<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>New INI Configuration Directives</title>
</head>
<body><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="migration52.class-constants.html">New Class Constants</a></div>
<div class="next" style="text-align: right; float: right;"><a href="migration52.errorrep.html">Error Reporting</a></div>
<div class="up"><a href="migration52.html">Migrating from PHP 5.1.x to PHP 5.2.x</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="migration52.newconf" class="section">
<h2 class="title">New INI Configuration Directives</h2>
<p class="para">
New <var class="filename">php.ini</var> directives introduced in PHP 5.2.0:
</p>
<ul class="itemizedlist">
<li class="listitem">
<span class="simpara">
<a href="filesystem.configuration.html#ini.allow-url-include" class="link">allow_url_include</a>
</span>
<span class="simpara">
This useful option makes it possible to differentiate between
standard file operations on remote files, and the inclusion of
remote files. While the former is usually desirable, the latter can
be a security risk if used naively. Starting with PHP 5.2.0, you can
allow remote file operations while disallowing the inclusion of
remote files in local scripts. In fact, this is the default
configuration.
</span>
</li>
<li class="listitem">
<span class="simpara">
<a href="pcre.configuration.html#ini.pcre.backtrack-limit" class="link">pcre.backtrack_limit</a>
</span>
<span class="simpara">
PCRE's backtracking limit.
</span>
</li>
<li class="listitem">
<span class="simpara">
<a href="pcre.configuration.html#ini.pcre.recursion-limit" class="link">pcre.recursion_limit</a>
</span>
<span class="simpara">
PCRE's recursion limit. Please note that if you set this value to a high
number you may consume all the available process stack and eventually
crash PHP (due to reaching the stack size limit imposed by the Operating
System).
</span>
</li>
<li class="listitem">
<span class="simpara">
<a href="session.configuration.html#ini.session.cookie-httponly" class="link">session.cookie_httponly</a>
</span>
<span class="simpara">
Marks the cookie as accessible only through the HTTP protocol. This means
that the cookie won't be accessible by scripting languages, such as
JavaScript. This setting can effectively help to reduce identity theft
through XSS attacks (although it is not supported by all browsers).
</span>
</li>
</ul>
<p class="para">
New directives in PHP 5.2.2:
</p>
<ul class="itemizedlist">
<li class="listitem">
<span class="simpara">
<a href="info.configuration.html#ini.max-input-nesting-level" class="link">max_input_nesting_level</a>
</span>
<span class="simpara">
Limits how deep <a href="language.variables.external.html" class="link">input
variables</a> can be nested, default is 64.
</span>
</li>
</ul>
</div><hr /><div class="manualnavbar" style="text-align: center;">
<div class="prev" style="text-align: left; float: left;"><a href="migration52.class-constants.html">New Class Constants</a></div>
<div class="next" style="text-align: right; float: right;"><a href="migration52.errorrep.html">Error Reporting</a></div>
<div class="up"><a href="migration52.html">Migrating from PHP 5.1.x to PHP 5.2.x</a></div>
<div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
