Use PHP5 built in custom sections for overriding configurations for given host or path.

[reecefowell]

Use PHP5 built in custom sections for overriding configurations for given host or path.

This is built into PHP. I referenced the documentation for this feature here.

I had another ticket for this in another repo but it was suggested that this was more the domain of this repo instead.

Basically, it allows you to define something like:

; /etc/php.ini
[HOST=codeconsortium.com]
display_errors = Off
disable_functions = 'getmyuid, getmypid, passthru, leak, listen, diskfreespace, tmpfile, link, ignore_user_abord, shell_exec, dl, exec, highlight_file, source, show_source, fpaththru, virtual, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix, _getppid, posix_getpwnam, posix_getpwuid, posix_getsid, posix_getuid, posix_kill, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, phpinfo'

As suggested, the config is in /etc/php.ini.

The point is that in this way, we can add configurations to php.ini that only apply to a specific domain / subdomain.

If a way can be added to add these configurations and specify the host / path in this way (as php supports it, and thus it allows us a way to limit dangerous functions for production environments).

We could use the key for this, like so:

php:
    ini:
        display_errors: On
        error_reporting: '-1'
        expose_php: Off
    ini-section-host:
        codeconsortium.com:
            display_errors: Off
            disable_functions: 'getmyuid, getmypid, passthru, leak, listen, diskfreespace, tmpfile, link, ignore_user_abord, shell_exec, dl, exec, highlight_file, source, show_source, fpaththru, virtual, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix, _getppid, posix_getpwnam, posix_getpwuid, posix_getsid, posix_getuid, posix_kill, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, phpinfo'
    ini-section-path: ~

In this way we can customise php.ini configuration for specific domains, and it does NOT involve the vhost. The key 'codeconsortium.com' would serve as the value for [HOST=codeconsortium.com] under which the specific config would follow.

Output in /etc/php.ini would be:

display_errors = On
error_reporting = -1
expose_php = Off

[HOST=codeconsortium.com]
display_errors = Off
disable_functions = 'getmyuid, getmypid, passthru, leak, listen, diskfreespace, tmpfile, link, ignore_user_abord, shell_exec, dl, exec, highlight_file, source, show_source, fpaththru, virtual, posix_ctermid, posix_getcwd, posix_getegid, posix_geteuid, posix_getgid, posix_getgrgid, posix_getgrnam, posix_getgroups, posix_getlogin, posix_getpgid, posix_getpgrp, posix_getpid, posix, _getppid, posix_getpwnam, posix_getpwuid, posix_getsid, posix_getuid, posix_kill, posix_setegid, posix_seteuid, posix_setgid, posix_setpgid, posix_setsid, posix_setuid, posix_times, posix_ttyname, posix_uname, phpinfo'

[jtreminio]

I'll think on the best way to add this to the gui ... it'll probably involve adding an ini section to each vhost? Maybe ...

[jonataa]

Maybe a custom php.ini per path/folder is a better way for that. I don't know if the GUI already lets do it.