rc.php_ini_setup 5.2 KB
Newer Older
Ad Schellevis's avatar
Ad Schellevis committed
1
#!/bin/sh
2

3 4 5
# Copyright (C) 2014-2016 Franco Fichtner <franco@opnsense.org>
# Copyright (C) 2010 Scott Ullrich <sullrich@gmail.com>
# All rights reserved.
Ad Schellevis's avatar
Ad Schellevis committed
6
#
7 8
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
Ad Schellevis's avatar
Ad Schellevis committed
9
#
10 11
# 1. Redistributions of source code must retain the above copyright notice,
#    this list of conditions and the following disclaimer.
Ad Schellevis's avatar
Ad Schellevis committed
12
#
13 14 15
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
Ad Schellevis's avatar
Ad Schellevis committed
16
#
17 18 19 20 21 22 23 24 25 26
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
Ad Schellevis's avatar
Ad Schellevis committed
27

28 29 30 31
if [ -d /usr/local/lib/php/20151012 ]; then
	# PHP 7
	EXTENSIONSDIR="/usr/local/lib/php/20151012/"
elif [ -d /usr/local/lib/php/20131226 ]; then
32 33
	# PHP 5.6
	EXTENSIONSDIR="/usr/local/lib/php/20131226/"
Ad Schellevis's avatar
Ad Schellevis committed
34
else
35 36
	echo "No supported PHP version was found."
	exit 1
Ad Schellevis's avatar
Ad Schellevis committed
37 38
fi

39
# Define php modules.  Do not add .so, it will
Ad Schellevis's avatar
Ad Schellevis committed
40
# be done automatically by the script below.
41

Ad Schellevis's avatar
Ad Schellevis committed
42
# Config read/write
43
PHPMODULES="dom xml simplexml"
Ad Schellevis's avatar
Ad Schellevis committed
44
# Downloading via HTTP/FTP (pkg mgr, etc)
45
PHPMODULES="$PHPMODULES curl"
46
# Internationalization
Ad Schellevis's avatar
Ad Schellevis committed
47 48
PHPMODULES="$PHPMODULES gettext"
# User manager
Franco Fichtner's avatar
Franco Fichtner committed
49
PHPMODULES="$PHPMODULES ldap openssl"
50
PHPMODULES="$PHPMODULES hash mcrypt"
Ad Schellevis's avatar
Ad Schellevis committed
51 52 53 54 55 56 57 58 59
# Login sessions
PHPMODULES="$PHPMODULES session"
# Extra sanity seatbelts
PHPMODULES="$PHPMODULES suhosin"
# Firewall rules edit
PHPMODULES="$PHPMODULES ctype"
# Page compression
PHPMODULES="$PHPMODULES zlib"
# SQLlite & Database
60 61
PHPMODULES="$PHPMODULES pdo"
PHPMODULES="$PHPMODULES pdo_sqlite"
Ad Schellevis's avatar
Ad Schellevis committed
62 63 64 65 66 67 68 69 70 71 72
PHPMODULES="$PHPMODULES sqlite3"
# RADIUS
PHPMODULES="$PHPMODULES radius"
# pfSense extensions
PHPMODULES="$PHPMODULES pfSense"
# json
PHPMODULES="$PHPMODULES json"
# bcmath
PHPMODULES="$PHPMODULES bcmath"
# filter
PHPMODULES="$PHPMODULES filter"
73
# OPNsense
74
PHPMODULES="$PHPMODULES phalcon"
Ad Schellevis's avatar
Ad Schellevis committed
75

76 77 78 79 80
_EXTENSIONS_INI=$(mktemp -q /tmp/extensions_ini.XXXXXX)
EXTENSIONS_INI=/usr/local/etc/php/extensions.ini

touch ${EXTENSIONS_INI}
cp ${EXTENSIONS_INI} ${_EXTENSIONS_INI}
81
chmod 644 ${_EXTENSIONS_INI}
82

Ad Schellevis's avatar
Ad Schellevis committed
83
# Clear the .ini file to make sure we are clean
84 85 86
rm -f /usr/local/etc/php.ini
rm -f /usr/local/lib/php.ini

Ad Schellevis's avatar
Ad Schellevis committed
87
# Fetch the timezone from the XML and set it here. We set it later too in the running scripts
88 89 90 91
TIMEZONE=Etc/UTC
if [ -f /conf/config.xml ]; then
	TIMEZONE=`cat /conf/config.xml | egrep -E '<timezone>(.*?)</timezone>' | awk -F'>' '{print $2}'|awk -F'<' '{print $1}'`
fi
Ad Schellevis's avatar
Ad Schellevis committed
92 93 94 95 96

# Get a loaded module list in the stock php
# Populate a dummy php.ini to avoid
# the file being clobbered and the firewall
# not being able to boot back up.
97
cat >> /usr/local/lib/php.ini << EOF
98
; File generated via rc.php_ini_setup
Ad Schellevis's avatar
Ad Schellevis committed
99 100 101 102 103 104 105 106 107 108
output_buffering = "0"
expose_php = Off
implicit_flush = true
magic_quotes_gpc = Off
max_execution_time = 900
max_input_time = 1800
register_argc_argv = On
register_long_arrays = Off
variables_order = "GPCS"
file_uploads = On
109
upload_tmp_dir = /tmp
Ad Schellevis's avatar
Ad Schellevis committed
110 111 112 113 114
upload_max_filesize = 200M
post_max_size = 200M
html_errors = Off
zlib.output_compression = Off
zlib.output_compression_level = 1
115
include_path = ".:/usr/local/etc/inc:/usr/local/www:/usr/local/opnsense/mvc:/usr/local/share/pear:/usr/local/opnsense/contrib"
116
ignore_repeated_errors = on
117
error_reporting = E_ALL ^ (E_NOTICE | E_DEPRECATED | E_STRICT)
Ad Schellevis's avatar
Ad Schellevis committed
118 119 120 121 122 123 124 125
display_errors=on
log_errors=on
error_log=/tmp/PHP_errors.log
extension_dir=${EXTENSIONSDIR}
date.timezone="${TIMEZONE}"
EOF

# Loop through and generate modules to load.
126
for EXT in ${PHPMODULES}; do
127 128
	sed -i '' -e "/${EXT}.so/d" ${_EXTENSIONS_INI}
	echo "extension=${EXT}.so" >> ${_EXTENSIONS_INI}
Ad Schellevis's avatar
Ad Schellevis committed
129 130
done

131 132 133 134 135
# Enable XDebug if installed
if [ -f "${EXTENSIONSDIR}xdebug.so" ]; then
	sed -i '' -e "/xdebug.so/d" ${_EXTENSIONS_INI}
	echo "zend_extension=${EXTENSIONSDIR}xdebug.so" >> ${_EXTENSIONS_INI}

136
	cat >> /usr/local/lib/php.ini << EOF
137 138 139 140 141 142 143

[xdebug]
xdebug.profiler_enable_trigger = 1
xdebug.profiler_output_name = cachegrind.out.%t.%p
EOF
fi

144
cat >> /usr/local/lib/php.ini << EOF
145

Ad Schellevis's avatar
Ad Schellevis committed
146 147 148 149 150 151 152 153
[suhosin]
suhosin.get.max_array_depth = 5000
suhosin.get.max_array_index_length = 256
suhosin.get.max_vars = 5000
suhosin.get.max_value_length = 500000
suhosin.post.max_array_depth = 5000
suhosin.post.max_array_index_length = 256
suhosin.post.max_vars = 5000
154
suhosin.post.max_value_length = 9000000
Ad Schellevis's avatar
Ad Schellevis committed
155 156 157
suhosin.request.max_array_depth = 5000
suhosin.request.max_array_index_length = 256
suhosin.request.max_vars = 5000
158
suhosin.request.max_value_length = 9000000
Ad Schellevis's avatar
Ad Schellevis committed
159
suhosin.memory_limit = 512435456
160
suhosin.session.cryptdocroot=Off
Ad Schellevis's avatar
Ad Schellevis committed
161 162 163
EOF

# Copy php.ini file to etc/ too (cli)
164
cp /usr/local/lib/php.ini /usr/local/etc/php.ini
165
mv ${_EXTENSIONS_INI} ${EXTENSIONS_INI}