Bug 97765

Summary: Default php config should be either for development or for live
Product: [Retired] Red Hat Linux Reporter: Karl O. Pinc <kop>
Component: phpAssignee: Joe Orton <jorton>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: low    
Version: 7.3   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 4.3.4-5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-01-21 17:37:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Karl O. Pinc 2003-06-20 16:33:28 UTC 
Description of problem:

Php comes shipped with configuration geared towards development, but not
entirely.  To be entirely geared towards development all errors
and warnings should be reported by php.  As shipped, php does not
report warnings of bad code. (Referencing unassinged variable values,
forgetting to quote constants, etc.  Like 'perl -w'.)

As shipped the php.ini is a bad compromise between development and live.
It's better to have the administrator configure the box to suit
the use to which it will be put.

Consider putting these php config directives in apache's config.  See below.

Development php.ini should be:

# Errors in html output stream
display_erorrs 1
# Don't log errors (syslog or apache)
log_errors 0
# Report all errors and warnings
error_reporting 2047

Live php.ini should be:

# Never show user errors
display_errors 0
# Log all errors (via apache)
log_errors 1
# error_log syslog
# Report all errors and warnings
# error_reporting <depends on how bad your code is>
error_reporting 2047

Additional info:

Changes should take place in a new redhat release.

It's worth commenting out the 'live' values to provide
recommendations for when a site goes live.

The best place to make these configuration changes is really  not
in php.ini, but in apache's httpd.conf using apache's php_flag
and php_value config directives.  When the changes are made through
apache they can be set on a per-directory basis.  (It's also possible
to set them from within a php script using php_ini(), although
this is not really feasible for much of the error handling as
errors occur during php parsing at which point the php_ini() call has
not been made.
Comment 1 Joe Orton 2004-01-21 17:37:57 UTC 
php.ini is now based on php.ini-recommended as of php-4.3.4-5 in Raw
Hide.  Thanks for the report!