[php-maint] Bug#667711: [php5-common] Configuration file php.ini mentions 2 php.ini files, 3 installed

Filipus Klutiero chealer at gmail.com
Fri Apr 6 05:15:32 UTC 2012

Package: php5-common
Version: 5.4.0-3
Severity: normal

The file installed as /etc/php5/apache2/php.ini contains:

> ;;;;;;;;;;;;;;;;;;;
> ; About this file ;
> ;;;;;;;;;;;;;;;;;;;
> ; PHP comes packaged with two INI files. One that is recommended to be 
> used
> ; in production environments and one that is recommended to be used in
> ; development environments.
> ; php.ini-production contains settings which hold security, 
> performance and
> ; best practices at its core. But please be aware, these settings may 
> break
> ; compatibility with older or less security conscience applications. We
> ; recommending using the production ini in production and testing 
> environments.
> ; php.ini-development is very similar to its production variant, 
> except it's
> ; much more verbose when it comes to errors. We recommending using the
> ; development version only in development environments as errors shown to
> ; application users can inadvertently leak otherwise secure information.

php.ini-production is shipped as /usr/share/php5/php.ini-production
php.ini-development is shipped as 
/usr/share/doc/php5-common/examples/php.ini-development (oddly, in a 
different directory).
But "php.ini-nothing" is apparently neither php.ini-production 
nor php.ini-development. For example, the default php.ini contains:

> ; This directive determines whether or not PHP will recognize code between
> ; <? and ?> tags as PHP source which should be processed as such. It's 
> been
> ; recommended for several years that you not use the short tag "short 
> cut" and
> ; instead to use the full <?php and ?> tag combination. With the wide 
> spread use
> ; of XML and use of these tags by other languages, the server can 
> become easily
> ; confused and end up parsing the wrong code in the wrong context. But 
> because
> ; this short cut has been a feature for such a long time, it's 
> currently still
> ; supported for backwards compatibility, but we recommend you don't 
> use them.
> ; Default Value: On
> ; Development Value: Off
> ; Production Value: Off
> ; http://php.net/short-open-tag
> short_open_tag = On

The php.ini is full of such examples, where the development and 
production values are identical, yet different from the default value 
(another example is output_buffering).

That leaves users wondering what is /etc/php5/apache2/php.ini and, if 
it's not recommended in production nor in testing or development, where 
it *is* recommended.

It would help to avoid splitting these files in 3 directories and to 
mention their path in /etc/php5/apache2/php.ini

More information about the pkg-php-maint mailing list