From aeb6a57aa9fd2c6567b85ac4b9ad1c60b7e3f563 Mon Sep 17 00:00:00 2001
From: Matthijs Kooijman <matthijs@stdin.nl>
Date: Fri, 23 Jul 2010 13:50:14 +0200
Subject: [PATCH] php: Set some useful default options.

This disables stuff like magic quotes and other insecure stuff, sets the
loglevel, etc.
---
 etc/php5/cgi/php.ini.local | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/etc/php5/cgi/php.ini.local b/etc/php5/cgi/php.ini.local
index d1a8eb7..da03246 100644
--- a/etc/php5/cgi/php.ini.local
+++ b/etc/php5/cgi/php.ini.local
@@ -8,4 +8,27 @@ log_errors = On
 # Don't display errors to the client 
 display_errors = Off
 
+# Add E_USER_NOTICE, so trigger_error calls without a level actually get
+# logged.
+error_reporting  =  E_ALL & ~E_NOTICE | E_USER_NOTICE
+
+# Disable some features for increased security and reduced surprise.
+allow_call_time_pass_reference = Off
+register_long_arrays = Off
+register_argc_argv = Off
+magic_quotes_gpc = Off
+enable_dl = Off
+allow_url_fopen = Off
+
+
+# Use conforming headers (not sure how useful this is, though) 
+cgi.rfc2616_headers = 1
+
+# Conform to CGI spec
+# Needed for lighttpd (http://trac.lighttpd.net/trac/wiki/Docs%3AModCGI)
+cgi.fix_pathinfo = 1
+
+# Include some global php libraries
+include_path = "/var/www/php5-libs"
+
 # vim: set filetype=dosini:
-- 
2.30.2