[php-maint] Bug#668053: Bug#668053: Bug#668053: [php5-common] php.ini-production does not actually have production values
chealer at gmail.com
Sun Apr 8 20:18:39 UTC 2012
On 2012-04-08 13:07, Thijs Kinkhorst wrote:
> On Sun, April 8, 2012 18:36, Filipus Klutiero wrote:
>> That's not an opinion, that's a bug. Compare
>>> ; Production Value: Off
>>> short_open_tag = On
>> Off != On
> I think what confuses you is that the comments in the php.ini indicate
> what upstream considers production values, while what we ship is different
> from that because we do not think that short_open_tag necessarily needs to
> be off for environments considered 'production'.
That looks like it. debian/rules "sanitizes" php.ini files:
> # sanitize php.ini file
> cat php.ini-production | tr "\t" " " | sed -e'/short_open_tag =/ s/Off/On/g;/session.gc_probability =/ s/1/0/g;/disable_functions =/ s/$$/ $(PCNTL_FUNCTIONS)/g;'> debian/php5-common/usr/share/php5/php.ini-production
> cat php.ini-production | tr "\t" " " | sed -e'/memory_limit =/ s/128M/-1/g;/short_open_tag =/ s/Off/On/g;/session.gc_probability =/ s/1/0/g'> debian/php5-common/usr/share/php5/php.ini-production.cli
> cat php.ini-development | tr "\t" " " | sed -e'/short_open_tag =/ s/Off/On/g;/session.gc_probability =/ s/1/0/g;/disable_functions =/ s/$$/ $(PCNTL_FUNCTIONS)/g;'> debian/php5-common/usr/share/php5/php.ini-development
So it looks like we're changing the value of 3-4 default settings from
the upstream value, but we're not updating the corresponding documentation.
By the way, regarding short_open_tag, according to php.ini
"php.ini-production contains settings which hold security, performance
and best practices at its core."
> This directive determines whether or not PHP will recognize code between
> ; <? and ?> tags as PHP source which should be processed as such. It's
> ; recommended for several years that you not use the short tag "short
> cut" and
> ; instead to use the full <?php and ?> tag combination. With the wide
> spread use
> ; of XML and use of these tags by other languages, the server can
> become easily
> ; confused and end up parsing the wrong code in the wrong context. But
> ; this short cut has been a feature for such a long time, it's
> currently still
> ; supported for backwards compatibility, but we recommend you don't
> use them.
So I don't think short_open_tag should be enabled in php.ini-production.
More information about the pkg-php-maint