diff --git a/Dockerfile b/Dockerfile index 4a67f5b..b669ff5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ FROM alpine:3.18 COPY --from=builder /go/bin/envsubst /usr/bin/envsubst -ARG WALLABAG_VERSION=2.6.4 +ARG WALLABAG_VERSION=2.6.10 RUN set -ex \ && apk add --no-cache \ diff --git a/README.md b/README.md index 0a5efb4..a70d884 100644 --- a/README.md +++ b/README.md @@ -41,6 +41,7 @@ Default login is `wallabag:wallabag`. - `-e SYMFONY__ENV__SENTRY_DSN=...` (defaults to "~", this is the data source name for sentry) - `-e POPULATE_DATABASE=...`(defaults to "True". Does the DB has to be populated or is it an existing one) - `-e SYMFONY__ENV__SERVER_NAME=...` (defaults to "Your wallabag instance". Specifies a user-friendly name for the 2FA issuer) +- `-e PHP_MEMORY_LIMIT=...` (allows you to change the PHP `memory_limit` value. defaults to 128M, and should be a number and unit, eg. 512K, 128M, 2G, or a number of bytes) ## SQLite diff --git a/root/entrypoint.sh b/root/entrypoint.sh index 9bbfe99..0d3932f 100755 --- a/root/entrypoint.sh +++ b/root/entrypoint.sh @@ -28,6 +28,7 @@ provisioner() { # Replace environment variables envsubst < /etc/wallabag/parameters.template.yml > app/config/parameters.yml + envsubst < /etc/wallabag/php-wallabag.template.ini > /etc/php81/conf.d/50_wallabag.ini # Wait for external database if [ "$SYMFONY__ENV__DATABASE_DRIVER" = "pdo_mysql" ] || [ "$SYMFONY__ENV__DATABASE_DRIVER" = "pdo_pgsql" ] ; then diff --git a/root/etc/nginx/nginx.conf b/root/etc/nginx/nginx.conf index 2f499d3..ae7d3c8 100644 --- a/root/etc/nginx/nginx.conf +++ b/root/etc/nginx/nginx.conf @@ -58,6 +58,7 @@ http { # for more information). fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; fastcgi_param DOCUMENT_ROOT $realpath_root; + fastcgi_read_timeout 300s; # Prevents URIs that include the front controller. This will 404: # http://domain.tld/app.php/some-path # Remove the internal directive to allow URIs like this diff --git a/root/etc/php81/php.ini b/root/etc/php81/php.ini index 545d3fc..7513cae 100644 --- a/root/etc/php81/php.ini +++ b/root/etc/php81/php.ini @@ -15,9 +15,9 @@ ; 5. The web server's directory (for SAPI modules), or directory of PHP ; (otherwise in Windows) ; 6. The directory from the --with-config-file-path compile time option, or the -; Windows directory (C:\windows or C:\winnt) +; Windows directory (usually C:\windows) ; See the PHP docs for more specific information. -; http://php.net/configuration.file +; https://php.net/configuration.file ; The syntax of the file is extremely simple. Whitespace and lines ; beginning with a semicolon are silently ignored (as you probably guessed). @@ -31,7 +31,7 @@ ; special sections cannot be overridden by user-defined INI files or ; at runtime. Currently, [PATH=] and [HOST=] sections only work under ; CGI/FastCGI. -; http://php.net/ini.sections +; https://php.net/ini.sections ; Directives are specified using the following syntax: ; directive = value @@ -58,9 +58,9 @@ ; An empty string can be denoted by simply not writing anything after the equal ; sign, or by using the None keyword: -; foo = ; sets foo to an empty string -; foo = None ; sets foo to an empty string -; foo = "None" ; sets foo to the string 'None' +; foo = ; sets foo to an empty string +; foo = None ; sets foo to an empty string +; foo = "None" ; sets foo to the string 'None' ; If you use constants in your value, and these constants belong to a ; dynamically loaded extension (either a PHP extension or a Zend extension), @@ -78,16 +78,17 @@ ; compatibility with older or less security conscience applications. We ; recommending using the production ini in production and testing environments. -; php.ini-development is very similar to its production variant, except it's -; much more verbose when it comes to errors. We recommending using the -; development version only in development environments as errors shown to +; php.ini-development is very similar to its production variant, except it is +; much more verbose when it comes to errors. We recommend using the +; development version only in development environments, as errors shown to ; application users can inadvertently leak otherwise secure information. -; This is php.ini-production INI file. +; This is the php.ini-production INI file. ;;;;;;;;;;;;;;;;;;; ; Quick Reference ; ;;;;;;;;;;;;;;;;;;; + ; The following are all the settings which are different in either the production ; or development versions of the INIs with respect to PHP's default behavior. ; Please see the actual settings later in the document for more details as to why @@ -99,20 +100,15 @@ ; Production Value: Off ; display_startup_errors -; Default Value: Off +; Default Value: On ; Development Value: On ; Production Value: Off ; error_reporting -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Default Value: E_ALL ; Development Value: E_ALL ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT -; html_errors -; Default Value: On -; Development Value: On -; Production value: On - ; log_errors ; Default Value: Off ; Development Value: On @@ -138,22 +134,12 @@ ; Development Value: "GP" ; Production Value: "GP" -; session.bug_compat_42 -; Default Value: On -; Development Value: On -; Production Value: Off - -; session.bug_compat_warn -; Default Value: On -; Development Value: On -; Production Value: Off - ; session.gc_divisor ; Default Value: 100 ; Development Value: 1000 ; Production Value: 1000 -; session.hash_bits_per_character +; session.sid_bits_per_character ; Default Value: 4 ; Development Value: 5 ; Production Value: 5 @@ -163,28 +149,28 @@ ; Development Value: Off ; Production Value: Off -; track_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; url_rewriter.tags -; Default Value: "a=href,area=href,frame=src,form=,fieldset=" -; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" -; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" - ; variables_order ; Default Value: "EGPCS" ; Development Value: "GPCS" ; Production Value: "GPCS" +; zend.exception_ignore_args +; Default Value: Off +; Development Value: Off +; Production Value: On + +; zend.exception_string_param_max_len +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 + ;;;;;;;;;;;;;;;;;;;; ; php.ini Options ; ;;;;;;;;;;;;;;;;;;;; ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" ;user_ini.filename = ".user.ini" -; To disable this feature set this option to empty value +; To disable this feature set this option to an empty value ;user_ini.filename = ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) @@ -195,7 +181,7 @@ ;;;;;;;;;;;;;;;;;;;; ; Enable the PHP scripting language engine under Apache. -; http://php.net/engine +; https://php.net/engine engine = On ; This directive determines whether or not PHP will recognize code between @@ -208,15 +194,11 @@ engine = On ; Default Value: On ; Development Value: Off ; Production Value: Off -; http://php.net/short-open-tag +; https://php.net/short-open-tag short_open_tag = Off -; Allow ASP-style <% %> tags. -; http://php.net/asp-tags -asp_tags = Off - ; The number of significant digits displayed in floating point numbers. -; http://php.net/precision +; https://php.net/precision precision = 14 ; Output buffering is a mechanism for controlling how much output data @@ -240,7 +222,7 @@ precision = 14 ; Default Value: Off ; Development Value: 4096 ; Production Value: 4096 -; http://php.net/output-buffering +; https://php.net/output-buffering output_buffering = 4096 ; You can redirect all of the output of your scripts to a function. For @@ -255,9 +237,26 @@ output_buffering = 4096 ; and you cannot use both "ob_gzhandler" and "zlib.output_compression". ; Note: output_handler must be empty if this is set 'On' !!!! ; Instead you must use zlib.output_handler. -; http://php.net/output-handler +; https://php.net/output-handler ;output_handler = +; URL rewriter function rewrites URL on the fly by using +; output buffer. You can set target tags by this configuration. +; "form" tag is special tag. It will add hidden input tag to pass values. +; Refer to session.trans_sid_tags for usage. +; Default Value: "form=" +; Development Value: "form=" +; Production Value: "form=" +;url_rewriter.tags + +; URL rewriter will not rewrite absolute URL nor form by default. To enable +; absolute URL rewrite, allowed hosts must be defined at RUNTIME. +; Refer to session.trans_sid_hosts for more details. +; Default Value: "" +; Development Value: "" +; Production Value: "" +;url_rewriter.hosts + ; Transparent output compression using the zlib library ; Valid values for this option are 'off', 'on', or a specific buffer size ; to be used for compression (default is 4KB) @@ -267,16 +266,16 @@ output_buffering = 4096 ; performance, enable output_buffering in addition. ; Note: You need to use zlib.output_handler instead of the standard ; output_handler, or otherwise the output will be corrupted. -; http://php.net/zlib.output-compression +; https://php.net/zlib.output-compression zlib.output_compression = On -; http://php.net/zlib.output-compression-level +; https://php.net/zlib.output-compression-level ;zlib.output_compression_level = -1 ; You cannot specify additional output handlers if zlib.output_compression ; is activated here. This setting does the same as output_handler but in ; a different order. -; http://php.net/zlib.output-handler +; https://php.net/zlib.output-handler ;zlib.output_handler = ; Implicit flush tells PHP to tell the output layer to flush itself @@ -284,7 +283,7 @@ zlib.output_compression = On ; PHP function flush() after each and every call to print() or echo() and each ; and every HTML block. Turning this option on has serious performance ; implications and is generally recommended for debugging purposes only. -; http://php.net/implicit-flush +; https://php.net/implicit-flush ; Note: This directive is hardcoded to On for the CLI SAPI implicit_flush = Off @@ -296,33 +295,41 @@ implicit_flush = Off ; callback-function. unserialize_callback_func = -; When floats & doubles are serialized store serialize_precision significant +; The unserialize_max_depth specifies the default depth limit for unserialized +; structures. Setting the depth limit too high may result in stack overflows +; during unserialization. The unserialize_max_depth ini setting can be +; overridden by the max_depth option on individual unserialize() calls. +; A value of 0 disables the depth limit. +;unserialize_max_depth = 4096 + +; When floats & doubles are serialized, store serialize_precision significant ; digits after the floating point. The default value ensures that when floats ; are decoded with unserialize, the data will remain the same. -serialize_precision = 17 +; The value is also used for json_encode when encoding double values. +; If -1 is used, then dtoa mode 0 is used which automatically select the best +; precision. +serialize_precision = -1 ; open_basedir, if set, limits all file operations to the defined directory ; and below. This directive makes most sense if used in a per-directory -; or per-virtualhost web server configuration file. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. -; http://php.net/open-basedir +; or per-virtualhost web server configuration file. +; Note: disables the realpath cache +; https://php.net/open-basedir ;open_basedir = -; This directive allows you to disable certain functions for security reasons. -; It receives a comma-delimited list of function names. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. -; http://php.net/disable-functions +; This directive allows you to disable certain functions. +; It receives a comma-delimited list of function names. +; https://php.net/disable-functions disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, -; This directive allows you to disable certain classes for security reasons. -; It receives a comma-delimited list of class names. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. -; http://php.net/disable-classes +; This directive allows you to disable certain classes. +; It receives a comma-delimited list of class names. +; https://php.net/disable-classes disable_classes = ; Colors for Syntax Highlighting mode. Anything that's acceptable in ; would work. -; http://php.net/syntax-highlighting +; https://php.net/syntax-highlighting ;highlight.string = #DD0000 ;highlight.comment = #FF9900 ;highlight.keyword = #007700 @@ -333,37 +340,54 @@ disable_classes = ; the request. Consider enabling it if executing long requests, which may end up ; being interrupted by the user or a browser timing out. PHP's default behavior ; is to disable this feature. -; http://php.net/ignore-user-abort +; https://php.net/ignore-user-abort ;ignore_user_abort = On ; Determines the size of the realpath cache to be used by PHP. This value should ; be increased on systems where PHP opens many files to reflect the quantity of ; the file operations performed. -; http://php.net/realpath-cache-size -;realpath_cache_size = 16k +; Note: if open_basedir is set, the cache is disabled +; https://php.net/realpath-cache-size +;realpath_cache_size = 4096k ; Duration of time, in seconds for which to cache realpath information for a given ; file or directory. For systems with rarely changing files, consider increasing this ; value. -; http://php.net/realpath-cache-ttl +; https://php.net/realpath-cache-ttl ;realpath_cache_ttl = 120 ; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc +; https://php.net/zend.enable-gc zend.enable_gc = On ; If enabled, scripts may be written in encodings that are incompatible with ; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such ; encodings. To use this feature, mbstring extension must be enabled. -; Default: Off ;zend.multibyte = Off ; Allows to set the default encoding for the scripts. This value will be used ; unless "declare(encoding=...)" directive appears at the top of the script. ; Only affects if zend.multibyte is set. -; Default: "" ;zend.script_encoding = +; Allows to include or exclude arguments from stack traces generated for exceptions. +; In production, it is recommended to turn this setting on to prohibit the output +; of sensitive information in stack traces +; Default Value: Off +; Development Value: Off +; Production Value: On +zend.exception_ignore_args = On + +; Allows setting the maximum string length in an argument of a stringified stack trace +; to a value between 0 and 1000000. +; This has no effect when zend.exception_ignore_args is enabled. +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 +; In production, it is recommended to set this to 0 to reduce the output +; of sensitive information in stack traces. +zend.exception_string_param_max_len = 0 + ;;;;;;;;;;;;;;;;; ; Miscellaneous ; ;;;;;;;;;;;;;;;;; @@ -372,7 +396,7 @@ zend.enable_gc = On ; (e.g. by adding its signature to the Web server header). It is no security ; threat in any way, but it makes it possible to determine whether you use PHP ; on your server or not. -; http://php.net/expose-php +; https://php.net/expose-php expose_php = Off ;;;;;;;;;;;;;;;;;;; @@ -380,7 +404,7 @@ expose_php = Off ;;;;;;;;;;;;;;;;;;; ; Maximum execution time of each script, in seconds -; http://php.net/max-execution-time +; https://php.net/max-execution-time ; Note: This directive is hardcoded to 0 for the CLI SAPI max_execution_time = 300 @@ -391,18 +415,23 @@ max_execution_time = 300 ; Default Value: -1 (Unlimited) ; Development Value: 60 (60 seconds) ; Production Value: 60 (60 seconds) -; http://php.net/max-input-time +; https://php.net/max-input-time max_input_time = 60 ; Maximum input variable nesting level -; http://php.net/max-input-nesting-level +; https://php.net/max-input-nesting-level ;max_input_nesting_level = 64 ; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 +;max_input_vars = 1000 -; Maximum amount of memory a script may consume (128MB) -; http://php.net/memory-limit +; How many multipart body parts (combined input variable and file uploads) may +; be accepted. +; Default Value: -1 (Sum of max_input_vars and max_file_uploads) +;max_multipart_body_parts = 1500 + +; Maximum amount of memory a script may consume +; https://php.net/memory-limit memory_limit = 128M ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; @@ -433,7 +462,7 @@ memory_limit = 128M ; E_NOTICE - run-time notices (these are warnings which often result ; from a bug in your code, but it's possible that it was ; intentional (e.g., using an uninitialized variable and -; relying on the fact it's automatically initialized to an +; relying on the fact it is automatically initialized to an ; empty string) ; E_STRICT - run-time notices, enable to have PHP suggest changes ; to your code which will ensure the best interoperability @@ -455,10 +484,10 @@ memory_limit = 128M ; E_ALL & ~E_NOTICE (Show all errors, except for notices) ; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) ; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Default Value: E_ALL ; Development Value: E_ALL ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT -; http://php.net/error-reporting +; https://php.net/error-reporting error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT ; This directive controls whether or not and where PHP will output errors, @@ -466,8 +495,8 @@ error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT ; it could be very dangerous in production environments. Depending on the code ; which is triggering the error, sensitive information could potentially leak ; out of your application such as database usernames and passwords or worse. -; It's recommended that errors be logged on production servers rather than -; having the errors sent to STDOUT. +; For production environments, we recommend logging errors rather than +; sending them to STDOUT. ; Possible Values: ; Off = Do not display any errors ; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) @@ -475,18 +504,16 @@ error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT ; Default Value: On ; Development Value: On ; Production Value: Off -; http://php.net/display-errors +; https://php.net/display-errors display_errors = Off ; The display of errors which occur during PHP's startup sequence are handled -; separately from display_errors. PHP's default behavior is to suppress those -; errors from clients. Turning the display of startup errors on can be useful in -; debugging configuration problems. But, it's strongly recommended that you -; leave this setting off on production servers. -; Default Value: Off +; separately from display_errors. We strongly recommend you set this to 'off' +; for production servers to avoid leaking configuration details. +; Default Value: On ; Development Value: On ; Production Value: Off -; http://php.net/display-startup-errors +; https://php.net/display-startup-errors display_startup_errors = Off ; Besides displaying errors, PHP can also log errors to locations such as a @@ -496,45 +523,31 @@ display_startup_errors = Off ; Default Value: Off ; Development Value: On ; Production Value: On -; http://php.net/log-errors +; https://php.net/log-errors log_errors = On -; Set maximum length of log_errors. In error_log information about the source is -; added. The default is 1024 and 0 allows to not apply any maximum length at all. -; http://php.net/log-errors-max-len -log_errors_max_len = 1024 - ; Do not log repeated messages. Repeated errors must occur in same file on same ; line unless ignore_repeated_source is set true. -; http://php.net/ignore-repeated-errors +; https://php.net/ignore-repeated-errors ignore_repeated_errors = Off ; Ignore source of message when ignoring repeated messages. When this setting ; is On you will not log errors with repeated messages from different files or ; source lines. -; http://php.net/ignore-repeated-source +; https://php.net/ignore-repeated-source ignore_repeated_source = Off ; If this parameter is set to Off, then memory leaks will not be shown (on -; stdout or in the log). This has only effect in a debug compile, and if +; stdout or in the log). This is only effective in a debug compile, and if ; error reporting includes E_WARNING in the allowed list -; http://php.net/report-memleaks +; https://php.net/report-memleaks report_memleaks = On -; This setting is on by default. +; This setting is off by default. ;report_zend_debug = 0 -; Store the last error/warning message in $php_errormsg (boolean). Setting this value -; to On can assist in debugging and is appropriate for development servers. It should -; however be disabled on production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://php.net/track-errors -track_errors = Off - ; Turn off normal error reporting and emit XML-RPC error XML -; http://php.net/xmlrpc-errors +; https://php.net/xmlrpc-errors ;xmlrpc_errors = 0 ; An XML-RPC faultCode @@ -544,48 +557,65 @@ track_errors = Off ; error message as HTML for easier reading. This directive controls whether ; the error message is formatted as HTML or not. ; Note: This directive is hardcoded to Off for the CLI SAPI -; Default Value: On -; Development Value: On -; Production value: On -; http://php.net/html-errors -html_errors = On +; https://php.net/html-errors +;html_errors = On ; If html_errors is set to On *and* docref_root is not empty, then PHP ; produces clickable error messages that direct to a page describing the error ; or function causing the error in detail. -; You can download a copy of the PHP manual from http://php.net/docs +; You can download a copy of the PHP manual from https://php.net/docs ; and change docref_root to the base URL of your local copy including the ; leading '/'. You must also specify the file extension being used including ; the dot. PHP's default behavior is to leave these settings empty, in which ; case no links to documentation are generated. ; Note: Never use this feature for production boxes. -; http://php.net/docref-root +; https://php.net/docref-root ; Examples ;docref_root = "/phpmanual/" -; http://php.net/docref-ext +; https://php.net/docref-ext ;docref_ext = .html ; String to output before an error message. PHP's default behavior is to leave ; this setting blank. -; http://php.net/error-prepend-string +; https://php.net/error-prepend-string ; Example: ;error_prepend_string = "" ; String to output after an error message. PHP's default behavior is to leave ; this setting blank. -; http://php.net/error-append-string +; https://php.net/error-append-string ; Example: ;error_append_string = "" ; Log errors to specified file. PHP's default behavior is to leave this value ; empty. -; http://php.net/error-log +; https://php.net/error-log ; Example: ;error_log = php_errors.log -; Log errors to syslog (Event Log on NT, not valid in Windows 95). +; Log errors to syslog (Event Log on Windows). ;error_log = syslog +; The syslog ident is a string which is prepended to every message logged +; to syslog. Only used when error_log is set to syslog. +;syslog.ident = php + +; The syslog facility is used to specify what type of program is logging +; the message. Only used when error_log is set to syslog. +;syslog.facility = user + +; Set this to disable filtering control characters (the default). +; Some loggers only accept NVT-ASCII, others accept anything that's not +; control characters. If your logger accepts everything, then no filtering +; is needed at all. +; Allowed values are: +; ascii (all printable ASCII characters and NL) +; no-ctrl (all characters except control characters) +; all (all characters) +; raw (like "all", but messages are not split at newlines) +; https://php.net/syslog.filter +;syslog.filter = ascii + ;windows.show_crt_warning ; Default value: 0 ; Development value: 0 @@ -597,14 +627,14 @@ html_errors = On ; The separator used in PHP generated URLs to separate arguments. ; PHP's default setting is "&". -; http://php.net/arg-separator.output +; https://php.net/arg-separator.output ; Example: ;arg_separator.output = "&" ; List of separator(s) used by PHP to parse input URLs into variables. ; PHP's default setting is "&". ; NOTE: Every character in this directive is considered as separator! -; http://php.net/arg-separator.input +; https://php.net/arg-separator.input ; Example: ;arg_separator.input = ";&" @@ -618,20 +648,20 @@ html_errors = On ; Default Value: "EGPCS" ; Development Value: "GPCS" ; Production Value: "GPCS"; -; http://php.net/variables-order +; https://php.net/variables-order variables_order = "GPCS" -; This directive determines which super global data (G,P,C,E & S) should -; be registered into the super global array REQUEST. If so, it also determines -; the order in which that data is registered. The values for this directive are -; specified in the same manner as the variables_order directive, EXCEPT one. -; Leaving this value empty will cause PHP to use the value set in the -; variables_order directive. It does not mean it will leave the super globals -; array REQUEST empty. +; This directive determines which super global data (G,P & C) should be +; registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive +; are specified in the same manner as the variables_order directive, +; EXCEPT one. Leaving this value empty will cause PHP to use the value set +; in the variables_order directive. It does not mean it will leave the super +; globals array REQUEST empty. ; Default Value: None ; Development Value: "GP" ; Production Value: "GP" -; http://php.net/request-order +; https://php.net/request-order request_order = "GP" ; This directive determines whether PHP registers $argv & $argc each time it @@ -646,15 +676,15 @@ request_order = "GP" ; Default Value: On ; Development Value: Off ; Production Value: Off -; http://php.net/register-argc-argv +; https://php.net/register-argc-argv register_argc_argv = Off ; When enabled, the ENV, REQUEST and SERVER variables are created when they're ; first used (Just In Time) instead of when the script starts. If these ; variables are not used within a script, having this directive on will result ; in a performance gain. The PHP directive register_argc_argv must be disabled -; for this directive to have any affect. -; http://php.net/auto-globals-jit +; for this directive to have any effect. +; https://php.net/auto-globals-jit auto_globals_jit = On ; Whether PHP will read the POST data. @@ -663,40 +693,49 @@ auto_globals_jit = On ; and $_FILES to always be empty; the only way you will be able to read the ; POST data will be through the php://input stream wrapper. This can be useful ; to proxy requests or to process the POST data in a memory efficient fashion. -; http://php.net/enable-post-data-reading +; https://php.net/enable-post-data-reading ;enable_post_data_reading = Off ; Maximum size of POST data that PHP will accept. ; Its value may be 0 to disable the limit. It is ignored if POST data reading ; is disabled through enable_post_data_reading. -; http://php.net/post-max-size +; https://php.net/post-max-size post_max_size = 100M ; Automatically add files before PHP document. -; http://php.net/auto-prepend-file +; https://php.net/auto-prepend-file auto_prepend_file = ; Automatically add files after PHP document. -; http://php.net/auto-append-file +; https://php.net/auto-append-file auto_append_file = -; By default, PHP will output a character encoding using -; the Content-type: header. To disable sending of the charset, simply -; set it to be empty. +; By default, PHP will output a media type using the Content-Type header. To +; disable this, simply set it to be empty. ; -; PHP's built-in default is text/html -; http://php.net/default-mimetype +; PHP's built-in default media type is set to text/html. +; https://php.net/default-mimetype default_mimetype = "text/html" -; PHP's default character set is set to empty. -; http://php.net/default-charset -;default_charset = "UTF-8" +; PHP's default character set is set to UTF-8. +; https://php.net/default-charset +default_charset = "UTF-8" + +; PHP internal character encoding is set to empty. +; If empty, default_charset is used. +; https://php.net/internal-encoding +;internal_encoding = + +; PHP input character encoding is set to empty. +; If empty, default_charset is used. +; https://php.net/input-encoding +;input_encoding = -; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is -; to disable this feature. If post reading is disabled through -; enable_post_data_reading, $HTTP_RAW_POST_DATA is *NOT* populated. -; http://php.net/always-populate-raw-post-data -;always_populate_raw_post_data = On +; PHP output character encoding is set to empty. +; If empty, default_charset is used. +; See also output_buffer. +; https://php.net/output-encoding +;output_encoding = ;;;;;;;;;;;;;;;;;;;;;;;;; ; Paths and Directories ; @@ -709,42 +748,42 @@ default_mimetype = "text/html" ;include_path = ".;c:\php\includes" ; ; PHP's default setting for include_path is ".;/path/to/php/pear" -; http://php.net/include-path +; https://php.net/include-path ; The root of the PHP pages, used only if nonempty. ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root ; if you are running php as a CGI under any web server (other than IIS) ; see documentation for security issues. The alternate is to use the ; cgi.force_redirect configuration below -; http://php.net/doc-root +; https://php.net/doc-root doc_root = ; The directory under which PHP opens the script using /~username used only ; if nonempty. -; http://php.net/user-dir +; https://php.net/user-dir user_dir = ; Directory in which the loadable extensions (modules) reside. -; http://php.net/extension-dir -; extension_dir = "./" +; https://php.net/extension-dir +;extension_dir = "./" ; On windows: -; extension_dir = "ext" +;extension_dir = "ext" ; Directory where the temporary files should be placed. ; Defaults to the system default (see sys_get_temp_dir) -; sys_temp_dir = "/tmp" +;sys_temp_dir = "/tmp" ; Whether or not to enable the dl() function. The dl() function does NOT work ; properly in multithreaded servers, such as IIS or Zeus, and is automatically ; disabled on them. -; http://php.net/enable-dl +; https://php.net/enable-dl enable_dl = Off ; cgi.force_redirect is necessary to provide security running PHP as a CGI under ; most web servers. Left undefined, PHP turns this on by default. You can ; turn it off here AT YOUR OWN RISK ; **You CAN safely turn this off for IIS, in fact, you MUST.** -; http://php.net/cgi.force-redirect +; https://php.net/cgi.force-redirect ;cgi.force_redirect = 1 ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with @@ -755,7 +794,7 @@ enable_dl = Off ; (iPlanet) web servers, you MAY need to set an environment variable name that PHP ; will look for to know it is OK to continue execution. Setting this variable MAY ; cause security issues, KNOW WHAT YOU ARE DOING FIRST. -; http://php.net/cgi.redirect-status-env +; https://php.net/cgi.redirect-status-env ;cgi.redirect_status_env = ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's @@ -764,15 +803,19 @@ enable_dl = Off ; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting ; of zero causes PHP to behave as before. Default is 1. You should fix your scripts ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. -; http://php.net/cgi.fix-pathinfo +; https://php.net/cgi.fix-pathinfo ;cgi.fix_pathinfo=1 -; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate +; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +; of the web tree and people will not be able to circumvent .htaccess security. +;cgi.discard_path=1 + +; FastCGI under IIS supports the ability to impersonate ; security tokens of the calling client. This allows IIS to define the ; security context that the request runs under. mod_fastcgi under Apache ; does not currently support this feature (03/17/2002) ; Set to 1 if running under IIS. Default is zero. -; http://php.net/fastcgi.impersonate +; https://php.net/fastcgi.impersonate ;fastcgi.impersonate = 1 ; Disable logging through FastCGI connection. PHP's default behavior is to enable @@ -780,28 +823,35 @@ enable_dl = Off ;fastcgi.logging = 0 ; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If it's set 0 PHP sends Status: header that -; is supported by Apache. When this option is set to 1 PHP will send +; use when sending HTTP response code. If set to 0, PHP sends Status: header that +; is supported by Apache. When this option is set to 1, PHP will send ; RFC2616 compliant header. ; Default is zero. -; http://php.net/cgi.rfc2616-headers +; https://php.net/cgi.rfc2616-headers ;cgi.rfc2616_headers = 0 +; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +; (shebang) at the top of the running script. This line might be needed if the +; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +; mode skips this line and ignores its content if this directive is turned on. +; https://php.net/cgi.check-shebang-line +;cgi.check_shebang_line=1 + ;;;;;;;;;;;;;;;; ; File Uploads ; ;;;;;;;;;;;;;;;; ; Whether to allow HTTP file uploads. -; http://php.net/file-uploads +; https://php.net/file-uploads file_uploads = On ; Temporary directory for HTTP uploaded files (will use system default if not ; specified). -; http://php.net/upload-tmp-dir -upload_tmp_dir = /tmp/ +; https://php.net/upload-tmp-dir +;upload_tmp_dir = ; Maximum allowed size for uploaded files. -; http://php.net/upload-max-filesize +; https://php.net/upload-max-filesize upload_max_filesize = 100M ; Maximum number of files that can be uploaded via a single request @@ -812,24 +862,24 @@ max_file_uploads = 20 ;;;;;;;;;;;;;;;;;; ; Whether to allow the treatment of URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-fopen +; https://php.net/allow-url-fopen allow_url_fopen = On -; Whether to allow include/require to open URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-include +; Whether to allow include/require to open URLs (like https:// or ftp://) as files. +; https://php.net/allow-url-include allow_url_include = Off ; Define the anonymous ftp password (your email address). PHP's default setting ; for this is empty. -; http://php.net/from +; https://php.net/from ;from="john@doe.com" ; Define the User-Agent string. PHP's default setting for this is empty. -; http://php.net/user-agent +; https://php.net/user-agent ;user_agent="PHP" ; Default timeout for socket based streams (seconds) -; http://php.net/default-socket-timeout +; https://php.net/default-socket-timeout default_socket_timeout = 60 ; If your scripts have to deal with files from Macintosh systems, @@ -837,7 +887,7 @@ default_socket_timeout = 60 ; unix or win32 systems, setting this flag will cause PHP to ; automatically detect the EOL character in those files so that ; fgets() and file() will work regardless of the source of the file. -; http://php.net/auto-detect-line-endings +; https://php.net/auto-detect-line-endings ;auto_detect_line_endings = Off ;;;;;;;;;;;;;;;;;;;;;; @@ -847,23 +897,72 @@ default_socket_timeout = 60 ; If you wish to have an extension loaded automatically, use the following ; syntax: ; -; extension=modulename.extension +; extension=modulename ; -; For example, on Windows: +; For example: ; -; extension=msql.dll +; extension=mysqli ; -; ... or under UNIX: +; When the extension library to load is not located in the default extension +; directory, You may specify an absolute path to the library file: ; -; extension=msql.so +; extension=/path/to/extension/mysqli.so ; -; ... or with a path: +; Note : The syntax used in previous PHP versions ('extension=.so' and +; 'extension='php_.dll') is supported for legacy reasons and may be +; deprecated in a future PHP major version. So, when it is possible, please +; move to the new ('extension=) syntax. ; -; extension=/path/to/extension/msql.so +; Notes for Windows environments : ; -; If you only provide the name of the extension, PHP will look for it in its -; default extension directory. +; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+) +; extension folders as well as the separate PECL DLL download (PHP 5+). +; Be sure to appropriately set the extension_dir directive. ; +;extension=bz2 + +; The ldap extension must be before curl if OpenSSL 1.0.2 and OpenLDAP is used +; otherwise it results in segfault when unloading after using SASL. +; See https://github.com/php/php-src/issues/8620 for more info. +;extension=ldap + +;extension=curl +;extension=ffi +;extension=ftp +;extension=fileinfo +;extension=gd +;extension=gettext +;extension=gmp +;extension=intl +;extension=imap +;extension=mbstring +;extension=exif ; Must be after mbstring as it depends on it +;extension=mysqli +;extension=oci8_12c ; Use with Oracle Database 12c Instant Client +;extension=oci8_19 ; Use with Oracle Database 19 Instant Client +;extension=odbc +;extension=openssl +;extension=pdo_firebird +;extension=pdo_mysql +;extension=pdo_oci +;extension=pdo_odbc +;extension=pdo_pgsql +;extension=pdo_sqlite +;extension=pgsql +;extension=shmop + +; The MIBS data available in the PHP distribution must be installed. +; See https://www.php.net/manual/en/snmp.installation.php +;extension=snmp + +;extension=soap +;extension=sockets +;extension=sodium +;extension=sqlite3 +;extension=tidy +;extension=xsl + +;zend_extension=opcache ;;;;;;;;;;;;;;;;;;; ; Module Settings ; @@ -875,32 +974,52 @@ cli_server.color = On [Date] ; Defines the default timezone used by the date functions -; http://php.net/date.timezone +; https://php.net/date.timezone ;date.timezone = -; http://php.net/date.default-latitude +; https://php.net/date.default-latitude ;date.default_latitude = 31.7667 -; http://php.net/date.default-longitude +; https://php.net/date.default-longitude ;date.default_longitude = 35.2333 -; http://php.net/date.sunrise-zenith -;date.sunrise_zenith = 90.583333 +; https://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.833333 -; http://php.net/date.sunset-zenith -;date.sunset_zenith = 90.583333 +; https://php.net/date.sunset-zenith +;date.sunset_zenith = 90.833333 [filter] -; http://php.net/filter.default +; https://php.net/filter.default ;filter.default = unsafe_raw -; http://php.net/filter.default-flags +; https://php.net/filter.default-flags ;filter.default_flags = [iconv] -;iconv.input_encoding = ISO-8859-1 -;iconv.internal_encoding = ISO-8859-1 -;iconv.output_encoding = ISO-8859-1 +; Use of this INI entry is deprecated, use global input_encoding instead. +; If empty, default_charset or input_encoding or iconv.input_encoding is used. +; The precedence is: default_charset < input_encoding < iconv.input_encoding +;iconv.input_encoding = + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;iconv.internal_encoding = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; If empty, default_charset or output_encoding or iconv.output_encoding is used. +; The precedence is: default_charset < output_encoding < iconv.output_encoding +; To use an output encoding conversion, iconv's output handler must be set +; otherwise output encoding conversion cannot be performed. +;iconv.output_encoding = + +[imap] +; rsh/ssh logins are disabled by default. Use this INI entry if you want to +; enable them. Note that the IMAP library does not filter mailbox names before +; passing them to rsh/ssh command, thus passing untrusted data to this function +; with rsh/ssh enabled is insecure. +;imap.enable_insecure_rsh=0 [intl] ;intl.default_locale = @@ -908,70 +1027,75 @@ cli_server.color = On ; happens within intl functions. The value is the level of the error produced. ; Default is 0, which does not produce any errors. ;intl.error_level = E_WARNING - -[sqlite] -; http://php.net/sqlite.assoc-case -;sqlite.assoc_case = 0 +;intl.use_exceptions = 0 [sqlite3] +; Directory pointing to SQLite3 extensions +; https://php.net/sqlite3.extension-dir ;sqlite3.extension_dir = +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +;sqlite3.defensive = 1 + [Pcre] -;PCRE library backtracking limit. -; http://php.net/pcre.backtrack-limit +; PCRE library backtracking limit. +; https://php.net/pcre.backtrack-limit ;pcre.backtrack_limit=100000 -;PCRE library recursion limit. -;Please note that if you set this value to a high number you may consume all -;the available process stack and eventually crash PHP (due to reaching the -;stack size limit imposed by the Operating System). -; http://php.net/pcre.recursion-limit +; PCRE library recursion limit. +; Please note that if you set this value to a high number you may consume all +; the available process stack and eventually crash PHP (due to reaching the +; stack size limit imposed by the Operating System). +; https://php.net/pcre.recursion-limit ;pcre.recursion_limit=100000 +; Enables or disables JIT compilation of patterns. This requires the PCRE +; library to be compiled with JIT support. +;pcre.jit=1 + [Pdo] ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" -; http://php.net/pdo-odbc.connection-pooling +; https://php.net/pdo-odbc.connection-pooling ;pdo_odbc.connection_pooling=strict -;pdo_odbc.db2_instance_name - [Pdo_mysql] -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/pdo_mysql.cache_size -pdo_mysql.cache_size = 2000 - ; Default socket name for local MySQL connects. If empty, uses the built-in ; MySQL defaults. -; http://php.net/pdo_mysql.default-socket pdo_mysql.default_socket= [Phar] -; http://php.net/phar.readonly +; https://php.net/phar.readonly ;phar.readonly = On -; http://php.net/phar.require-hash +; https://php.net/phar.require-hash ;phar.require_hash = On ;phar.cache_list = [mail function] ; For Win32 only. -; http://php.net/smtp +; https://php.net/smtp SMTP = localhost -; http://php.net/smtp-port +; https://php.net/smtp-port smtp_port = 25 ; For Win32 only. -; http://php.net/sendmail-from +; https://php.net/sendmail-from ;sendmail_from = me@example.com ; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -; http://php.net/sendmail-path +; https://php.net/sendmail-path ;sendmail_path = ; Force the addition of the specified parameters to be passed as extra parameters ; to the sendmail binary. These parameters will always replace the value of -; the 5th parameter to mail(), even in safe mode. +; the 5th parameter to mail(). ;mail.force_extra_parameters = ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename @@ -980,21 +1104,17 @@ mail.add_x_header = On ; The path to a log file that will log all mail() calls. Log entries include ; the full path of the script, line number, To address and headers. ;mail.log = -; Log mail to syslog (Event Log on NT, not valid in Windows 95). +; Log mail to syslog (Event Log on Windows). ;mail.log = syslog -[SQL] -; http://php.net/sql.safe-mode -sql.safe_mode = Off - [ODBC] -; http://php.net/odbc.default-db +; https://php.net/odbc.default-db ;odbc.default_db = Not yet implemented -; http://php.net/odbc.default-user +; https://php.net/odbc.default-user ;odbc.default_user = Not yet implemented -; http://php.net/odbc.default-pw +; https://php.net/odbc.default-pw ;odbc.default_pw = Not yet implemented ; Controls the ODBC cursor model. @@ -1002,163 +1122,72 @@ sql.safe_mode = Off ;odbc.default_cursortype ; Allow or prevent persistent links. -; http://php.net/odbc.allow-persistent +; https://php.net/odbc.allow-persistent odbc.allow_persistent = On ; Check that a connection is still valid before reuse. -; http://php.net/odbc.check-persistent +; https://php.net/odbc.check-persistent odbc.check_persistent = On ; Maximum number of persistent links. -1 means no limit. -; http://php.net/odbc.max-persistent +; https://php.net/odbc.max-persistent odbc.max_persistent = -1 ; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/odbc.max-links +; https://php.net/odbc.max-links odbc.max_links = -1 ; Handling of LONG fields. Returns number of bytes to variables. 0 means ; passthru. -; http://php.net/odbc.defaultlrl +; https://php.net/odbc.defaultlrl odbc.defaultlrl = 4096 ; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. ; See the documentation on odbc_binmode and odbc_longreadlen for an explanation ; of odbc.defaultlrl and odbc.defaultbinmode -; http://php.net/odbc.defaultbinmode +; https://php.net/odbc.defaultbinmode odbc.defaultbinmode = 1 -;birdstep.max_links = -1 - -[Interbase] -; Allow or prevent persistent links. -ibase.allow_persistent = 1 - -; Maximum number of persistent links. -1 means no limit. -ibase.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -ibase.max_links = -1 - -; Default database name for ibase_connect(). -;ibase.default_db = - -; Default username for ibase_connect(). -;ibase.default_user = - -; Default password for ibase_connect(). -;ibase.default_password = - -; Default charset for ibase_connect(). -;ibase.default_charset = - -; Default timestamp format. -ibase.timestampformat = "%Y-%m-%d %H:%M:%S" - -; Default date format. -ibase.dateformat = "%Y-%m-%d" - -; Default time format. -ibase.timeformat = "%H:%M:%S" - -[MySQL] -; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysql.allow_local_infile -mysql.allow_local_infile = On - -; Allow or prevent persistent links. -; http://php.net/mysql.allow-persistent -mysql.allow_persistent = On - -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/mysql.cache_size -mysql.cache_size = 2000 - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysql.max-persistent -mysql.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/mysql.max-links -mysql.max_links = -1 - -; Default port number for mysql_connect(). If unset, mysql_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -; http://php.net/mysql.default-port -mysql.default_port = - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/mysql.default-socket -mysql.default_socket = - -; Default host for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysql.default-host -mysql.default_host = - -; Default user for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysql.default-user -mysql.default_user = - -; Default password for mysql_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -; http://php.net/mysql.default-password -mysql.default_password = - -; Maximum time (in seconds) for connect timeout. -1 means no limit -; http://php.net/mysql.connect-timeout -mysql.connect_timeout = 60 - -; Trace mode. When trace_mode is active (=On), warnings for table/index scans and -; SQL-Errors will be displayed. -; http://php.net/mysql.trace-mode -mysql.trace_mode = Off - [MySQLi] ; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysqli.max-persistent +; https://php.net/mysqli.max-persistent mysqli.max_persistent = -1 ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysqli.allow_local_infile +; https://php.net/mysqli.allow_local_infile ;mysqli.allow_local_infile = On +; It allows the user to specify a folder where files that can be sent via LOAD DATA +; LOCAL can exist. It is ignored if mysqli.allow_local_infile is enabled. +;mysqli.local_infile_directory = + ; Allow or prevent persistent links. -; http://php.net/mysqli.allow-persistent +; https://php.net/mysqli.allow-persistent mysqli.allow_persistent = On ; Maximum number of links. -1 means no limit. -; http://php.net/mysqli.max-links +; https://php.net/mysqli.max-links mysqli.max_links = -1 -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/mysqli.cache_size -mysqli.cache_size = 2000 - ; Default port number for mysqli_connect(). If unset, mysqli_connect() will use ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look ; at MYSQL_PORT. -; http://php.net/mysqli.default-port +; https://php.net/mysqli.default-port mysqli.default_port = 3306 ; Default socket name for local MySQL connects. If empty, uses the built-in ; MySQL defaults. -; http://php.net/mysqli.default-socket +; https://php.net/mysqli.default-socket mysqli.default_socket = -; Default host for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-host +; Default host for mysqli_connect() (doesn't apply in safe mode). +; https://php.net/mysqli.default-host mysqli.default_host = -; Default user for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-user +; Default user for mysqli_connect() (doesn't apply in safe mode). +; https://php.net/mysqli.default-user mysqli.default_user = ; Default password for mysqli_connect() (doesn't apply in safe mode). @@ -1166,55 +1195,74 @@ mysqli.default_user = ; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") ; and reveal this password! And of course, any users with read access to this ; file will be able to reveal the password as well. -; http://php.net/mysqli.default-pw +; https://php.net/mysqli.default-pw mysqli.default_pw = ; Allow or prevent reconnect mysqli.reconnect = Off +; If this option is enabled, closing a persistent connection will rollback +; any pending transactions of this connection, before it is put back +; into the persistent connection pool. +;mysqli.rollback_on_cached_plink = Off + [mysqlnd] ; Enable / Disable collection of general statistics by mysqlnd which can be ; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_statistics mysqlnd.collect_statistics = On ; Enable / Disable collection of memory usage statistics by mysqlnd which can be ; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_memory_statistics mysqlnd.collect_memory_statistics = Off +; Records communication from all extensions using mysqlnd to the specified log +; file. +; https://php.net/mysqlnd.debug +;mysqlnd.debug = + +; Defines which queries will be logged. +;mysqlnd.log_mask = 0 + +; Default size of the mysqlnd memory pool, which is used by result sets. +;mysqlnd.mempool_default_size = 16000 + ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. -; http://php.net/mysqlnd.net_cmd_buffer_size ;mysqlnd.net_cmd_buffer_size = 2048 ; Size of a pre-allocated buffer used for reading data sent by the server in ; bytes. -; http://php.net/mysqlnd.net_read_buffer_size ;mysqlnd.net_read_buffer_size = 32768 +; Timeout for network requests in seconds. +;mysqlnd.net_read_timeout = 31536000 + +; SHA-256 Authentication Plugin related. File with the MySQL server public RSA +; key. +;mysqlnd.sha256_server_public_key = + [OCI8] ; Connection: Enables privileged connections using external ; credentials (OCI_SYSOPER, OCI_SYSDBA) -; http://php.net/oci8.privileged-connect +; https://php.net/oci8.privileged-connect ;oci8.privileged_connect = Off ; Connection: The maximum number of persistent OCI8 connections per ; process. Using -1 means no limit. -; http://php.net/oci8.max-persistent +; https://php.net/oci8.max-persistent ;oci8.max_persistent = -1 ; Connection: The maximum number of seconds a process is allowed to ; maintain an idle persistent connection. Using -1 means idle ; persistent connections will be maintained forever. -; http://php.net/oci8.persistent-timeout +; https://php.net/oci8.persistent-timeout ;oci8.persistent_timeout = -1 ; Connection: The number of seconds that must pass before issuing a ; ping during oci_pconnect() to check the connection validity. When ; set to 0, each oci_pconnect() will cause a ping. Using -1 disables ; pings completely. -; http://php.net/oci8.ping-interval +; https://php.net/oci8.ping-interval ;oci8.ping_interval = 60 ; Connection: Set this to a user chosen connection class to be used @@ -1232,98 +1280,59 @@ mysqlnd.collect_memory_statistics = Off ; Tuning: This option enables statement caching, and specifies how ; many statements to cache. Using 0 disables statement caching. -; http://php.net/oci8.statement-cache-size +; https://php.net/oci8.statement-cache-size ;oci8.statement_cache_size = 20 ; Tuning: Enables statement prefetching and sets the default number of ; rows that will be fetched automatically after statement execution. -; http://php.net/oci8.default-prefetch +; https://php.net/oci8.default-prefetch ;oci8.default_prefetch = 100 ; Compatibility. Using On means oci_close() will not close ; oci_connect() and oci_new_connect() connections. -; http://php.net/oci8.old-oci-close-semantics +; https://php.net/oci8.old-oci-close-semantics ;oci8.old_oci_close_semantics = Off [PostgreSQL] ; Allow or prevent persistent links. -; http://php.net/pgsql.allow-persistent +; https://php.net/pgsql.allow-persistent pgsql.allow_persistent = On ; Detect broken persistent links always with pg_pconnect(). ; Auto reset feature requires a little overheads. -; http://php.net/pgsql.auto-reset-persistent +; https://php.net/pgsql.auto-reset-persistent pgsql.auto_reset_persistent = Off ; Maximum number of persistent links. -1 means no limit. -; http://php.net/pgsql.max-persistent +; https://php.net/pgsql.max-persistent pgsql.max_persistent = -1 ; Maximum number of links (persistent+non persistent). -1 means no limit. -; http://php.net/pgsql.max-links +; https://php.net/pgsql.max-links pgsql.max_links = -1 ; Ignore PostgreSQL backends Notice message or not. ; Notice message logging require a little overheads. -; http://php.net/pgsql.ignore-notice +; https://php.net/pgsql.ignore-notice pgsql.ignore_notice = 0 ; Log PostgreSQL backends Notice message or not. ; Unless pgsql.ignore_notice=0, module cannot log notice message. -; http://php.net/pgsql.log-notice +; https://php.net/pgsql.log-notice pgsql.log_notice = 0 -[Sybase-CT] -; Allow or prevent persistent links. -; http://php.net/sybct.allow-persistent -sybct.allow_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/sybct.max-persistent -sybct.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/sybct.max-links -sybct.max_links = -1 - -; Minimum server message severity to display. -; http://php.net/sybct.min-server-severity -sybct.min_server_severity = 10 - -; Minimum client message severity to display. -; http://php.net/sybct.min-client-severity -sybct.min_client_severity = 10 - -; Set per-context timeout -; http://php.net/sybct.timeout -;sybct.timeout= - -;sybct.packet_size - -; The maximum time in seconds to wait for a connection attempt to succeed before returning failure. -; Default: one minute -;sybct.login_timeout= - -; The name of the host you claim to be connecting from, for display by sp_who. -; Default: none -;sybct.hostname= - -; Allows you to define how often deadlocks are to be retried. -1 means "forever". -; Default: 0 -;sybct.deadlock_retry_count= - [bcmath] ; Number of decimal digits for all bcmath functions. -; http://php.net/bcmath.scale +; https://php.net/bcmath.scale bcmath.scale = 0 [browscap] -; http://php.net/browscap +; https://php.net/browscap ;browscap = extra/browscap.ini [Session] ; Handler used to store/retrieve data. -; http://php.net/session.save-handler +; https://php.net/session.save-handler session.save_handler = files ; Argument passed to save_handler. In the case of files, this is the path @@ -1336,9 +1345,9 @@ session.save_handler = files ; ; where N is an integer. Instead of storing all the session files in ; /path, what this will do is use subdirectories N-levels deep, and -; store the session data in those directories. This is useful if you -; or your OS have problems with lots of files in one directory, and is -; a more efficient layout for servers that handle lots of sessions. +; store the session data in those directories. This is useful if +; your OS has problems with many files in one directory, and is +; a more efficient layout for servers that handle many sessions. ; ; NOTE 1: PHP will not create this directory structure automatically. ; You can use the script in the ext/session dir for that purpose. @@ -1352,153 +1361,116 @@ session.save_handler = files ; ; where MODE is the octal representation of the mode. Note that this ; does not overwrite the process's umask. -; http://php.net/session.save-path -;session.save_path = "/var/lib/php5" +; https://php.net/session.save-path +;session.save_path = "/tmp" ; Whether to use strict session mode. -; Strict session mode does not accept uninitialized session ID and regenerate -; session ID if browser sends uninitialized session ID. Strict mode protects -; applications from session fixation via session adoption vulnerability. It is -; disabled by default for maximum compatibility, but enabling it is encouraged. +; Strict session mode does not accept an uninitialized session ID, and +; regenerates the session ID if the browser sends an uninitialized session ID. +; Strict mode protects applications from session fixation via a session adoption +; vulnerability. It is disabled by default for maximum compatibility, but +; enabling it is encouraged. ; https://wiki.php.net/rfc/strict_sessions session.use_strict_mode = 0 ; Whether to use cookies. -; http://php.net/session.use-cookies +; https://php.net/session.use-cookies session.use_cookies = 1 -; http://php.net/session.cookie-secure +; https://php.net/session.cookie-secure ;session.cookie_secure = ; This option forces PHP to fetch and use a cookie for storing and maintaining ; the session id. We encourage this operation as it's very helpful in combating ; session hijacking when not specifying and managing your own session id. It is -; not the end all be all of session hijacking defense, but it's a good start. -; http://php.net/session.use-only-cookies +; not the be-all and end-all of session hijacking defense, but it's a good start. +; https://php.net/session.use-only-cookies session.use_only_cookies = 1 ; Name of the session (used as cookie name). -; http://php.net/session.name +; https://php.net/session.name session.name = PHPSESSID ; Initialize session on request startup. -; http://php.net/session.auto-start +; https://php.net/session.auto-start session.auto_start = 0 ; Lifetime in seconds of cookie or, if 0, until browser is restarted. -; http://php.net/session.cookie-lifetime +; https://php.net/session.cookie-lifetime session.cookie_lifetime = 0 ; The path for which the cookie is valid. -; http://php.net/session.cookie-path +; https://php.net/session.cookie-path session.cookie_path = / ; The domain for which the cookie is valid. -; http://php.net/session.cookie-domain +; https://php.net/session.cookie-domain session.cookie_domain = -; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. -; http://php.net/session.cookie-httponly +; Whether or not to add the httpOnly flag to the cookie, which makes it +; inaccessible to browser scripting languages such as JavaScript. +; https://php.net/session.cookie-httponly session.cookie_httponly = -; Handler used to serialize data. php is the standard serializer of PHP. -; http://php.net/session.serialize-handler +; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) +; Current valid values are "Strict", "Lax" or "None". When using "None", +; make sure to include the quotes, as `none` is interpreted like `false` in ini files. +; https://tools.ietf.org/html/draft-west-first-party-cookies-07 +session.cookie_samesite = + +; Handler used to serialize data. php is the standard serializer of PHP. +; https://php.net/session.serialize-handler session.serialize_handler = php -; Defines the probability that the 'garbage collection' process is started -; on every session initialization. The probability is calculated by using -; gc_probability/gc_divisor. Where session.gc_probability is the numerator -; and gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. ; Default Value: 1 ; Development Value: 1 ; Production Value: 1 -; http://php.net/session.gc-probability -session.gc_probability = 0 +; https://php.net/session.gc-probability +session.gc_probability = 1 ; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using the following equation: -; gc_probability/gc_divisor. Where session.gc_probability is the numerator and -; session.gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. Increasing this value to 1000 will give you -; a 0.1% chance the gc will run on any give request. For high volume production servers, -; this is a more efficient approach. +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; For high volume production servers, using a value of 1000 is a more efficient approach. ; Default Value: 100 ; Development Value: 1000 ; Production Value: 1000 -; http://php.net/session.gc-divisor +; https://php.net/session.gc-divisor session.gc_divisor = 1000 ; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. -; http://php.net/session.gc-maxlifetime +; https://php.net/session.gc-maxlifetime session.gc_maxlifetime = 1440 ; NOTE: If you are using the subdirectory option for storing session files ; (see session.save_path above), then garbage collection does *not* ; happen automatically. You will need to do your own garbage ; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; For example, the following script is the equivalent of setting +; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): ; find /path/to/sessions -cmin +24 -type f | xargs rm -; PHP 4.2 and less have an undocumented feature/bug that allows you to -; to initialize a session variable in the global scope. -; PHP 4.3 and later will warn you, if this feature is used. -; You can disable the feature and the warning separately. At this time, -; the warning is only displayed, if bug_compat_42 is enabled. This feature -; introduces some serious security problems if not handled correctly. It's -; recommended that you do not use this feature on production servers. But you -; should enable this on development servers and enable the warning as well. If you -; do not enable the feature on development servers, you won't be warned when it's -; used and debugging errors caused by this can be difficult to track down. -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/session.bug-compat-42 -session.bug_compat_42 = Off - -; This setting controls whether or not you are warned by PHP when initializing a -; session value into the global space. session.bug_compat_42 must be enabled before -; these warnings can be issued by PHP. See the directive above for more information. -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/session.bug-compat-warn -session.bug_compat_warn = Off - ; Check HTTP Referer to invalidate externally stored URLs containing ids. ; HTTP_REFERER has to contain this substring for the session to be ; considered as valid. -; http://php.net/session.referer-check +; https://php.net/session.referer-check session.referer_check = -; How many bytes to read from the file. -; http://php.net/session.entropy-length -;session.entropy_length = 32 - -; Specified here to create the session id. -; http://php.net/session.entropy-file -; Defaults to /dev/urandom -; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom -; If neither are found at compile time, the default is no entropy file. -; On windows, setting the entropy_length setting will activate the -; Windows random source (using the CryptoAPI) -;session.entropy_file = /dev/urandom - ; Set to {nocache,private,public,} to determine HTTP caching aspects ; or leave this empty to avoid sending anti-caching headers. -; http://php.net/session.cache-limiter +; https://php.net/session.cache-limiter session.cache_limiter = nocache ; Document expires after n minutes. -; http://php.net/session.cache-expire +; https://php.net/session.cache-expire session.cache_expire = 180 ; trans sid support is disabled by default. -; Use of trans sid may risk your users security. +; Use of trans sid may risk your users' security. ; Use this option with caution. ; - User may send URL contains active session ID ; to other person via. email/irc/etc. @@ -1506,18 +1478,42 @@ session.cache_expire = 180 ; in publicly accessible computer. ; - User may access your site with the same session ID ; always using URL stored in browser's history or bookmarks. -; http://php.net/session.use-trans-sid +; https://php.net/session.use-trans-sid session.use_trans_sid = 0 -; Select a hash function for use in generating session ids. -; Possible Values -; 0 (MD5 128 bits) -; 1 (SHA-1 160 bits) -; This option may also be set to the name of any hash function supported by -; the hash extension. A list of available hashes is returned by the hash_algos() -; function. -; http://php.net/session.hash-function -session.hash_function = 0 +; Set session ID character length. This value could be between 22 to 256. +; Shorter length than default is supported only for compatibility reason. +; Users should use 32 or more chars. +; https://php.net/session.sid-length +; Default Value: 32 +; Development Value: 26 +; Production Value: 26 +session.sid_length = 26 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +;
is special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. tag's action attribute URL will not be modified +; unless it is specified. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=" +; Development Value: "a=href,area=href,frame=src,form=" +; Production Value: "a=href,area=href,frame=src,form=" +; https://php.net/url-rewriter.tags +session.trans_sid_tags = "a=href,area=href,frame=src,form=" + +; URL rewriter does not rewrite absolute URLs by default. +; To enable rewrites for absolute paths, target hosts must be specified +; at RUNTIME. i.e. use ini_set() +; tags is special. PHP will check action attribute's URL regardless +; of session.trans_sid_tags setting. +; If no host is defined, HTTP_HOST will be used for allowed host. +; Example value: php.net,www.php.net,wiki.php.net +; Use "," for multiple hosts. No spaces are allowed. +; Default Value: "" +; Development Value: "" +; Production Value: "" +;session.trans_sid_hosts="" ; Define how many bits are stored in each character when converting ; the binary hash data to something readable. @@ -1528,25 +1524,14 @@ session.hash_function = 0 ; Default Value: 4 ; Development Value: 5 ; Production Value: 5 -; http://php.net/session.hash-bits-per-character -session.hash_bits_per_character = 5 - -; The URL rewriter will look for URLs in a defined set of HTML tags. -; form/fieldset are special; if you include them here, the rewriter will -; add a hidden field with the info which is otherwise appended -; to URLs. If you want XHTML conformity, remove the form entry. -; Note that all valid entries require a "=", even if no value follows. -; Default Value: "a=href,area=href,frame=src,form=,fieldset=" -; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" -; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" -; http://php.net/url-rewriter.tags -url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" +; https://php.net/session.hash-bits-per-character +session.sid_bits_per_character = 5 ; Enable upload progress tracking in $_SESSION ; Default Value: On ; Development Value: On ; Production Value: On -; http://php.net/session.upload-progress.enabled +; https://php.net/session.upload-progress.enabled ;session.upload_progress.enabled = On ; Cleanup the progress information as soon as all POST data has been read @@ -1554,14 +1539,14 @@ url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" ; Default Value: On ; Development Value: On ; Production Value: On -; http://php.net/session.upload-progress.cleanup +; https://php.net/session.upload-progress.cleanup ;session.upload_progress.cleanup = On ; A prefix used for the upload progress key in $_SESSION ; Default Value: "upload_progress_" ; Development Value: "upload_progress_" ; Production Value: "upload_progress_" -; http://php.net/session.upload-progress.prefix +; https://php.net/session.upload-progress.prefix ;session.upload_progress.prefix = "upload_progress_" ; The index name (concatenated with the prefix) in $_SESSION @@ -1569,7 +1554,7 @@ url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" ; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" ; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" ; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" -; http://php.net/session.upload-progress.name +; https://php.net/session.upload-progress.name ;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" ; How frequently the upload progress should be updated. @@ -1577,178 +1562,152 @@ url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" ; Default Value: "1%" ; Development Value: "1%" ; Production Value: "1%" -; http://php.net/session.upload-progress.freq +; https://php.net/session.upload-progress.freq ;session.upload_progress.freq = "1%" ; The minimum delay between updates, in seconds ; Default Value: 1 ; Development Value: 1 ; Production Value: 1 -; http://php.net/session.upload-progress.min-freq +; https://php.net/session.upload-progress.min-freq ;session.upload_progress.min_freq = "1" -[MSSQL] -; Allow or prevent persistent links. -mssql.allow_persistent = On - -; Maximum number of persistent links. -1 means no limit. -mssql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -mssql.max_links = -1 - -; Minimum error severity to display. -mssql.min_error_severity = 10 - -; Minimum message severity to display. -mssql.min_message_severity = 10 - -; Compatibility mode with old versions of PHP 3.0. -mssql.compatibility_mode = Off - -; Connect timeout -;mssql.connect_timeout = 5 - -; Query timeout -;mssql.timeout = 60 - -; Valid range 0 - 2147483647. Default = 4096. -;mssql.textlimit = 4096 - -; Valid range 0 - 2147483647. Default = 4096. -;mssql.textsize = 4096 - -; Limits the number of records in each batch. 0 = all records in one batch. -;mssql.batchsize = 0 - -; Specify how datetime and datetim4 columns are returned -; On => Returns data converted to SQL server settings -; Off => Returns values as YYYY-MM-DD hh:mm:ss -;mssql.datetimeconvert = On - -; Use NT authentication when connecting to the server -mssql.secure_connection = Off - -; Specify max number of processes. -1 = library default -; msdlib defaults to 25 -; FreeTDS defaults to 4096 -;mssql.max_procs = -1 - -; Specify client character set. -; If empty or not set the client charset from freetds.conf is used -; This is only used when compiled with FreeTDS -;mssql.charset = "ISO-8859-1" +; Only write session data when session data is changed. Enabled by default. +; https://php.net/session.lazy-write +;session.lazy_write = On [Assertion] +; Switch whether to compile assertions at all (to have no overhead at run-time) +; -1: Do not compile at all +; 0: Jump over assertion at run-time +; 1: Execute assertions +; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) +; Default Value: 1 +; Development Value: 1 +; Production Value: -1 +; https://php.net/zend.assertions +zend.assertions = -1 + ; Assert(expr); active by default. -; http://php.net/assert.active +; https://php.net/assert.active ;assert.active = On -; Issue a PHP warning for each failed assertion. -; http://php.net/assert.warning +; Throw an AssertionError on failed assertions +; https://php.net/assert.exception +;assert.exception = On + +; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) +; https://php.net/assert.warning ;assert.warning = On ; Don't bail out by default. -; http://php.net/assert.bail +; https://php.net/assert.bail ;assert.bail = Off ; User-function to be called if an assertion fails. -; http://php.net/assert.callback +; https://php.net/assert.callback ;assert.callback = 0 -; Eval the expression with current error_reporting(). Set to true if you want -; error_reporting(0) around the eval(). -; http://php.net/assert.quiet-eval -;assert.quiet_eval = 0 - [COM] ; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs -; http://php.net/com.typelib-file +; https://php.net/com.typelib-file ;com.typelib_file = ; allow Distributed-COM calls -; http://php.net/com.allow-dcom +; https://php.net/com.allow-dcom ;com.allow_dcom = true -; autoregister constants of a components typlib on com_load() -; http://php.net/com.autoregister-typelib +; autoregister constants of a component's typelib on com_load() +; https://php.net/com.autoregister-typelib ;com.autoregister_typelib = true ; register constants casesensitive -; http://php.net/com.autoregister-casesensitive +; https://php.net/com.autoregister-casesensitive ;com.autoregister_casesensitive = false ; show warnings on duplicate constant registrations -; http://php.net/com.autoregister-verbose +; https://php.net/com.autoregister-verbose ;com.autoregister_verbose = true ; The default character set code-page to use when passing strings to and from COM objects. ; Default: system ANSI code page ;com.code_page= +; The version of the .NET framework to use. The value of the setting are the first three parts +; of the framework's version number, separated by dots, and prefixed with "v", e.g. "v4.0.30319". +;com.dotnet_version= + [mbstring] ; language for internal character representation. -; http://php.net/mbstring.language +; This affects mb_send_mail() and mbstring.detect_order. +; https://php.net/mbstring.language ;mbstring.language = Japanese +; Use of this INI entry is deprecated, use global internal_encoding instead. ; internal/script encoding. -; Some encoding cannot work as internal encoding. -; (e.g. SJIS, BIG5, ISO-2022-*) -; http://php.net/mbstring.internal-encoding -;mbstring.internal_encoding = UTF-8 +; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;mbstring.internal_encoding = +; Use of this INI entry is deprecated, use global input_encoding instead. ; http input encoding. -; http://php.net/mbstring.http-input -;mbstring.http_input = UTF-8 - -; http output encoding. mb_output_handler must be -; registered as output buffer to function -; http://php.net/mbstring.http-output -;mbstring.http_output = pass +; mbstring.encoding_translation = On is needed to use this setting. +; If empty, default_charset or input_encoding or mbstring.input is used. +; The precedence is: default_charset < input_encoding < mbstring.http_input +; https://php.net/mbstring.http-input +;mbstring.http_input = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; http output encoding. +; mb_output_handler must be registered as output buffer to function. +; If empty, default_charset or output_encoding or mbstring.http_output is used. +; The precedence is: default_charset < output_encoding < mbstring.http_output +; To use an output encoding conversion, mbstring's output handler must be set +; otherwise output encoding conversion cannot be performed. +; https://php.net/mbstring.http-output +;mbstring.http_output = ; enable automatic encoding translation according to ; mbstring.internal_encoding setting. Input chars are ; converted to internal encoding by setting this to On. ; Note: Do _not_ use automatic encoding translation for ; portable libs/applications. -; http://php.net/mbstring.encoding-translation +; https://php.net/mbstring.encoding-translation ;mbstring.encoding_translation = Off ; automatic encoding detection order. -; auto means -; http://php.net/mbstring.detect-order +; "auto" detect order is changed according to mbstring.language +; https://php.net/mbstring.detect-order ;mbstring.detect_order = auto ; substitute_character used when character cannot be converted ; one from another -; http://php.net/mbstring.substitute-character +; https://php.net/mbstring.substitute-character ;mbstring.substitute_character = none -; overload(replace) single byte functions by mbstring functions. -; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), -; etc. Possible values are 0,1,2,4 or combination of them. -; For example, 7 for overload everything. -; 0: No overload -; 1: Overload mail() function -; 2: Overload str*() functions -; 4: Overload ereg*() functions -; http://php.net/mbstring.func-overload -;mbstring.func_overload = 0 - -; enable strict encoding detection. -;mbstring.strict_detection = On +; Enable strict encoding detection. +;mbstring.strict_detection = Off ; This directive specifies the regex pattern of content types for which mb_output_handler() ; is activated. -; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) -;mbstring.http_output_conv_mimetype= +; Default: mbstring.http_output_conv_mimetypes=^(text/|application/xhtml\+xml) +;mbstring.http_output_conv_mimetypes= + +; This directive specifies maximum stack depth for mbstring regular expressions. It is similar +; to the pcre.recursion_limit for PCRE. +;mbstring.regex_stack_limit=100000 + +; This directive specifies maximum retry count for mbstring regular expressions. It is similar +; to the pcre.backtrack_limit for PCRE. +;mbstring.regex_retry_limit=1000000 [gd] ; Tell the jpeg decode to ignore warnings and try to create ; a gd image. The warning will then be displayed as notices ; disabled by default -; http://php.net/gd.jpeg-ignore-warning -;gd.jpeg_ignore_warning = 0 +; https://php.net/gd.jpeg-ignore-warning +;gd.jpeg_ignore_warning = 1 [exif] ; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. @@ -1756,47 +1715,47 @@ mssql.secure_connection = Off ; given by corresponding encode setting. When empty mbstring.internal_encoding ; is used. For the decode settings you can distinguish between motorola and ; intel byte order. A decode setting cannot be empty. -; http://php.net/exif.encode-unicode +; https://php.net/exif.encode-unicode ;exif.encode_unicode = ISO-8859-15 -; http://php.net/exif.decode-unicode-motorola +; https://php.net/exif.decode-unicode-motorola ;exif.decode_unicode_motorola = UCS-2BE -; http://php.net/exif.decode-unicode-intel +; https://php.net/exif.decode-unicode-intel ;exif.decode_unicode_intel = UCS-2LE -; http://php.net/exif.encode-jis +; https://php.net/exif.encode-jis ;exif.encode_jis = -; http://php.net/exif.decode-jis-motorola +; https://php.net/exif.decode-jis-motorola ;exif.decode_jis_motorola = JIS -; http://php.net/exif.decode-jis-intel +; https://php.net/exif.decode-jis-intel ;exif.decode_jis_intel = JIS [Tidy] ; The path to a default tidy configuration file to use when using tidy -; http://php.net/tidy.default-config +; https://php.net/tidy.default-config ;tidy.default_config = /usr/local/lib/php/default.tcfg ; Should tidy clean and repair output automatically? ; WARNING: Do not use this option if you are generating non-html content ; such as dynamic images -; http://php.net/tidy.clean-output +; https://php.net/tidy.clean-output tidy.clean_output = Off [soap] ; Enables or disables WSDL caching feature. -; http://php.net/soap.wsdl-cache-enabled +; https://php.net/soap.wsdl-cache-enabled soap.wsdl_cache_enabled=1 ; Sets the directory name where SOAP extension will put cache files. -; http://php.net/soap.wsdl-cache-dir +; https://php.net/soap.wsdl-cache-dir soap.wsdl_cache_dir="/tmp" ; (time to live) Sets the number of second while cached file will be used ; instead of original one. -; http://php.net/soap.wsdl-cache-ttl +; https://php.net/soap.wsdl-cache-ttl soap.wsdl_cache_ttl=86400 ; Sets the size of the cache limit. (Max. number of WSDL files to cache) @@ -1810,36 +1769,25 @@ soap.wsdl_cache_limit = 5 ; Sets the maximum number of open links or -1 for unlimited. ldap.max_links = -1 -[mcrypt] -; For more information about mcrypt settings see http://php.net/mcrypt-module-open - -; Directory where to load mcrypt algorithms -; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) -;mcrypt.algorithms_dir= - -; Directory where to load mcrypt modes -; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) -;mcrypt.modes_dir= - [dba] ;dba.default_handler= [opcache] ; Determines if Zend OPCache is enabled -;opcache.enable=0 +;opcache.enable=1 ; Determines if Zend OPCache is enabled for the CLI version of PHP ;opcache.enable_cli=0 ; The OPcache shared memory storage size. -;opcache.memory_consumption=64 +;opcache.memory_consumption=128 ; The amount of memory for interned strings in Mbytes. -;opcache.interned_strings_buffer=4 +;opcache.interned_strings_buffer=8 ; The maximum number of keys (scripts) in the OPcache hash table. -; Only numbers between 200 and 100000 are allowed. -;opcache.max_accelerated_files=2000 +; Only numbers between 200 and 1000000 are allowed. +;opcache.max_accelerated_files=10000 ; The maximum percentage of "wasted" memory until a restart is scheduled. ;opcache.max_wasted_percentage=5 @@ -1866,22 +1814,18 @@ ldap.max_links = -1 ; size of the optimized code. ;opcache.save_comments=1 -; If disabled, PHPDoc comments are not loaded from SHM, so "Doc Comments" -; may be always stored (save_comments=1), but not loaded by applications -; that don't need them anyway. -;opcache.load_comments=1 - -; If enabled, a fast shutdown sequence is used for the accelerated code -;opcache.fast_shutdown=0 +; If enabled, compilation warnings (including notices and deprecations) will +; be recorded and replayed each time a file is included. Otherwise, compilation +; warnings will only be emitted when the file is first cached. +;opcache.record_warnings=0 ; Allow file existence override (file_exists, etc.) performance feature. ;opcache.enable_file_override=0 ; A bitmask, where each bit enables or disables the appropriate OPcache ; passes -;opcache.optimization_level=0xffffffff +;opcache.optimization_level=0x7FFFBFFF -;opcache.inherited_hack=1 ;opcache.dups_fix=0 ; The location of the OPcache blacklist file (wildcards allowed). @@ -1920,11 +1864,102 @@ ldap.max_links = -1 ; Useful for internal debugging only. ;opcache.protect_memory=0 +; Allows calling OPcache API functions only from PHP scripts which path is +; started from specified string. The default "" means no restriction +;opcache.restrict_api= + +; Mapping base of shared memory segments (for Windows only). All the PHP +; processes have to map shared memory into the same address space. This +; directive allows to manually fix the "Unable to reattach to base address" +; errors. +;opcache.mmap_base= + +; Facilitates multiple OPcache instances per user (for Windows only). All PHP +; processes with the same cache ID and user share an OPcache instance. +;opcache.cache_id= + +; Enables and sets the second level cache directory. +; It should improve performance when SHM memory is full, at server restart or +; SHM reset. The default "" disables file based caching. +;opcache.file_cache= + +; Enables or disables opcode caching in shared memory. +;opcache.file_cache_only=0 + +; Enables or disables checksum validation when script loaded from file cache. +;opcache.file_cache_consistency_checks=1 + +; Implies opcache.file_cache_only=1 for a certain process that failed to +; reattach to the shared memory (for Windows only). Explicitly enabled file +; cache is required. +;opcache.file_cache_fallback=1 + +; Enables or disables copying of PHP code (text segment) into HUGE PAGES. +; Under certain circumstances (if only a single global PHP process is +; started from which all others fork), this can increase performance +; by a tiny amount because TLB misses are reduced. On the other hand, this +; delays PHP startup, increases memory usage and degrades performance +; under memory pressure - use with care. +; Requires appropriate OS configuration. +;opcache.huge_code_pages=0 + +; Validate cached file permissions. +;opcache.validate_permission=0 + +; Prevent name collisions in chroot'ed environment. +;opcache.validate_root=0 + +; If specified, it produces opcode dumps for debugging different stages of +; optimizations. +;opcache.opt_debug_level=0 + +; Specifies a PHP script that is going to be compiled and executed at server +; start-up. +; https://php.net/opcache.preload +;opcache.preload= + +; Preloading code as root is not allowed for security reasons. This directive +; facilitates to let the preloading to be run as another user. +; https://php.net/opcache.preload_user +;opcache.preload_user= + +; Prevents caching files that are less than this number of seconds old. It +; protects from caching of incompletely updated files. In case all file updates +; on your site are atomic, you may increase performance by setting it to "0". +;opcache.file_update_protection=2 + +; Absolute path used to store shared lockfiles (for *nix only). +;opcache.lockfile_path=/tmp + [curl] ; A default value for the CURLOPT_CAINFO option. This is required to be an ; absolute path. ;curl.cainfo = -; Local Variables: -; tab-width: 4 -; End: +[openssl] +; The location of a Certificate Authority (CA) file on the local filesystem +; to use when verifying the identity of SSL/TLS peers. Most users should +; not specify a value for this directive as PHP will attempt to use the +; OS-managed cert stores in its absence. If specified, this value may still +; be overridden on a per-stream basis via the "cafile" SSL stream context +; option. +;openssl.cafile= + +; If openssl.cafile is not specified or if the CA file is not found, the +; directory pointed to by openssl.capath is searched for a suitable +; certificate. This value must be a correctly hashed certificate directory. +; Most users should not specify a value for this directive as PHP will +; attempt to use the OS-managed cert stores in its absence. If specified, +; this value may still be overridden on a per-stream basis via the "capath" +; SSL stream context option. +;openssl.capath= + +[ffi] +; FFI API restriction. Possible values: +; "preload" - enabled in CLI scripts and preloaded files (default) +; "false" - always disabled +; "true" - always enabled +;ffi.enable=preload + +; List of headers files to preload, wildcard patterns allowed. +;ffi.preload= diff --git a/root/etc/wallabag/php-wallabag.template.ini b/root/etc/wallabag/php-wallabag.template.ini new file mode 100644 index 0000000..b6cf924 --- /dev/null +++ b/root/etc/wallabag/php-wallabag.template.ini @@ -0,0 +1 @@ +memory_limit = ${PHP_MEMORY_LIMIT:-128M}