Everything PHP: from usage to special security constraints.
Overview During early development of a PHP application or to debug a problem, errors should be displayed in-browser to help spot typos, undefined variables, misconfiguration, and other logic flaws. Solution Enable display_errors and increase verbosity in error_reporting within PHP. As an example, configuration within a .htaccess would be: php_flag display_errors On php_value error_reporting 9999999 Caveats Some applications may use a separate…
Overview When attempting to access a file in PHP, the script will yield a warning similar to: Warning: fopen(): open_basedir restriction in effect. File(/var/www/myresource) is not within the allowed path(s): (/home/virtual/site2/fst:/var/www/html:/usr/local:/usr/bin:/usr/sbin:/etc:/tmp:/proc:/dev:/.socket) in /home/virtual/site2/fst/var/www/html/myfile.php on line 3 Cause This is caused by mistakenly referencing a path within a pivot root inconsistent with PHP. PHP runs with a…
Overview By default, uploaded files are stored under /tmp, which is outside the pivot root of your account’s filesystem. These files may be accessed only by PHP. In certain circumstances, you may want to keep a copy of uploaded files for debugging. Solution Upload path can be adjusted by changing PHP’s tunable setting: upload_tmp_dir. Use the value within the…
Overview Certain default PHP settings may be insufficient for an application. For example, it may be necessary to accept large file uploads or display errors on-screen to facilitate rapid prototyping during early stages of an application. Solution PHP settings may be changed 2 ways, each with varying scope. All settings except for open_basedir and memory_limit may be adjusted.…
Overview PHP operates as a separate user to enhance security across the server. In the event of a hacking event on a client’s site, the attacker only has access to what it can access, which protects sensitive e-mails and SSH keys that reside within the same storage space. Certain applications like WordPress and Drupal will complain that the…