archive/php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2025-08-15 13:38:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'PHP-7.2' into PHP-7.3

Browse source 
* PHP-7.2:
  SQLite3: add DEFENSIVE config for SQLite >= 3.26.0 as a mitigation strategy against potential security flaws
This commit is contained in:
Christoph M. Becker 2019-03-11 16:28:46 +01:00
commit e7ce7c6bb2
6 changed files with 75 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
php.ini-production
View file

@ -1011,8 +1011,19 @@ cli_server.color = On
;intl.use_exceptions = 0
[sqlite3]
; Directory pointing to SQLite3 extensions
; http://php.net/sqlite3.extension-dir
;sqlite3.extension_dir =
; SQLite defensive mode flag (only available from SQLite 3.26+)
; When the defensive flag is enabled, language features that allow ordinary
; SQL to deliberately corrupt the database file are disabled. This forbids
; writing directly to the schema, shadow tables (eg. FTS data tables), or
; the sqlite_dbpage virtual table.
; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
; (for older SQLite versions, this flag has no use)
sqlite3.defensive = 1
[Pcre]
; PCRE library backtracking limit.
; http://php.net/pcre.backtrack-limit