PHP incluye el soporte para ficheros INI de configuración
por directorio. Estos ficheros son analizados solo
por el SAPI CGI/FastCGI. Esta funcionalidad hace obsoleta la extensión PECL
htscanner. Si se ejecuta PHP como módulo Apache,
el uso de los ficheros .htaccess produce el mismo efecto.
Además del fichero php.ini principal, PHP analiza los ficheros INI contenidos en cada directorio, comenzando por el directorio desde el cual el fichero PHP actual es llamado, y recorre los directorios hasta el directorio raíz actual (tal como se define por la variable $_SERVER['DOCUMENT_ROOT']). En el caso de que el fichero PHP esté fuera de la raíz web, solo su directorio será escaneado.
Solo las configuraciones INI con los modos INI_PERDIR
y INI_USER serán reconocidas en los ficheros INI
.user.ini-style.
Dos nuevas directivas INI, user_ini.filename y user_ini.cache_ttl controlan el uso de los ficheros INI definidos por el usuario.
user_ini.filename define el nombre del fichero buscado
por PHP en cada directorio ; si esta directiva está definida a una cadena vacía,
PHP no analizará nada en absoluto. Por defecto, vale .user.ini.
user_ini.cache_ttl controla la duración entre 2 relecturas de los ficheros INI definidos por el usuario. Por defecto, vale 300 segundos (5 minutos).
If you have no idea what "PHP_INI_PERDIR" or "PHP_INI_USER" are or how they relate to setting a .user.ini file, take a look at the ini.list page: http://www.php.net/manual/en/ini.list.php
Basically, anything in the "Changeable" column labeled as PHP_INI_SYSTEM can't be set in the .user.ini file (so quit trying). It can ONLY be set at the main php.ini level."If you are using Apache, use .htaccess files for the same effect."
To clarify, this applies only to Apache module mode. If you put php directives in .htaccess on an Apache CGI/FastCGI server, this will bomb the server out with a 500 error. Thus, you unfortunately cannot create a config which caters for both types of hosting, at least not in any straightforward way.Since the .user.ini is read from public directories, it's contents will be served to anyone requesting it and potientially show them sensitive configuration settings.
Add these lines to your .htaccess to block requests to it :
<Files ".user.ini">
Require all denied
</Files>Trap for young players, not that I’m such a young player myself.
The default setting for user_ini.cache_ttl is 300 seconds, which means that it refreshes every 5 minutes. If you are tweaking the settings in .user.ini, it could take up to 5 minutes before you see the results of your experimentation.
If you don’t have access to php.ini where you can change this setting, you will have to learn to be very patient.For those looking for an example... .user.ini should be formatted as a simple list of [KEY]=[VALUE]\n sets. For example, a one-line .user.ini file that serves solely to change the max allowable upload file size to 5Mb is:
upload_max_filesize="5M"This article should be made clearer.
".htaccess-style INI files" meant to me that the ini settings had to follow the syntax used in .htaccess, but this is not the case!
You have to use
register_globals=on
and not
php_flag register_globals on
Also, the changes can take a while to propagate to all processes if you have a long process time out.
Restarting php-fpm can give you an answer quicker :)