Remove sample PHP configuration from .htaccess and .user.ini files (#5850)

Moved to https://github.com/roundcube/roundcubemail/wiki/Installation#php-configuration
6 years ago · c0b9025215
parent 63d3ad11fb
commit c0b9025215
6 changed files with 22 additions and 62 deletions
--- a/.htaccess
+++ b/.htaccess
@ -1,23 +1,4 @@
-# WARNING: For PHP 7 the module name in the line below need to be modified!
-<IfModule mod_php5.c>
-php_flag    display_errors  Off
-php_flag    log_errors      On
-# php_value    error_log    logs/errors.log
-
-php_value   upload_max_filesize   5M
-php_value   post_max_size         6M
-php_value   memory_limit          64M
-
-php_flag    zlib.output_compression     Off
-php_flag    suhosin.session.encrypt     Off
-
-#php_value   session.cookie_path     /
-#php_value   session.hash_function   sha256
-php_flag    session.auto_start       Off
-php_value   session.gc_maxlifetime   21600
-php_value   session.gc_divisor       500
-php_value   session.gc_probability   1
-</IfModule>
+# This is a sample with suggested security and performance options

 <IfModule mod_rewrite.c>
 Options +SymLinksIfOwnerMatch
--- a/.user.ini
+++ b/.user.ini
@ -1,21 +0,0 @@
-; This file is read and processed by the CGI/FastCGI SAPI
-; PHP settings in .htaccess are only available to the PHP Apache module
-; also see: http://php.net/manual/en/configuration.file.per-user.php
-
-display_errors=Off
-log_errors=On
-;error_log=logs/errors.log
-
-upload_max_filesize=5M
-post_max_size=6M
-memory_limit=64M
-
-zlib.output_compression=Off
-suhosin.session.encrypt=Off
-
-;session.cookie_path=/
-;session.hash_function=sha256
-session.auto_start=Off
-session.gc_maxlifetime=21600
-session.gc_divisor=500
-session.gc_probability=1
--- a/1
+++ b/1
@ -7,6 +7,7 @@ CHANGELOG Roundcube Webmail
  - Added private key listing and generating to identity settings
  - Enable encrypt & sign option if Mailvelope supports it
 - Update to jQuery-3.3.1
+- Remove sample PHP configuration from .htaccess and .user.ini files (#5850)
 - Use Masterminds/HTML5 parser for HTML5 support (#5761)
 - vcard_attachments: Add possibility to send contact vCard from Contacts toolbar (#6080)
 - Add More actions button in Contacts toolbar with Copy/Move actions (#6081)
--- a/26
+++ b/26
@ -26,10 +26,10 @@ REQUIREMENTS
   - Net_Sieve 1.4.3 or newer (for managesieve plugin)
   - Crypt_GPG 1.6.2 or newer (for enigma plugin)
   - Endroid/QrCode 1.6.0 or newer (https://github.com/endroid/QrCode)
-* php.ini options (see .htaccess file):
+* php.ini options:
   - error_reporting E_ALL & ~E_NOTICE & ~E_STRICT
-   - memory_limit > 16MB (increase as suitable to support large attachments)
-   - file_uploads enabled (for attachment upload features)
+   - memory_limit > 16MB
+   - file_uploads enabled (for uploading attachments and import files)
   - session.auto_start disabled
   - suhosin.session.encrypt disabled
   - mbstring.func_overload disabled
@ -76,13 +76,13 @@ and configure your installation to be not surprised by default behaviour.

 Roundcube writes internal errors to the 'errors' log file located in the logs
 directory which can be configured in config/config.inc.php. If you want ordinary
-PHP errors to be logged there as well, enable the 'php_value error_log' line
-in the .htaccess file and set the path to the log file accordingly.
+PHP errors to be logged there as well, set error_log php.ini or .htaccess file.

-By default the session_path settings of PHP are not modified by Roundcube.
+By default the session cookie settings of PHP are not modified by Roundcube.
 However if you want to limit the session cookies to the directory where
-Roundcube resides you can uncomment and configure the according line
-in the .htaccess file.
+Roundcube resides you can set session.cookie_path in the php.ini or .htaccess file.
+
+More about PHP settings: https://github.com/roundcube/roundcubemail/wiki/Installation#php-configuration


 DATABASE SETUP
@ -156,13 +156,9 @@ Read the comments above the individual configuration options to find out what
 they do or read https://github.com/roundcube/roundcubemail/wiki/Installation
 for even more guidance.

-You can also modify the default .htaccess file. This is necessary to
-increase the allowed size of file attachments, for example:
-
-  php_value   upload_max_filesize     5M
-  php_value   post_max_size           6M
-
-Note that some PHP environments (php-fpm) may use .user.ini instead of .htaccess.
+The allowed size of email attachments and other file uploads is controlled by
+PHP settings: upload_max_filesize an  post_max_size. Read more about PHP
+settings at https://github.com/roundcube/roundcubemail/wiki/Installation#php-configuration.


 SECURE YOUR INSTALLATION
--- a/7
+++ b/7
@ -71,12 +71,11 @@ it on a unix system, you need to do the following operations by hand:

 Post-Upgrade Activities
 -----------------------
-1. Check .htaccess settings (some php settings could become required)
-2. If you're using build-in addressbook, run indexing script /bin/indexcontacts.sh.
-3. When upgrading from version older than 0.6-beta you should make sure
+1. If you're using build-in addressbook, run indexing script /bin/indexcontacts.sh.
+2. When upgrading from version older than 0.6-beta you should make sure
   your folder settings contain namespace prefix. For example Courier users
   should add INBOX. prefix to folder names in main configuration file.
-4. Check system requirements in INSTALL file.
+3. Check system requirements in INSTALL file.

 SQLite database upgrade
 -----------------------
--- a/program/lib/Roundcube/bootstrap.php
+++ b/program/lib/Roundcube/bootstrap.php
@ -25,11 +25,13 @@
 */

 $config = array(
-    'error_reporting'         => E_ALL & ~E_NOTICE & ~E_STRICT,
+    'error_reporting' => E_ALL & ~E_NOTICE & ~E_STRICT,
+    'display_errors'  => false,
+    'log_errors'      => true,
    // Some users are not using Installer, so we'll check some
    // critical PHP settings here. Only these, which doesn't provide
    // an error/warning in the logs later. See (#1486307).
-    'mbstring.func_overload'  => 0,
+    'mbstring.func_overload' => 0,
 );

 // check these additional ini settings if not called via CLI
@ -37,6 +39,8 @@ if (php_sapi_name() != 'cli') {
    $config += array(
        'suhosin.session.encrypt' => false,
        'file_uploads'            => true,
+        'session.auto_start'      => false,
+        'zlib.output_compression' => false,
    );
 }