I have wondered about this for a while from OC til Arastta, so I ask:
Why is php.ini included?
If a php.ini is added to a folder in t.ex. a cPanel server, it will use the settings from it, but all other is reset to php defaults. Meaning the hosts customisation and security settings is replaced - right?
But when using a .user.ini only the values in this is replacing the hosts customisations, the rest will still be in use though.
Now we can say that .user.ini isn't supported on all servers, but the same goes for php.ini - on some it will even give a 500 Internal Server Error.
And on the other hand, should a file like this be added at all? Better make those values checkpoints in the installer, so it can be adjusted if needed, and only then.
Also, files like this should be renamed by default (like htaccess.txt). Now they will overwrite any customisation, or be readded, when updating...
Why is php.ini included?
If a php.ini is added to a folder in t.ex. a cPanel server, it will use the settings from it, but all other is reset to php defaults. Meaning the hosts customisation and security settings is replaced - right?
But when using a .user.ini only the values in this is replacing the hosts customisations, the rest will still be in use though.
Now we can say that .user.ini isn't supported on all servers, but the same goes for php.ini - on some it will even give a 500 Internal Server Error.
And on the other hand, should a file like this be added at all? Better make those values checkpoints in the installer, so it can be adjusted if needed, and only then.
Also, files like this should be renamed by default (like htaccess.txt). Now they will overwrite any customisation, or be readded, when updating...
In Security
Share this post:
Responses (8)
-
Accepted Answer
Not sure who added it at first, but the already to high value was increased by Daniel for the extension installer:
https://github.com/opencart/opencart/commit/89f0958e5e35cc2527079bf197991aa244f6812c -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Michael wrote:Because from what I have seen, it makes more troubles than useful.
Exactly what I'm thinking too.
https://www.google.com/search?q=opencart+php.ini+500+internal+server+error -
Accepted Answer
From my experience, until now I had alwas to disable the included php.ini when a customer from me had troubles.
I own several servers (Linux & Plesk) and they do not use custom php.ini files (because the servers are set this way).
Other providers do use it, and others use user.ini
If a php.ini is in place and if it overrides the server php.ini or 'only' adding values, I have to ask my technician.
He is more qualified for an answer.
But generally it should - if existing - not named like php.ini, more php.txt or php_ini.txt.
Because from what I have seen, it makes more troubles than useful. -
Accepted Answer
Denis Dulici wrote:However, from what I know, it doesn't reset the others to the PHP defaults. Are you having such an issue? If so, do you have a customized PHP or default?
But it actually does, I've seen it myself, and several hosts has mentioned it during the years. Let's say a host has defined disable_functions, error_log etc., all those is removed if using a local php.ini - I will send you a PM so you can see it live.
Denis Dulici wrote:Otherwise we'll see such statements everywhere: OpenCart works on my server but Arastta not.
If the requirements are tested and listed in installer, together with a link to info about how to change this on several server environment it would be better, and make less problems actually. This is like Joomla and several others do without huge problems. -
Accepted Answer
If your server is set up to read that file then yes, it replaces the settings used into. However, from what I know, it doesn't reset the others to the PHP defaults. Are you having such an issue? If so, do you have a customized PHP or default?
As for be or not to be, we didn't change it when forking OpenCart. Yes, I agree that it must be like htaccess.txt but we should also test it first before making such a critical change. Otherwise we'll see such statements everywhere: OpenCart works on my server but Arastta not.
Your Reply
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »