core/src/etc/rc.php_ini_setup

#!/bin/sh

# Copyright (C) 2014-2016 Franco Fichtner <franco@opnsense.org>
# Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
#    this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.

if [ -d /usr/local/lib/php/20151012 ]; then
	# PHP 7.0
	EXTENSIONSDIR="/usr/local/lib/php/20151012/"
elif [ -d /usr/local/lib/php/20131226 ]; then
	# PHP 5.6
	EXTENSIONSDIR="/usr/local/lib/php/20131226/"
else
	echo "No supported PHP version was found."
	exit 1
fi

PHP_INI=$(mktemp -q /tmp/php_ini.XXXXXX)
chmod 644 ${PHP_INI}

# XXX can be removed in 17.1
rm -f /usr/local/etc/php/extensions.ini

# Fetch the timezone from the XML and set it here
TIMEZONE=Etc/UTC
if [ -f /conf/config.xml ]; then
	TIMEZONE=`cat /conf/config.xml | egrep -E '<timezone>(.*?)</timezone>' | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'`
fi

# Get a loaded module list in the stock php
# Populate a dummy php.ini to avoid
# the file being clobbered and the firewall
# not being able to boot back up.
cat >> ${PHP_INI} << EOF
; File generated via rc.php_ini_setup
output_buffering = "0"
expose_php = Off
implicit_flush = true
magic_quotes_gpc = Off
max_execution_time = 900
max_input_time = 1800
max_input_vars = 5000
memory_limit = 256M
register_argc_argv = On
register_long_arrays = Off
variables_order = "GPCS"
file_uploads = On
upload_tmp_dir = /tmp
upload_max_filesize = 200M
post_max_size = 200M
html_errors = Off
zlib.output_compression = Off
zlib.output_compression_level = 1
include_path = ".:/usr/local/etc/inc:/usr/local/www:/usr/local/opnsense/mvc:/usr/local/share/pear:/usr/local/opnsense/contrib"
ignore_repeated_errors = on
error_reporting = E_ALL ^ (E_NOTICE | E_DEPRECATED | E_STRICT)
display_errors=on
log_errors=on
error_log=/tmp/PHP_errors.log
extension_dir=${EXTENSIONSDIR}
date.timezone="${TIMEZONE}"

[xdebug]
xdebug.profiler_enable_trigger = 1
xdebug.profiler_output_name = cachegrind.out.%t.%p

[suhosin]
suhosin.get.max_array_depth = 5000
suhosin.get.max_array_index_length = 256
suhosin.get.max_vars = 5000
suhosin.get.max_value_length = 500000
suhosin.post.max_array_depth = 5000
suhosin.post.max_array_index_length = 256
suhosin.post.max_vars = 5000
suhosin.post.max_value_length = 9000000
suhosin.request.max_array_depth = 5000
suhosin.request.max_array_index_length = 256
suhosin.request.max_vars = 5000
suhosin.request.max_value_length = 9000000
suhosin.memory_limit = 512435456
suhosin.session.cryptdocroot=Off
EOF

PKGNAME="/usr/local/opnsense/version/opnsense.name"
if [ -f ${PKGNAME} -a "$(grep -c -- -devel$ ${PKGNAME})" != "0" ]; then
	cat >> ${PHP_INI} << EOF
suhosin.executor.include.whitelist = phar://
EOF
fi

cp ${PHP_INI} /usr/local/etc/php.ini
cp ${PHP_INI} /usr/local/lib/php.ini
rm ${PHP_INI}