a script
or disable it later. If <literal>phar.readonly</literal> is
enabled in php.ini, a script may harmlessly "re-enable"
the INI variable, but may not disable it.
</para>
</note>
</listitem>
</varlistentry>
<varlistentry xml:id="ini.phar.require-hash">
<term>
<parameter>phar.require_hash</parameter>
<type>bool</type>
</term>
<listitem>
<para>
This option will force all opened Phar archives to contain some
kind of signature (currently MD5, SHA1, SHA256, SHA512 and OpenSSL are supported), and will
refuse to process any Phar archive that does not contain a signature.
</para>
<note>
<para>
This setting can only be unset in php.ini.
If <literal>phar.require_hash</literal> is disabled in php.ini, the
user may enable <literal>phar.require_hash</literal> in a script
or disable it later. If <literal>phar.require_hash</literal> is
enabled in php.ini, a script may harmlessly "re-enable"
the INI variable, but may not disable it.
</para>
<para>
This setting does not affect reading plain tar files with the
<classname>PharData</classname> class.
</para>
</note>
<caution>
<simpara>
<literal>phar.require_hash</literal> does not provide any security per se,
it is merely a measure against running accidentially corrupted Phar archives,
because anyone who would be able to tamper with the Phar could easily fix
the signature afterwards.
</simpara>
</caution>
</listitem>
</varlistentry>
<varlistentry xml:id="ini.phar.cache-list">
<term>
<parameter>phar.cache_list</parameter>
<type>string</type>
</term>
<listitem>
<para>
Allows mapping phar archives to be pre-parsed at web server startup,
providing a performance improvement that brings running files out of a
phar archive very close to the speed of running those files from a
traditional disk-based installation.
<example>
<title>phar.cache_list usage example</title>
<programlisting>
<![CDATA[
in php.ini (windows):
phar.cache_list =C:\path\to\phar1.phar;C:\path\to\phar2.phar
in php.ini (unix):
phar.cache_list =/path/to/phar1.phar:/path/to/phar2.phar
]]>
</programlisting>
</example>
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</section>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->