-
Notifications
You must be signed in to change notification settings - Fork 1
/
php-ini.patch
396 lines (377 loc) · 14.4 KB
/
php-ini.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
--- php-8.2.0RC2/php.ini~ 2022-09-29 01:16:25.000000000 +0300
+++ php-8.2.0RC2/php.ini 2022-09-29 01:18:21.454421061 +0300
@@ -82,8 +82,19 @@
; much more verbose when it comes to errors. We recommend using the
; development version only in development environments, as errors shown to
; application users can inadvertently leak otherwise secure information.
-
-; This is the php.ini-production INI file.
+;
+; This is the default settings file for new PHP installations from
+; PLD Linux Distribution.
+;
+; It's based mainly on php.ini-production, but with some changes made with
+; security in mind (see below, consult also http://php.net/manual/en/security.php).
+;
+; Please note, that in PLD installations /etc/php/php.ini file
+; contains global settings for all SAPIs (cgi, cli, apache...),
+; and after reading this file, SAPI-specific file (/etc/php/php-cgi-fcgi.ini,
+; /etc/php/php-cli.ini, /etc/php/php-apache.ini...) is INCLUDED
+; (so you don't have to duplicate whole large file to override only
+; few options)
;;;;;;;;;;;;;;;;;;;
; Quick Reference ;
@@ -167,10 +181,8 @@
; php.ini Options ;
;;;;;;;;;;;;;;;;;;;;
; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
-;user_ini.filename = ".user.ini"
-
; To disable this feature set this option to an empty value
-;user_ini.filename =
+user_ini.filename =
; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
;user_ini.cache_ttl = 300
@@ -225,7 +237,7 @@
; Development Value: Off
; Production Value: Off
; https://php.net/short-open-tag
-short_open_tag = Off
+short_open_tag = On
; The number of significant digits displayed in floating point numbers.
; https://php.net/precision
@@ -360,7 +372,7 @@
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; https://php.net/expose-php
-expose_php = On
+expose_php = Off
;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
@@ -744,9 +756,7 @@
; Directory in which the loadable extensions (modules) reside.
; https://php.net/extension-dir
-;extension_dir = "./"
-; On windows:
-;extension_dir = "ext"
+;extension_dir = "/usr/lib/php"
; Directory where the temporary files should be placed.
; Defaults to the system default (see sys_get_temp_dir)
@@ -758,64 +768,6 @@
; https://php.net/enable-dl
enable_dl = Off
-; cgi.force_redirect is necessary to provide security running PHP as a CGI under
-; most web servers. Left undefined, PHP turns this on by default. You can
-; turn it off here AT YOUR OWN RISK
-; **You CAN safely turn this off for IIS, in fact, you MUST.**
-; https://php.net/cgi.force-redirect
-;cgi.force_redirect = 1
-
-; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
-; every request. PHP's default behavior is to disable this feature.
-;cgi.nph = 1
-
-; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
-; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
-; will look for to know it is OK to continue execution. Setting this variable MAY
-; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
-; https://php.net/cgi.redirect-status-env
-;cgi.redirect_status_env =
-
-; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
-; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
-; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
-; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
-; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
-; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
-; https://php.net/cgi.fix-pathinfo
-;cgi.fix_pathinfo=1
-
-; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside
-; of the web tree and people will not be able to circumvent .htaccess security.
-;cgi.discard_path=1
-
-; FastCGI under IIS supports the ability to impersonate
-; security tokens of the calling client. This allows IIS to define the
-; security context that the request runs under. mod_fastcgi under Apache
-; does not currently support this feature (03/17/2002)
-; Set to 1 if running under IIS. Default is zero.
-; https://php.net/fastcgi.impersonate
-;fastcgi.impersonate = 1
-
-; Disable logging through FastCGI connection. PHP's default behavior is to enable
-; this feature.
-;fastcgi.logging = 0
-
-; cgi.rfc2616_headers configuration option tells PHP what type of headers to
-; use when sending HTTP response code. If set to 0, PHP sends Status: header that
-; is supported by Apache. When this option is set to 1, PHP will send
-; RFC2616 compliant header.
-; Default is zero.
-; https://php.net/cgi.rfc2616-headers
-;cgi.rfc2616_headers = 0
-
-; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #!
-; (shebang) at the top of the running script. This line might be needed if the
-; script support running both as stand-alone script and via PHP CGI<. PHP in CGI
-; mode skips this line and ignores its content if this directive is turned on.
-; https://php.net/cgi.check-shebang-line
-;cgi.check_shebang_line=1
-
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
@@ -858,48 +858,7 @@ default_socket_timeout = 60
; deprecated in a future PHP major version. So, when it is possible, please
; move to the new ('extension=<ext>) syntax.
;
-; Notes for Windows environments :
-;
-; - Many DLL files are located in the ext/
-; extension folders as well as the separate PECL DLL download.
-; Be sure to appropriately set the extension_dir directive.
-;
-;extension=bz2
-;extension=curl
-;extension=ffi
-;extension=ftp
-;extension=fileinfo
-;extension=gd
-;extension=gettext
-;extension=gmp
-;extension=intl
-;extension=ldap
-;extension=mbstring
-;extension=exif ; Must be after mbstring as it depends on it
-;extension=mysqli
-;extension=odbc
-;extension=openssl
-;extension=pdo_firebird
-;extension=pdo_mysql
-;extension=pdo_odbc
-;extension=pdo_pgsql
-;extension=pdo_sqlite
-;extension=pgsql
-;extension=shmop
-
-; The MIBS data available in the PHP distribution must be installed.
-; See https://www.php.net/manual/en/snmp.installation.php
-;extension=snmp
-
-;extension=soap
-;extension=sockets
-;extension=sodium
-;extension=sqlite3
-;extension=tidy
-;extension=xsl
-;extension=zip
-
-;zend_extension=opcache
+; In PLD Linux you can install appropriate php84-<extension> or php84-pecl-<extension> package.
;;;;;;;;;;;;;;;;;;;
; Module Settings ;
@@ -954,8 +867,9 @@
[Date]
; Defines the default timezone used by the date functions
-; https://php.net/date.timezone
-;date.timezone =
+; https://php.net/date.timezone
+;
+; NOTE: In PLD Linux the /etc/php/conf.d/timezone.ini is used to set timezone
; https://php.net/date.default-latitude
;date.default_latitude = 31.7667
@@ -897,19 +897,19 @@ cli_server.color = On
; Use of this INI entry is deprecated, use global input_encoding instead.
; If empty, default_charset or input_encoding or iconv.input_encoding is used.
; The precedence is: default_charset < input_encoding < iconv.input_encoding
-;iconv.input_encoding =
+iconv.input_encoding = UTF-8
; Use of this INI entry is deprecated, use global internal_encoding instead.
; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
-;iconv.internal_encoding =
+iconv.internal_encoding = UTF-8
; Use of this INI entry is deprecated, use global output_encoding instead.
; If empty, default_charset or output_encoding or iconv.output_encoding is used.
; The precedence is: default_charset < output_encoding < iconv.output_encoding
; To use an output encoding conversion, iconv's output handler must be set
; otherwise output encoding conversion cannot be performed.
-;iconv.output_encoding =
+iconv.output_encoding = UTF-8
[intl]
;intl.default_locale =
@@ -1360,7 +1274,7 @@
[browscap]
; https://php.net/browscap
-;browscap = extra/browscap.ini
+;browscap = /usr/share/browscap/php_browscap.ini
[Session]
; Handler used to store/retrieve data.
@@ -1747,7 +1661,7 @@
; Sets the directory name where SOAP extension will put cache files.
; https://php.net/soap.wsdl-cache-dir
-soap.wsdl_cache_dir="/tmp"
+soap.wsdl_cache_dir="/var/cache/php"
; (time to live) Sets the number of second while cached file will be used
; instead of original one.
@@ -1673,161 +1673,6 @@ ldap.max_links = -1
[dba]
;dba.default_handler=
-[opcache]
-; Determines if Zend OPCache is enabled
-;opcache.enable=1
-
-; Determines if Zend OPCache is enabled for the CLI version of PHP
-;opcache.enable_cli=0
-
-; The OPcache shared memory storage size.
-;opcache.memory_consumption=128
-
-; The amount of memory for interned strings in Mbytes.
-;opcache.interned_strings_buffer=8
-
-; The maximum number of keys (scripts) in the OPcache hash table.
-; Only numbers between 200 and 1000000 are allowed.
-;opcache.max_accelerated_files=10000
-
-; The maximum percentage of "wasted" memory until a restart is scheduled.
-;opcache.max_wasted_percentage=5
-
-; When this directive is enabled, the OPcache appends the current working
-; directory to the script key, thus eliminating possible collisions between
-; files with the same name (basename). Disabling the directive improves
-; performance, but may break existing applications.
-;opcache.use_cwd=1
-
-; When disabled, you must reset the OPcache manually or restart the
-; webserver for changes to the filesystem to take effect.
-;opcache.validate_timestamps=1
-
-; How often (in seconds) to check file timestamps for changes to the shared
-; memory storage allocation. ("1" means validate once per second, but only
-; once per request. "0" means always validate)
-;opcache.revalidate_freq=2
-
-; Enables or disables file search in include_path optimization
-;opcache.revalidate_path=0
-
-; If disabled, all PHPDoc comments are dropped from the code to reduce the
-; size of the optimized code.
-;opcache.save_comments=1
-
-; If enabled, compilation warnings (including notices and deprecations) will
-; be recorded and replayed each time a file is included. Otherwise, compilation
-; warnings will only be emitted when the file is first cached.
-;opcache.record_warnings=0
-
-; Allow file existence override (file_exists, etc.) performance feature.
-;opcache.enable_file_override=0
-
-; A bitmask, where each bit enables or disables the appropriate OPcache
-; passes
-;opcache.optimization_level=0x7FFFBFFF
-
-;opcache.dups_fix=0
-
-; The location of the OPcache blacklist file (wildcards allowed).
-; Each OPcache blacklist file is a text file that holds the names of files
-; that should not be accelerated. The file format is to add each filename
-; to a new line. The filename may be a full path or just a file prefix
-; (i.e., /var/www/x blacklists all the files and directories in /var/www
-; that start with 'x'). Line starting with a ; are ignored (comments).
-;opcache.blacklist_filename=
-
-; Allows exclusion of large files from being cached. By default all files
-; are cached.
-;opcache.max_file_size=0
-
-; How long to wait (in seconds) for a scheduled restart to begin if the cache
-; is not being accessed.
-;opcache.force_restart_timeout=180
-
-; OPcache error_log file name. Empty string assumes "stderr".
-;opcache.error_log=
-
-; All OPcache errors go to the Web server log.
-; By default, only fatal errors (level 0) or errors (level 1) are logged.
-; You can also enable warnings (level 2), info messages (level 3) or
-; debug messages (level 4).
-;opcache.log_verbosity_level=1
-
-; Preferred Shared Memory back-end. Leave empty and let the system decide.
-;opcache.preferred_memory_model=
-
-; Protect the shared memory from unexpected writing during script execution.
-; Useful for internal debugging only.
-;opcache.protect_memory=0
-
-; Allows calling OPcache API functions only from PHP scripts which path is
-; started from specified string. The default "" means no restriction
-;opcache.restrict_api=
-
-; Mapping base of shared memory segments (for Windows only). All the PHP
-; processes have to map shared memory into the same address space. This
-; directive allows to manually fix the "Unable to reattach to base address"
-; errors.
-;opcache.mmap_base=
-
-; Facilitates multiple OPcache instances per user (for Windows only). All PHP
-; processes with the same cache ID and user share an OPcache instance.
-;opcache.cache_id=
-
-; Enables and sets the second level cache directory.
-; It should improve performance when SHM memory is full, at server restart or
-; SHM reset. The default "" disables file based caching.
-;opcache.file_cache=
-
-; Enables or disables opcode caching in shared memory.
-;opcache.file_cache_only=0
-
-; Enables or disables checksum validation when script loaded from file cache.
-;opcache.file_cache_consistency_checks=1
-
-; Implies opcache.file_cache_only=1 for a certain process that failed to
-; reattach to the shared memory (for Windows only). Explicitly enabled file
-; cache is required.
-;opcache.file_cache_fallback=1
-
-; Enables or disables copying of PHP code (text segment) into HUGE PAGES.
-; Under certain circumstances (if only a single global PHP process is
-; started from which all others fork), this can increase performance
-; by a tiny amount because TLB misses are reduced. On the other hand, this
-; delays PHP startup, increases memory usage and degrades performance
-; under memory pressure - use with care.
-; Requires appropriate OS configuration.
-;opcache.huge_code_pages=0
-
-; Validate cached file permissions.
-;opcache.validate_permission=0
-
-; Prevent name collisions in chroot'ed environment.
-;opcache.validate_root=0
-
-; If specified, it produces opcode dumps for debugging different stages of
-; optimizations.
-;opcache.opt_debug_level=0
-
-; Specifies a PHP script that is going to be compiled and executed at server
-; start-up.
-; https://php.net/opcache.preload
-;opcache.preload=
-
-; Preloading code as root is not allowed for security reasons. This directive
-; facilitates to let the preloading to be run as another user.
-; https://php.net/opcache.preload_user
-;opcache.preload_user=
-
-; Prevents caching files that are less than this number of seconds old. It
-; protects from caching of incompletely updated files. In case all file updates
-; on your site are atomic, you may increase performance by setting it to "0".
-;opcache.file_update_protection=2
-
-; Absolute path used to store shared lockfiles (for *nix only).
-;opcache.lockfile_path=/tmp
-
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.