[php-maint] Bug#668053: Bug#668053: Bug#668053: [php5-common] php.ini-production does not actually have production values

Filipus Klutiero chealer at gmail.com
Sun Apr 8 20:18:39 UTC 2012

On 2012-04-08 13:07, Thijs Kinkhorst wrote:
> On Sun, April 8, 2012 18:36, Filipus Klutiero wrote:
>> That's not an opinion, that's a bug. Compare
>>> ; Production Value: Off
>> with
>>> short_open_tag = On
>> Off != On
> I think what confuses you is that the comments in the php.ini indicate
> what upstream considers production values, while what we ship is different
> from that because we do not think that short_open_tag necessarily needs to
> be off for environments considered 'production'.

That looks like it. debian/rules "sanitizes" php.ini files:

> 	# sanitize php.ini file
> 	cat php.ini-production | tr "\t" " " | sed -e'/short_open_tag =/ s/Off/On/g;/session.gc_probability =/ s/1/0/g;/disable_functions =/ s/$$/ $(PCNTL_FUNCTIONS)/g;'>  debian/php5-common/usr/share/php5/php.ini-production
> 	cat php.ini-production | tr "\t" " " | sed -e'/memory_limit =/ s/128M/-1/g;/short_open_tag =/ s/Off/On/g;/session.gc_probability =/ s/1/0/g'>  debian/php5-common/usr/share/php5/php.ini-production.cli
> 	cat php.ini-development | tr "\t" " " | sed -e'/short_open_tag =/ s/Off/On/g;/session.gc_probability =/ s/1/0/g;/disable_functions =/ s/$$/ $(PCNTL_FUNCTIONS)/g;'>  debian/php5-common/usr/share/php5/php.ini-development

So it looks like we're changing the value of 3-4 default settings from 
the upstream value, but we're not updating the corresponding documentation.

By the way, regarding short_open_tag, according to php.ini 
"php.ini-production contains settings which hold security, performance 
and best practices at its core."

> This directive determines whether or not PHP will recognize code between
> ; <? and ?> tags as PHP source which should be processed as such. It's 
> been
> ; recommended for several years that you not use the short tag "short 
> cut" and
> ; instead to use the full <?php and ?> tag combination. With the wide 
> spread use
> ; of XML and use of these tags by other languages, the server can 
> become easily
> ; confused and end up parsing the wrong code in the wrong context. But 
> because
> ; this short cut has been a feature for such a long time, it's 
> currently still
> ; supported for backwards compatibility, but we recommend you don't 
> use them.

So I don't think short_open_tag should be enabled in php.ini-production.

More information about the pkg-php-maint mailing list