From f05400aa21d4a4ff64b2d66f55a68d8d07398012 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Tue, 8 Mar 2016 11:57:32 +0100
Subject: [PATCH] Get JailKit and PHP53 work together
---
tasks/php53.yml | 73 ++++-
templates/etc-php5-apache2-php.ini | 475 +++++++++++++++++------------
2 files changed, 350 insertions(+), 198 deletions(-)
diff --git a/tasks/php53.yml b/tasks/php53.yml
index 6805e79..0df97c6 100644
--- a/tasks/php53.yml
+++ b/tasks/php53.yml
@@ -9,11 +9,68 @@
- '/etc/php5/cli53/conf.d/'
- '/etc/php5/cgi53/conf.d/'
-# http://askubuntu.com/questions/462673/installing-php-5-3-in-ubuntu-14-04
-# apt-get purge php5 && sudo apt-get install libxml2-dev
-# wget http://in1.php.net/distributions/php-5.3.29.tar.bz2
-# tar -xvf php-5.3.29.tar.bz2
-# cd php-5.3.29
-# ./configure
-# make
-# make install
+- name: "Check PHP 5.3 Requirement"
+ shell: php --version
+ register: php_version_available
+ changed_when: false
+
+- block:
+ - name: "Make sure an empty directory /tmp/php53 exists"
+ file:
+ path='/tmp/php53'
+ state='{{ item }}'
+ with_items:
+ - absent
+ - directory
+
+ - name: "Download PHP 5.3"
+ get_url:
+ url='http://in1.php.net/distributions/php-5.3.29.tar.bz2'
+ dest='/tmp/php-5.3.29.tar.bz2'
+
+ - name: "Unpack PHP 5.3"
+ unarchive:
+ src='/tmp/php-5.3.29.tar.bz2'
+ dest='/tmp/php53'
+ copy=no
+
+ - name: "Compile PHP 5.3"
+ shell: "{{ item }} chdir=/tmp/php53/php-5.3.29"
+ with_items:
+ - ./configure
+ - make
+ - make install
+
+ when: '"PHP 5.3.29" not in php_version_available.stdout'
+
+- name: "Copy PHP53 Modules"
+ copy:
+ src='php53/{{ item }}.so'
+ dest='{{ php53.extdir }}/{{ item }}.so'
+ owner='root'
+ group='root'
+ mode=644
+ with_items: '{{ php53.modules }}'
+
+- name: "Enable PHP53 Modules"
+ file:
+ src='/etc/php5/{{ php_conf_dir }}/{{ item.0 }}.ini'
+ dest='/etc/php5/{{ item.1 }}/conf.d/{{ item.0 }}.ini'
+ state='link'
+ owner='root'
+ group='root'
+ mode='644'
+ with_nested:
+ - '{{ php53.modules }}'
+ - ['cli53', 'cgi53']
+
+- name: "Create PHP53 INI Files"
+ template:
+ src='etc-php5-apache2-php.ini'
+ dest='/etc/php5/{{ item }}/php.ini'
+ owner='root'
+ group='root'
+ mode='644'
+ with_items:
+ - 'cgi53'
+ - 'cli53'
diff --git a/templates/etc-php5-apache2-php.ini b/templates/etc-php5-apache2-php.ini
index 463ad01..9f2359d 100644
--- a/templates/etc-php5-apache2-php.ini
+++ b/templates/etc-php5-apache2-php.ini
@@ -1,5 +1,21 @@
[PHP]
+{% if php_version|default('5.5') == '5.3' %}
+allow_call_time_pass_reference = {{ php_allow_call_time_pass_reference }}
+register_globals = {{ php_register_globals }}
+register_long_arrays = {{ php_register_long_arrays }}
+safe_mode = Off
+safe_mode_gid = Off
+safe_mode_include_dir =
+safe_mode_exec_dir =
+safe_mode_allowed_env_vars = PHP_
+safe_mode_protected_env_vars = LD_LIBRARY_PATH
+magic_quotes_gpc = {{ php_magic_quotes_gpc }}
+magic_quotes_runtime = Off
+magic_quotes_sybase = Off
+
+{% endif %}
+
;;;;;;;;;;;;;;;;;;;
; About php.ini ;
;;;;;;;;;;;;;;;;;;;
@@ -19,7 +35,7 @@
; See the PHP docs for more specific information.
; http://php.net/configuration.file
-; The syntax of the file is extremely simple. Whitespace and Lines
+; The syntax of the file is extremely simple. Whitespace and lines
; beginning with a semicolon are silently ignored (as you probably guessed).
; Section headers (e.g. [Foo]) are also silently ignored, even though
; they might mean something in the future.
@@ -83,6 +99,8 @@
; development version only in development environments as errors shown to
; application users can inadvertently leak otherwise secure information.
+; This is php.ini-production INI file.
+
;;;;;;;;;;;;;;;;;;;
; Quick Reference ;
;;;;;;;;;;;;;;;;;;;
@@ -91,11 +109,6 @@
; Please see the actual settings later in the document for more details as to why
; we recommend these changes in PHP's behavior.
-; allow_call_time_pass_reference
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-
; display_errors
; Default Value: On
; Development Value: On
@@ -107,25 +120,20 @@
; Production Value: Off
; error_reporting
-; Default Value: E_ALL & ~E_NOTICE
-; Development Value: E_ALL | E_STRICT
-; Production Value: E_ALL & ~E_DEPRECATED
+; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
+; Development Value: E_ALL
+; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
; html_errors
; Default Value: On
; Development Value: On
-; Production value: Off
+; Production value: On
; log_errors
; Default Value: Off
; Development Value: On
; Production Value: On
-; magic_quotes_gpc
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-
; max_input_time
; Default Value: -1 (Unlimited)
; Development Value: 60 (60 seconds)
@@ -141,11 +149,6 @@
; Development Value: Off
; Production Value: Off
-; register_long_arrays
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-
; request_order
; Default Value: None
; Development Value: "GP"
@@ -212,18 +215,17 @@
engine = On
; This directive determines whether or not PHP will recognize code between
-; <? and ?> tags as PHP source which should be processed as such. It's been
-; recommended for several years that you not use the short tag "short cut" and
-; instead to use the full <?php and ?> tag combination. With the wide spread use
-; of XML and use of these tags by other languages, the server can become easily
-; confused and end up parsing the wrong code in the wrong context. But because
-; this short cut has been a feature for such a long time, it's currently still
-; supported for backwards compatibility, but we recommend you don't use them.
+; <? and ?> tags as PHP source which should be processed as such. It is
+; generally recommended that <?php and ?> should be used and that this feature
+; should be disabled, as enabling it may result in issues when generating XML
+; documents, however this remains supported for backward compatibility reasons.
+; Note that this directive does not control the <?= shorthand tag, which can be
+; used regardless of this directive.
; Default Value: On
; Development Value: Off
; Production Value: Off
; http://php.net/short-open-tag
-short_open_tag = On
+short_open_tag = {{ php_short_open_tag }}
; Allow ASP-style <% %> tags.
; http://php.net/asp-tags
@@ -233,10 +235,6 @@ asp_tags = Off
; http://php.net/precision
precision = 14
-; Enforce year 2000 compliance (will cause problems with non-compliant browsers)
-; http://php.net/y2k-compliance
-y2k_compliance = On
-
; Output buffering is a mechanism for controlling how much output data
; (excluding headers and cookies) PHP should keep internally before pushing that
; data to the client. If your application's output exceeds this setting, PHP
@@ -319,64 +317,16 @@ unserialize_callback_func =
; are decoded with unserialize, the data will remain the same.
serialize_precision = 17
-; This directive allows you to enable and disable warnings which PHP will issue
-; if you pass a value by reference at function call time. Passing values by
-; reference at function call time is a deprecated feature which will be removed
-; from PHP at some point in the near future. The acceptable method for passing a
-; value by reference to a function is by declaring the reference in the functions
-; definition, not at call time. This directive does not disable this feature, it
-; only determines whether PHP will warn you about it or not. These warnings
-; should enabled in development environments only.
-; Default Value: On (Suppress warnings)
-; Development Value: Off (Issue warnings)
-; Production Value: Off (Issue warnings)
-; http://php.net/allow-call-time-pass-reference
-allow_call_time_pass_reference = {{ php_allow_call_time_pass_reference }}
-
-; Safe Mode
-; http://php.net/safe-mode
-safe_mode = Off
-
-; By default, Safe Mode does a UID compare check when
-; opening files. If you want to relax this to a GID compare,
-; then turn on safe_mode_gid.
-; http://php.net/safe-mode-gid
-safe_mode_gid = Off
-
-; When safe_mode is on, UID/GID checks are bypassed when
-; including files from this directory and its subdirectories.
-; (directory must also be in include_path or full path must
-; be used when including)
-; http://php.net/safe-mode-include-dir
-safe_mode_include_dir =
-
-; When safe_mode is on, only executables located in the safe_mode_exec_dir
-; will be allowed to be executed via the exec family of functions.
-; http://php.net/safe-mode-exec-dir
-safe_mode_exec_dir =
-
-; Setting certain environment variables may be a potential security breach.
-; This directive contains a comma-delimited list of prefixes. In Safe Mode,
-; the user may only alter environment variables whose names begin with the
-; prefixes supplied here. By default, users will only be able to set
-; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR).
-; Note: If this directive is empty, PHP will let the user modify ANY
-; environment variable!
-; http://php.net/safe-mode-allowed-env-vars
-safe_mode_allowed_env_vars = PHP_
-
-; This directive contains a comma-delimited list of environment variables that
-; the end user won't be able to change using putenv(). These variables will be
-; protected even if safe_mode_allowed_env_vars is set to allow to change them.
-; http://php.net/safe-mode-protected-env-vars
-safe_mode_protected_env_vars = LD_LIBRARY_PATH
-
; open_basedir, if set, limits all file operations to the defined directory
; and below. This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/open-basedir
+{% if item is defined and item.jail is defined %}
+open_basedir = {{ jailroot }}/{{ item.jail.name }}/var/www{{ item.root }}/:{{ jailroot }}/{{ item.jail.name }}/var/www/settings/:{{ jailroot }}/{{ item.jail.name }}/var/www/files/:{{ jailroot }}/{{ item.jail.name }}/tmp/
+{% else %}
;open_basedir =
+{% endif %}
; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
@@ -396,7 +346,6 @@ disable_classes =
;highlight.string = #DD0000
;highlight.comment = #FF9900
;highlight.keyword = #007700
-;highlight.bg = #FFFFFF
;highlight.default = #0000BB
;highlight.html = #000000
@@ -423,6 +372,18 @@ disable_classes =
; http://php.net/zend.enable-gc
zend.enable_gc = On
+; If enabled, scripts may be written in encodings that are incompatible with
+; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such
+; encodings. To use this feature, mbstring extension must be enabled.
+; Default: Off
+;zend.multibyte = Off
+
+; Allows to set the default encoding for the scripts. This value will be used
+; unless "declare(encoding=...)" directive appears at the top of the script.
+; Only affects if zend.multibyte is set.
+; Default: ""
+;zend.script_encoding =
+
;;;;;;;;;;;;;;;;;
; Miscellaneous ;
;;;;;;;;;;;;;;;;;
@@ -479,12 +440,12 @@ memory_limit = {{ php_memory_limit }}
; recommend error reporting setting. Your production server shouldn't be wasting
; resources complaining about best practices and coding standards. That's what
; development servers and development settings are for.
-; Note: The php.ini-development file has this setting as E_ALL | E_STRICT. This
+; Note: The php.ini-development file has this setting as E_ALL. This
; means it pretty much reports everything which is exactly what you want during
; development and early testing.
;
; Error Level Constants:
-; E_ALL - All errors and warnings (includes E_STRICT as of PHP 6.0.0)
+; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0)
; E_ERROR - fatal run-time errors
; E_RECOVERABLE_ERROR - almost fatal run-time errors
; E_WARNING - run-time warnings (non-fatal errors)
@@ -510,13 +471,13 @@ memory_limit = {{ php_memory_limit }}
; E_USER_DEPRECATED - user-generated deprecation warnings
;
; Common Values:
-; E_ALL & ~E_NOTICE (Show all errors, except for notices and coding standards warnings.)
-; E_ALL & ~E_NOTICE | E_STRICT (Show all errors, except for notices)
+; E_ALL (Show all errors, warnings and notices including coding standards.)
+; E_ALL & ~E_NOTICE (Show all errors, except for notices)
+; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.)
; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
-; E_ALL | E_STRICT (Show all errors, warnings and notices including coding standards.)
-; Default Value: E_ALL & ~E_NOTICE
-; Development Value: E_ALL | E_STRICT
-; Production Value: E_ALL & ~E_DEPRECATED
+; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
+; Development Value: E_ALL
+; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
; http://php.net/error-reporting
error_reporting = {{ php_error_reporting }}
@@ -599,23 +560,24 @@ track_errors = Off
; An XML-RPC faultCode
;xmlrpc_error_number = 0
-; When PHP displays or logs an error, it has the capability of inserting html
-; links to documentation related to that error. This directive controls whether
-; those HTML links appear in error messages or not. For performance and security
-; reasons, it's recommended you disable this on production servers.
+; When PHP displays or logs an error, it has the capability of formatting the
+; error message as HTML for easier reading. This directive controls whether
+; the error message is formatted as HTML or not.
; Note: This directive is hardcoded to Off for the CLI SAPI
; Default Value: On
; Development Value: On
-; Production value: Off
+; Production value: On
; http://php.net/html-errors
html_errors = {{ php_html_errors }}
-; If html_errors is set On PHP produces clickable error messages that direct
-; to a page describing the error or function causing the error in detail.
+; If html_errors is set to On *and* docref_root is not empty, then PHP
+; produces clickable error messages that direct to a page describing the error
+; or function causing the error in detail.
; You can download a copy of the PHP manual from http://php.net/docs
; and change docref_root to the base URL of your local copy including the
; leading '/'. You must also specify the file extension being used including
-; the dot. PHP's default behavior is to leave these settings empty.
+; the dot. PHP's default behavior is to leave these settings empty, in which
+; case no links to documentation are generated.
; Note: Never use this feature for production boxes.
; http://php.net/docref-root
; Examples
@@ -667,13 +629,12 @@ html_errors = {{ php_html_errors }}
;arg_separator.input = ";&"
; This directive determines which super global arrays are registered when PHP
-; starts up. If the register_globals directive is enabled, it also determines
-; what order variables are populated into the global space. G,P,C,E & S are
-; abbreviations for the following respective super globals: GET, POST, COOKIE,
-; ENV and SERVER. There is a performance penalty paid for the registration of
-; these arrays and because ENV is not as commonly used as the others, ENV is
-; is not recommended on productions servers. You can still get access to
-; the environment variables through getenv() should you need to.
+; starts up. G,P,C,E & S are abbreviations for the following respective super
+; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
+; paid for the registration of these arrays and because ENV is not as commonly
+; used as the others, ENV is not recommended on productions servers. You
+; can still get access to the environment variables through getenv() should you
+; need to.
; Default Value: "EGPCS"
; Development Value: "GPCS"
; Production Value: "GPCS";
@@ -693,25 +654,6 @@ variables_order = "GPCS"
; http://php.net/request-order
request_order = "GP"
-; Whether or not to register the EGPCS variables as global variables. You may
-; want to turn this off if you don't want to clutter your scripts' global scope
-; with user data.
-; You should do your best to write your scripts so that they do not require
-; register_globals to be on; Using form variables as globals can easily lead
-; to possible security problems, if the code is not very well thought of.
-; http://php.net/register-globals
-register_globals = {{ php_register_globals }}
-
-; Determines whether the deprecated long $HTTP_*_VARS type predefined variables
-; are registered by PHP or not. As they are deprecated, we obviously don't
-; recommend you use them. They are on by default for compatibility reasons but
-; they are not recommended on production servers.
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-; http://php.net/register-long-arrays
-register_long_arrays = {{ php_register_long_arrays }}
-
; This directive determines whether PHP registers $argv & $argc each time it
; runs. $argv contains an array of all the arguments passed to PHP when a script
; is invoked. $argc contains an integer representing the number of arguments
@@ -727,42 +669,29 @@ register_long_arrays = {{ php_register_long_arrays }}
; http://php.net/register-argc-argv
register_argc_argv = Off
-; When enabled, the SERVER and ENV variables are created when they're first
-; used (Just In Time) instead of when the script starts. If these variables
-; are not used within a script, having this directive on will result in a
-; performance gain. The PHP directives register_globals, register_long_arrays,
-; and register_argc_argv must be disabled for this directive to have any affect.
+; When enabled, the ENV, REQUEST and SERVER variables are created when they're
+; first used (Just In Time) instead of when the script starts. If these
+; variables are not used within a script, having this directive on will result
+; in a performance gain. The PHP directive register_argc_argv must be disabled
+; for this directive to have any affect.
; http://php.net/auto-globals-jit
auto_globals_jit = On
+; Whether PHP will read the POST data.
+; This option is enabled by default.
+; Most likely, you won't want to disable this option globally. It causes $_POST
+; and $_FILES to always be empty; the only way you will be able to read the
+; POST data will be through the php://input stream wrapper. This can be useful
+; to proxy requests or to process the POST data in a memory efficient fashion.
+; http://php.net/enable-post-data-reading
+;enable_post_data_reading = Off
+
; Maximum size of POST data that PHP will accept.
+; Its value may be 0 to disable the limit. It is ignored if POST data reading
+; is disabled through enable_post_data_reading.
; http://php.net/post-max-size
post_max_size = {{ php_post_max_size }}
-; Magic quotes are a preprocessing feature of PHP where PHP will attempt to
-; escape any character sequences in GET, POST, COOKIE and ENV data which might
-; otherwise corrupt data being placed in resources such as databases before
-; making that data available to you. Because of character encoding issues and
-; non-standard SQL implementations across many databases, it's not currently
-; possible for this feature to be 100% accurate. PHP's default behavior is to
-; enable the feature. We strongly recommend you use the escaping mechanisms
-; designed specifically for the database your using instead of relying on this
-; feature. Also note, this feature has been deprecated as of PHP 5.3.0 and is
-; scheduled for removal in PHP 6.
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-; http://php.net/magic-quotes-gpc
-magic_quotes_gpc = {{ php_magic_quotes_gpc }}
-
-; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
-; http://php.net/magic-quotes-runtime
-magic_quotes_runtime = Off
-
-; Use Sybase-style magic quotes (escape ' with '' instead of \').
-; http://php.net/magic-quotes-sybase
-magic_quotes_sybase = Off
-
; Automatically add files before PHP document.
; http://php.net/auto-prepend-file
auto_prepend_file =
@@ -781,10 +710,11 @@ default_mimetype = "text/html"
; PHP's default character set is set to empty.
; http://php.net/default-charset
-;default_charset = "iso-8859-1"
+;default_charset = "UTF-8"
; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is
-; to disable this feature.
+; to disable this feature. If post reading is disabled through
+; enable_post_data_reading, $HTTP_RAW_POST_DATA is *NOT* populated.
; http://php.net/always-populate-raw-post-data
;always_populate_raw_post_data = On
@@ -807,7 +737,11 @@ default_mimetype = "text/html"
; see documentation for security issues. The alternate is to use the
; cgi.force_redirect configuration below
; http://php.net/doc-root
+{% if item is defined and item.jail is defined %}
+doc_root = {{ jailroot }}/{{ item.jail.name }}/var/www{{ item.docroot|default(item.root) }}
+{% else %}
doc_root =
+{% endif %}
; The directory under which PHP opens the script using /~username used only
; if nonempty.
@@ -820,6 +754,10 @@ user_dir =
; On windows:
; extension_dir = "ext"
+; Directory where the temporary files should be placed.
+; Defaults to the system default (see sys_get_temp_dir)
+; sys_temp_dir = "/tmp"
+
; Whether or not to enable the dl() function. The dl() function does NOT work
; properly in multithreaded servers, such as IIS or Zeus, and is automatically
; disabled on them.
@@ -842,7 +780,7 @@ enable_dl = Off
; will look for to know it is OK to continue execution. Setting this variable MAY
; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
; http://php.net/cgi.redirect-status-env
-;cgi.redirect_status_env = ;
+;cgi.redirect_status_env =
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
@@ -859,7 +797,7 @@ enable_dl = Off
; does not currently support this feature (03/17/2002)
; Set to 1 if running under IIS. Default is zero.
; http://php.net/fastcgi.impersonate
-;fastcgi.impersonate = 1;
+;fastcgi.impersonate = 1
; Disable logging through FastCGI connection. PHP's default behavior is to enable
; this feature.
@@ -884,7 +822,11 @@ file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
; http://php.net/upload-tmp-dir
+{% if item is defined and item.jail is defined %}
+upload_tmp_dir = {{ jailroot }}/{{ item.jail.name }}/tmp
+{% else %}
;upload_tmp_dir =
+{% endif %}
; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
@@ -949,11 +891,16 @@ default_socket_timeout = 60
;
; If you only provide the name of the extension, PHP will look for it in its
; default extension directory.
+;
;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;
+[CLI Server]
+; Whether the CLI web server uses ANSI color coding in its terminal output.
+cli_server.color = On
+
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
@@ -1035,13 +982,6 @@ pdo_mysql.default_socket=
;phar.cache_list =
-[Syslog]
-; Whether or not to define the various syslog variables (e.g. $LOG_PID,
-; $LOG_CRON, etc.). Turning it off is a good idea performance-wise. In
-; runtime, you can define these variables by calling define_syslog_variables().
-; http://php.net/define-syslog-variables
-define_syslog_variables = Off
-
[mail function]
; For Win32 only.
; http://php.net/smtp
@@ -1055,7 +995,7 @@ smtp_port = 25
; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
; http://php.net/sendmail-path
-;sendmail_path =
+sendmail_path = {{ php_sendmail_path }}
; Force the addition of the specified parameters to be passed as extra parameters
; to the sendmail binary. These parameters will always replace the value of
@@ -1068,6 +1008,8 @@ mail.add_x_header = On
; The path to a log file that will log all mail() calls. Log entries include
; the full path of the script, line number, To address and headers.
;mail.log =
+; Log mail to syslog (Event Log on NT, not valid in Windows 95).
+;mail.log = syslog
[SQL]
; http://php.net/sql.safe-mode
@@ -1442,7 +1384,19 @@ session.save_handler = files
; where MODE is the octal representation of the mode. Note that this
; does not overwrite the process's umask.
; http://php.net/session.save-path
+{% if item is defined and item.jail is defined %}
+session.save_path = "{{ jailroot }}/{{ item.jail.name }}/tmp"
+{% else %}
;session.save_path = "/tmp"
+{% endif %}
+
+; Whether to use strict session mode.
+; Strict session mode does not accept uninitialized session ID and regenerate
+; session ID if browser sends uninitialized session ID. Strict mode protects
+; applications from session fixation via session adoption vulnerability. It is
+; disabled by default for maximum compatibility, but enabling it is encouraged.
+; https://wiki.php.net/rfc/strict_sessions
+session.use_strict_mode = 0
; Whether to use cookies.
; http://php.net/session.use-cookies
@@ -1452,7 +1406,7 @@ session.use_cookies = 1
;session.cookie_secure =
; This option forces PHP to fetch and use a cookie for storing and maintaining
-; the session id. We encourage this operation as it's very helpful in combatting
+; the session id. We encourage this operation as it's very helpful in combating
; session hijacking when not specifying and managing your own session id. It is
; not the end all be all of session hijacking defense, but it's a good start.
; http://php.net/session.use-only-cookies
@@ -1523,11 +1477,11 @@ session.gc_maxlifetime = {{ php_session_gc_maxlifetime }}
; collection through a shell script, cron entry, or some other method.
; For example, the following script would is the equivalent of
; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
-; find /path/to/sessions -cmin +24 | xargs rm
+; find /path/to/sessions -cmin +24 -type f | xargs rm
; PHP 4.2 and less have an undocumented feature/bug that allows you to
-; to initialize a session variable in the global scope, even when register_globals
-; is disabled. PHP 4.3 and later will warn you, if this feature is used.
+; to initialize a session variable in the global scope.
+; PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled. This feature
; introduces some serious security problems if not handled correctly. It's
@@ -1558,11 +1512,13 @@ session.referer_check =
; How many bytes to read from the file.
; http://php.net/session.entropy-length
-session.entropy_length = 0
+;session.entropy_length = 32
; Specified here to create the session id.
; http://php.net/session.entropy-file
-; On systems that don't have /dev/urandom /dev/arandom can be used
+; Defaults to /dev/urandom
+; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom
+; If neither are found at compile time, the default is no entropy file.
; On windows, setting the entropy_length setting will activate the
; Windows random source (using the CryptoAPI)
;session.entropy_file = /dev/urandom
@@ -1582,7 +1538,7 @@ session.cache_expire = {{ php_session_cache_expire }}
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
-; in publically accessible computer.
+; in publicly accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
; http://php.net/session.use-trans-sid
@@ -1621,6 +1577,51 @@ session.hash_bits_per_character = 5
; http://php.net/url-rewriter.tags
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
+; Enable upload progress tracking in $_SESSION
+; Default Value: On
+; Development Value: On
+; Production Value: On
+; http://php.net/session.upload-progress.enabled
+;session.upload_progress.enabled = On
+
+; Cleanup the progress information as soon as all POST data has been read
+; (i.e. upload completed).
+; Default Value: On
+; Development Value: On
+; Production Value: On
+; http://php.net/session.upload-progress.cleanup
+;session.upload_progress.cleanup = On
+
+; A prefix used for the upload progress key in $_SESSION
+; Default Value: "upload_progress_"
+; Development Value: "upload_progress_"
+; Production Value: "upload_progress_"
+; http://php.net/session.upload-progress.prefix
+;session.upload_progress.prefix = "upload_progress_"
+
+; The index name (concatenated with the prefix) in $_SESSION
+; containing the upload progress information
+; Default Value: "PHP_SESSION_UPLOAD_PROGRESS"
+; Development Value: "PHP_SESSION_UPLOAD_PROGRESS"
+; Production Value: "PHP_SESSION_UPLOAD_PROGRESS"
+; http://php.net/session.upload-progress.name
+;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
+
+; How frequently the upload progress should be updated.
+; Given either in percentages (per-file), or in bytes
+; Default Value: "1%"
+; Development Value: "1%"
+; Production Value: "1%"
+; http://php.net/session.upload-progress.freq
+;session.upload_progress.freq = "1%"
+
+; The minimum delay between updates, in seconds
+; Default Value: 1
+; Development Value: 1
+; Production Value: 1
+; http://php.net/session.upload-progress.min-freq
+;session.upload_progress.min_freq = "1"
+
[MSSQL]
; Allow or prevent persistent links.
mssql.allow_persistent = On
@@ -1638,7 +1639,7 @@ mssql.min_error_severity = 10
mssql.min_message_severity = 10
; Compatibility mode with old versions of PHP 3.0.
-mssql.compatability_mode = Off
+mssql.compatibility_mode = Off
; Connect timeout
;mssql.connect_timeout = 5
@@ -1729,16 +1730,16 @@ mssql.secure_connection = Off
; Some encoding cannot work as internal encoding.
; (e.g. SJIS, BIG5, ISO-2022-*)
; http://php.net/mbstring.internal-encoding
-;mbstring.internal_encoding = EUC-JP
+;mbstring.internal_encoding = UTF-8
; http input encoding.
; http://php.net/mbstring.http-input
-;mbstring.http_input = auto
+;mbstring.http_input = UTF-8
; http output encoding. mb_output_handler must be
; registered as output buffer to function
; http://php.net/mbstring.http-output
-;mbstring.http_output = SJIS
+;mbstring.http_output = pass
; enable automatic encoding translation according to
; mbstring.internal_encoding setting. Input chars are
@@ -1756,7 +1757,7 @@ mssql.secure_connection = Off
; substitute_character used when character cannot be converted
; one from another
; http://php.net/mbstring.substitute-character
-;mbstring.substitute_character = none;
+;mbstring.substitute_character = none
; overload(replace) single byte functions by mbstring functions.
; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(),
@@ -1770,17 +1771,13 @@ mssql.secure_connection = Off
;mbstring.func_overload = 0
; enable strict encoding detection.
-;mbstring.strict_detection = Off
+;mbstring.strict_detection = On
; This directive specifies the regex pattern of content types for which mb_output_handler()
; is activated.
; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml)
;mbstring.http_output_conv_mimetype=
-; Allows to set script encoding. Only affects if PHP is compiled with --enable-zend-multibyte
-; Default: ""
-;mbstring.script_encoding=
-
[gd]
; Tell the jpeg decode to ignore warnings and try to create
; a gd image. The warning will then be displayed as notices
@@ -1862,12 +1859,110 @@ ldap.max_links = -1
[dba]
;dba.default_handler=
-[xsl]
-; Write operations from within XSLT are disabled by default.
-; XSL_SECPREF_CREATE_DIRECTORY | XSL_SECPREF_WRITE_NETWORK |Â XSL_SECPREF_WRITE_FILE = 44
-; Set it to 0 to allow all operations
-;xsl.security_prefs = 44
+[opcache]
+; Determines if Zend OPCache is enabled
+;opcache.enable=0
+
+; Determines if Zend OPCache is enabled for the CLI version of PHP
+;opcache.enable_cli=0
+
+; The OPcache shared memory storage size.
+;opcache.memory_consumption=64
+
+; The amount of memory for interned strings in Mbytes.
+;opcache.interned_strings_buffer=4
+
+; The maximum number of keys (scripts) in the OPcache hash table.
+; Only numbers between 200 and 100000 are allowed.
+;opcache.max_accelerated_files=2000
+
+; The maximum percentage of "wasted" memory until a restart is scheduled.
+;opcache.max_wasted_percentage=5
+
+; When this directive is enabled, the OPcache appends the current working
+; directory to the script key, thus eliminating possible collisions between
+; files with the same name (basename). Disabling the directive improves
+; performance, but may break existing applications.
+;opcache.use_cwd=1
+
+; When disabled, you must reset the OPcache manually or restart the
+; webserver for changes to the filesystem to take effect.
+;opcache.validate_timestamps=1
+
+; How often (in seconds) to check file timestamps for changes to the shared
+; memory storage allocation. ("1" means validate once per second, but only
+; once per request. "0" means always validate)
+;opcache.revalidate_freq=2
+
+; Enables or disables file search in include_path optimization
+;opcache.revalidate_path=0
+
+; If disabled, all PHPDoc comments are dropped from the code to reduce the
+; size of the optimized code.
+;opcache.save_comments=1
+
+; If disabled, PHPDoc comments are not loaded from SHM, so "Doc Comments"
+; may be always stored (save_comments=1), but not loaded by applications
+; that don't need them anyway.
+;opcache.load_comments=1
+
+; If enabled, a fast shutdown sequence is used for the accelerated code
+;opcache.fast_shutdown=0
+
+; Allow file existence override (file_exists, etc.) performance feature.
+;opcache.enable_file_override=0
+
+; A bitmask, where each bit enables or disables the appropriate OPcache
+; passes
+;opcache.optimization_level=0xffffffff
+
+;opcache.inherited_hack=1
+;opcache.dups_fix=0
+
+; The location of the OPcache blacklist file (wildcards allowed).
+; Each OPcache blacklist file is a text file that holds the names of files
+; that should not be accelerated. The file format is to add each filename
+; to a new line. The filename may be a full path or just a file prefix
+; (i.e., /var/www/x blacklists all the files and directories in /var/www
+; that start with 'x'). Line starting with a ; are ignored (comments).
+;opcache.blacklist_filename=
+
+; Allows exclusion of large files from being cached. By default all files
+; are cached.
+;opcache.max_file_size=0
+
+; Check the cache checksum each N requests.
+; The default value of "0" means that the checks are disabled.
+;opcache.consistency_checks=0
+
+; How long to wait (in seconds) for a scheduled restart to begin if the cache
+; is not being accessed.
+;opcache.force_restart_timeout=180
+
+; OPcache error_log file name. Empty string assumes "stderr".
+;opcache.error_log=
+
+; All OPcache errors go to the Web server log.
+; By default, only fatal errors (level 0) or errors (level 1) are logged.
+; You can also enable warnings (level 2), info messages (level 3) or
+; debug messages (level 4).
+;opcache.log_verbosity_level=1
+
+; Preferred Shared Memory back-end. Leave empty and let the system decide.
+;opcache.preferred_memory_model=
+
+; Protect the shared memory from unexpected writing during script execution.
+; Useful for internal debugging only.
+;opcache.protect_memory=0
+
+[curl]
+; A default value for the CURLOPT_CAINFO option. This is required to be an
+; absolute path.
+;curl.cainfo =
; Local Variables:
; tab-width: 4
; End:
+
+[Syslog]
+define_syslog_variables = Off
--
GitLab