From: Michael M Slusarz Date: Wed, 7 Apr 2010 22:44:30 +0000 (-0600) Subject: Bug #8612: Automatically disable tidy.clean_output PHP setting X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=72b8d57b0cd97055c6d69bf2a2659a304f4ea709;p=horde.git Bug #8612: Automatically disable tidy.clean_output PHP setting --- diff --git a/horde/lib/Test.php b/horde/lib/Test.php index 0e78fed4c..1e265dc8a 100644 --- a/horde/lib/Test.php +++ b/horde/lib/Test.php @@ -189,9 +189,17 @@ class Horde_Test * @var array */ protected $_settingsList = array( + 'allow_url_include' => array( + 'setting' => false, + 'error' => 'This is a security hazard. Horde will attempt to disable automatically, but it is best to manually disable also.' + ), 'magic_quotes_runtime' => array( 'setting' => false, - 'error' => 'magic_quotes_runtime may cause problems with database inserts, etc. Turn it off.' + 'error' => 'magic_quotes_runtime may cause problems with database inserts, etc. Horde will attempt to disable automatically, but it is best to manually disable also.' + ), + 'magic_quotes_sybase' => array( + 'setting' => false, + 'error' => 'magic_quotes_sybase may cause problems with database inserts, etc. Horde will attempt to disable automatically, but it is best to manually disable also.' ), 'memory_limit' => array( 'setting' => 'value', @@ -224,10 +232,18 @@ class Horde_Test 'setting' => false, 'error' => 'Horde will work with session.use_trans_sid turned on, but you may see double session-ids in your URLs, and if the session name in php.ini differs from the session name configured in Horde, you may get two session ids and see other odd behavior. The URL-rewriting that use_trans_sid does also tends to break XHTML compliance. In short, you should really disable this.' ), + 'tidy.clean_output' => array( + 'setting' => false, + 'error' => 'This will break output of any dynamically created, non-HTML content. Horde will attempt to disable automatically, but it is best to manually disable also.' + ), 'zend_accelerator.compress_all' => array( 'setting' => false, 'error' => 'You should not enable output compression unconditionally because some browsers and scripts don\'t work well with output compression. Enable compression in Horde\'s configuration instead, so that we have full control over the conditions where to enable and disable it.' ), + 'zend.ze1_compatibility_mode' => array( + 'setting' => false, + 'error' => 'Unneeded, deprecated PHP 4 compatibility option. Horde will attempt to disable automatically, but it is best to manually disable also.' + ), 'zlib.output_compression' => array( 'setting' => false, 'error' => 'You should not enable output compression unconditionally because some browsers and scripts don\'t work well with output compression. Enable compression in Horde\'s configuration instead, so that we have full control over the conditions where to enable and disable it.' diff --git a/horde/lib/core.php b/horde/lib/core.php index 63490cf90..2a275e481 100644 --- a/horde/lib/core.php +++ b/horde/lib/core.php @@ -12,10 +12,11 @@ */ /* Turn PHP stuff off that can really screw things up. */ -ini_set('magic_quotes_sybase', 0); +ini_set('allow_url_include', 0); ini_set('magic_quotes_runtime', 0); +ini_set('magic_quotes_sybase', 0); +ini_set('tidy.clean_output', 0); ini_set('zend.ze1_compatibility_mode', 0); -ini_set('allow_url_include', 0); /* Exit immediately if register_globals is active. */ if (ini_get('register_globals')) {