php.iniの話 - Speaker Deck

php.iniの話

by uzulla

Slide 1

Slide 1 text

php.iniͷ࿩

Slide 2

Slide 2 text

builderscon tokyo 2016 2016/12/3

Slide 3

Slide 3 text

ࣗݾ঺հ uzulla

Slide 4

Slide 4 text

ͦΜͳ͜ͱΑΓ

Slide 5

Slide 5 text

PHP7.1.0 release!

Slide 6

Slide 6 text

!!!!!! » Nullable types » Void return type » Iterable pseudo-type » Class constant visiblity modifiers » Square bracket syntax for list() and the ability to specify keys in list() » Catching multiple exceptions types

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

࿩͠Λ໭͠·͢

Slide 9

Slide 9 text

͑ͬɺphp.iniͷ࿩ΛҰ࣌ؒʁ

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

ʮօ͞ΜPHPΛ஌͍ͬͯ·͢ʯ

Slide 12

Slide 12 text

» ΋͸΍஌Βͳ͍ͱ͸ݴΘ͞ͳ͍ » ͳͷͰɺPHP͕Ͳ͏͍͏΋ͷͳͷ͔ͱ͍͏ͷ͸লུ

Slide 13

Slide 13 text

php.iniΛ͍ͬͯ͠·͔͢ʁ » php࣮ߦ࣌ͷ༷ʑͳεΠον » ಺෦ͷจࣈίʔυͱ͔… » ೔෇ܭࢉ࣌ͷλΠϜκʔϯͱ͔…

Slide 14

Slide 14 text

จࣈίʔυؔ࿈Ͱͷྫ php > echo strlen("͍͋͏͓͑"); 15 » strlen͸ϚϧνόΠτඇରԠؔ਺ » UTF-8Ͱ͸̍จࣈ͕3όΠτͳͷͰɺ5จࣈ͕15όΠτͱͯ͠ܭࢉ͞Ε ͍ͯΔ

Slide 15

Slide 15 text

໪࿦PHP͸ϚϧνόΠτͷจࣈྻ΋ಡΈॻ͖Ͱ͖·͢ɻ php > echo mb_strlen("͍͋͏͓͑"); 5 » ϚϧνόΠτରԠؔ਺(mbؔ਺)Λ࢖͏ࣄͰਖ਼͘͠ॲཧ͕Ͱ͖Δ » ͨͩ͠ɺੈͷத͸UTF-8͚ͩͰ͸ͳ͍ » UTF-16LE, SJIS, EUC-JP ...

Slide 16

Slide 16 text

mbؔ਺͸ɺѻ͏จࣈίʔυΛઃఆ͔Β൑அ͍ͯ͠Δ php > var_dump( ini_get("mbstring.internal_encoding")); string(5) "UTF-8" » ͔ͩΒɺ͖͞΄Ͳmb_strlen͕ਖ਼͘͠਺͑ΒΕͨ » mbstring.internal_encodingͱ͍͏Ωʔʹɺ "UTF-8"ͱ͍͏஋͕͸͍͍ͬͯ·͢ɻ ͜Ε͕php.iniͷઃఆͰ͢ɻ » ͜͏͍͏ઃఆ͕ɺʢ؀ڥʹΑΔ͕ʣΏ͏ʹ200ݸҎ্͋Δ

Slide 17

Slide 17 text

ઃఆΛɺUTF-8͔Βม͑ͯΈΔ php > echo mb_strlen("͍͋͏͓͑"); 5 php > ini_set("mbstring.internal_encoding", "SJIS-win"); php > echo mb_strlen("͍͋͏͓͑"); 8 » ͱ͍͏͜ͱͰɺ಺෦ॲཧΛSJIS-win(cp932)ʹ͢Δͱ… » ͦͷ৔͔ΒΤϥʔ΋ͳ͘ɺจࣈ਺͕ਖ਼͘͠Χ΢ϯτͰ͖ͳ͘ͳΔɻ

Slide 18

Slide 18 text

ʮͳΜͰݴޠʹ͜ΜͳεΠον͕͋Δͷʁίʔυʹ͔͚͹͍͍ͷͰ͸ʁʯ » ʢͦΕ΋ʢ͋Δఔ౓ʣͰ͖·͕͢ʣ » ࠩҟΛphp.iniʹूΊɺίʔυ͸मਖ਼ແ͘ಈ͔͍ͨ͠ͱ͍͏ر๬ͱɺ » ʢ࣮ࡍɺ͜Ε͸͔ͳΓ੒ޭ͍ͯ͠Δʣ » աڈͷޓ׵ੑΛอͭͨΊͷ౒ྗͳͷͰ͢ɻ » ʢͨͱ͑͹ੲ͸UTF-8ͳΜͯ࢖ΘΕͯͳ͔ͬͨ͠ʣ

Slide 19

Slide 19 text

·ͱΊ » PHP͸ઃఆϑΝΠϧ͕͋Δ » தʹ͸େྔͷઃఆεΠον͕͸͍͍ͬͯΔ » ͦΕ͸ɺΩʔͱ஋ͷू߹Ͱ͋Δ

Slide 20

Slide 20 text

php.iniͷྺ࢙

Slide 21

Slide 21 text

php.iniͷྺ࢙ » php.ini͸php3͔Βొ৔ » 1998೥ͷࣄ » ݱࡏͷ࠷৽͸php7.1.0 » ࠓ͸2016೥ » 18೥ͷ݄೔͕ྲྀΕ͍ͯ·͢ɻ

Slide 22

Slide 22 text

PHP3.0ͷphp.ini-distʢൈਮʣ [PHP_3] engine = On ; enable PHP 3.0 parser short_open_tag = On ; allow the tag. otheʙ precision = 14 ; number of signiﬁcant dʙ y2k_compliance = Off ; whether to be year 2000ʙ safe_mode = Off safe_mode_exec_dir = max_execution_time = 30 ; Maximum execution tiʙ memory_limit = 8388608 ; Maximum amount of meʙ error_reporting = 7

Slide 23

Slide 23 text

PHP7ͷiniʢൈਮ [PHP] engine = On short_open_tag = Off precision = 14 serialize_precision = 17 zend.enable_gc = On expose_php = On max_execution_time = 30 max_input_time = 60 memory_limit = 128M error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT

Slide 24

Slide 24 text

มΘͬͯͳ͍Ͱ͢Ͷ » օ͞Μ͕਌͠Έ͋Δ߲໨͹͔Γ » safe_mode΍y2k_complianceʢջ͔͍͠ʣͱ͔͸ফ͑ͨ » memory_limitͷσϑΥϧτͱ͔͸ແ࿦(?)૿͑ͨ » error_reporting͸ఆ਺Խ » php3 213ߦ => php7 1933ߦ » ʢίϝϯτ͕ಛʹ૿͑ͨʣ

Slide 25

Slide 25 text

» ʮphp.iniͷ஌ࣝ͸20೥࢖͑Δ!ʯʢ͔ͩΒʁ » ͨͿΜ php8,9,10΋ʂʢ͋Δͷ͔ʁ » ͍҃͸PHP2020ͱ͔Ͱ΋͔ͭ͑ΔͩΖ͏ » ʮ(͓ͦΒ͘)20೥Ҏ্࢖͑Δphp.iniΛ֮͑Δͷ͸όϦϡʔ!(?)ʯ » ʮͳΜͱHHVMͰ΋͔ͭ͑Δٕज़✌ʯ » (.hdfͱ͍͏ίϯϑΟά͸ແ͔ͬͨࣄʹ͞Εͭͭ͋Δ)

Slide 26

Slide 26 text

ͱ͍͏͜ͱͰ » օ͞Μͷҙཉ͸༙͍͖ͯ·ͨ͠ʁ! » ʢҙཉ͕༙͍ͨΒਅ໘໨ʹ࿩͠ɺҙཉ͕ͳͦ͞͏ͳΒ…"ʣ

Slide 27

Slide 27 text

جૅ஌ࣝ

Slide 28

Slide 28 text

جૅ஌ࣝ » php͸ΠϯλϓϦλݴޠͰ͢ » ΢ΣϒΞϓϦέʔγϣϯ։ൃʹ࢖ΘΕΔલఏͰ͢ » ࠓ೔͸phpΛ » ࣮ߦΤϯδϯ » SAPI » ͰɺΘ͚ͯߟ͑·͠ΐ͏

Slide 29

Slide 29 text

PHPͷ࣮ߦ؀ڥͬͯ৭ʑ͋Δ » Apache+mod_php » Apache+CGI » nginx+FastCGI » IIS+FastCGI » builtin server » (΋ͬͱ͋Δ)

Slide 30

Slide 30 text

PHPͷੌ͍ॴ » ͜ΕΒόϥόϥͷ࣮ߦ؀ڥͰ » ʮಉҰίʔυͷWordPress͕ಈ͘ʯ » ͱ͍͏Ϩϕϧͷޓ׵ੑ͕͋Δ » ͭ·Γ…

Slide 31

Slide 31 text

PHP͸ɺίʔυमਖ਼ແ͠ʹ 12ԯ ͷαΠτͰಈ͘ʂ

Slide 32

Slide 32 text

ʮ30ԯͷσόΠεͰಈ͘Javaʹ͸ෛ͚ͨʢʣʯ

Slide 33

Slide 33 text

ʢࡶͳࣄΛ͍͍·ͨ͠ʣ » ਺ࣈͷཧ۶ͷग़య » Netcraftᐌ͘ɺωοτͷαΠτ਺͸໿15ԯɺ » https://news.netcraft.com/archives/2016/11/22/ november-2016-web-server-survey.html » w3techsᐌ͘ɺPHPγΣΞ͸82% » https://w3techs.com/ » ʢ15ԯͷ80%͕12ԯʣ

Slide 34

Slide 34 text

େ෼਺ࣈ͸੝Γ·͕ͨ͠ » ࣮ࡍɺPHPͷ99%ͷ࣮ߦ؀ڥͰ » ͋ͷWordPress΍Β͕ » PHPͷίʔυमਖ਼ෆཁͰ͏͘͝ʂ » ͜Εͦ͜PHP!!

Slide 35

Slide 35 text

» ʮઈରͩͳʁྫ֎ͳ͠ʁʯʮ΢ο…શ෦ࢼͨ͠༁Ͱ͸ແ͍…ʯ » ʮগͳ͘ͱ΋ɺCLI͸ผ…ʯʮӕ͖ͭͩʂʂʯ

Slide 36

Slide 36 text

ʢҰ෦ͷΈͳ͞Μʣ ʮ͑ͬɺͦΕͬͯੌ͍ͷʁʯ

Slide 37

Slide 37 text

» ʮ͡Ό͋ɺPerlͰɺmod_perlͱCGIͱPlackͰ̍ίʔυͰಉ౳ʹಈ ࡞͢Δ΢ΣϒΞϓϦͷॻ͍ͯΑʂʂʂʂʯ » ʮ͡Ό͋ɺRubyͰʢ͈́ʯ » ʮ͡Ό͋ɺ͡Ό̱ʢ͈́ʯ » ʮʢ͈́ʯ » ʢεʔύʔΤϯδχΞͳΒॻ͚Δ͔΋͠Εͳ͍͚Ͳɺ ɹ૬౰มͳίʔυʹͳΔʣ

Slide 38

Slide 38 text

؀ڥͷࠩΛຒΊͯΔͷ͕SAPI » SAPI͕ɺ؀ڥͱPHPΤϯδϯͷؒͰͱΓͳ͍ͯ͠Δ » SAPIͷ͓ӄͰɺphpʢͰॻ͔ΕͨϓϩάϥϜʣ͸ » echo͢Ε͹ϒϥ΢βʹग़Δ » Τϥʔ͕ΤϥʔϩάʹͰΔ » $_POST΍$_FILEͰύϥϝλ͕ͱΕΔ » ແ৺Ͱηογϣϯ͕࢖͑Δʢ$_COOKIE౳ɺhttpϔομʣ » …ͱ͍ͬͨ͜ͱ͕ීวతʹѻ͑Δ

Slide 39

Slide 39 text

SAPIͱ͸ʁ » Server API ͷུ » mod_phpɺCGIɺFastCGIɺCLIɺ౳ʑ » ૊Έ߹ΘͤΔhttpd΍؀ڥʹ߹ΘͤͯબͿ » apacheͳΒmod_php,CGI,FastCGI » nginxͳΒFastCGI » IISͳΒCGI,FastCGI

Slide 40

Slide 40 text

ͦΕͧΕͰ݁ߏҧ͏ » ಉ͡ʮPHPʯ͚ͩͲɺSAPIຖʹҧ͏όΠφϦͩͬͨΓ͢Δ » mod_php͸libphp7.soɺCGI͸php-cgiɺCLI͸php » ʢFastCGIͱCGIΈ͍ͨͳྫ֎΋͋Δ͚Ͳʣ

Slide 41

Slide 41 text

» httpdͱಉҰϓϩηεͰ͏͘͝ ʢmod_phpʣ » ඪ४ೖग़ྗͰ΍ΓͱΓ͢Δ ʢCGI,CLIʣ » FastCGIϓϩτίϧͰ΍ΓऔΓ͢Δ ʢFastCGIʣ » httpͰ΍ΓऔΓ͢Δ …ͷ͸ͳΜͱແ͍ » ʢBuiltin server͸։ൃ༻Ͱ͢ʣ

Slide 42

Slide 42 text

» (ྫ֎΋͋Γ·͢) » (ʮPHPࣗମʯ͕httpdʹͳΔ΍ͭͱ͔ » (reactPHP » (Swoole » (AppServer.IO » (౳ » (Ͱ΋ɺݟͨࣄͳ͍Ͱ͠ΐʁ)

Slide 43

Slide 43 text

Ͱɺຊ୊ͷphp.iniͱSAPIɺͲ͏ؔ܎͕ʁ » ৭ʑΛSAPI͕ٵऩͯ͠ɺphpίʔυʹ͸ޓ׵ੑ͕͋Δ » ͔͠͠ɺphp.ini͸ͦ͏΋͍͔ͳ͍ͷͰ͋ͬͨ » αʔόʔߏ੒͕શવҧ͏ » ౰વɺઃఆͷ࢓ํ΋݁ߏҧ͏ » ໪࿦ɺઃఆͰ͖Δ߲໨͕ଟগҧ͏ » ͭ·Γɺphp.iniΛ஌Δʹ͸SAPIΛҙࣝ͢Δඞཁ͕͋Δ

Slide 44

Slide 44 text

۩ମతʹ͸ʁ » ޙड़͠·͢ » php.iniͷ৔ॴ͕ҧ͏ » օେ޷͖.htaccess͕ͳ͔ͬͨΓ » σϑΥϧτ஋͕มΘΔ » ౳

Slide 45

Slide 45 text

్த·ͱΊ » ༷ʑͳ࣮ߦ؀ڥ͕͋Δ͕ɺphp͸Ͳ͜Ͱ΋ಉ༷ʹಈͧ͘ʂ! » ࠩҟ͸SAPI౳͕ٵऩ͍ͯ͠Δ" » ͔͠͠ɺphp.iniʢ΍ͦͷपลʣ͸ͦͷݶΓͰ͸ͳ͍# » ʢͱ͸͍͑ɺϝδϟʔͳ؀ڥͷ৘ใ͸άάΕ͹͙͢Ͱ͖ͯ·͢ɻ ɹେਓؾPHPͩ΋Μʣ » ʢ"PHP ʹΑΔ hello world ೖ໳"ͱ͍͏هࣄ͕ͱͯ΋ྑ͍Ͱ͢ ɹhttp://tech.respect-pal.jp/php-helloworld/ʣ

Slide 46

Slide 46 text

php.iniΛݟΔ

Slide 47

Slide 47 text

[PHP] ;;;;;;;;;;;;;;;;;;; ; About php.ini ; ;;;;;;;;;;;;;;;;;;; ; PHP's initialization ﬁle, generally called php.ini, is responsible for ; conﬁguring many of the aspects of PHP's behavior. ུ engine = On expose_php = On max_execution_time = 30 max_input_time = 60

Slide 48

Slide 48 text

Ͳ͜ʹ͋Δͷ͔! » /etc ҎԼΛ୳͢ » CLIͰ php --ini » phpinfo() ͷʮLoaded Configuration Fileʯͱ ʮAdditional .ini files parsedʯ » php_ini_loaded_ﬁle() ͱ php_ini_scanned_ﬁles();ͷฦ஋

Slide 49

Slide 49 text

஫ҙ » ✅ʮௐ΂͍ͨ؀ڥͷɺௐ΂͍ͨϑΝΠϧͰ͠Β΂Ζʂʯ » ⚠ʮCLIͷphpͱɺوํ͕ௐ΂͍ͨ؀ڥ͸ຊ౰ʹಉ͡php͔ʁʯ » ·Δ͖ͬΓผͷϑΝΠϧͳΜͯࣄ͕βϥʹ͋Δ# » SAPIͰphp.iniͷ৔ॴ͕ࢦఆͰ͖Δ » ଞʹ΋͋Δ͚Ͳޙड़ » ⚠ඇtext/htmlͳAPI౳͸phpinfo()͸໘౗ͩͧʢޙड़ʣ

Slide 50

Slide 50 text

ඞવతʹ » php_ini_loaded_ﬁle() ͱ php_ini_scanned_ﬁles();ͷฦ஋͕ɺ ҆શͩͱ͓΋ΘΕ·͢ʢݸਓతҙݟͰ͢ʣ » ͜ΕΛฦ஋Ͱऔಘ͠ɺͲ͔͜ͷϑΝΠϧʹͰ΋ॻ͖ग़͍ͯͩ͘͠͞ » ʢ!ʮ໘౗ɺ஫ҙ͢Ε͹php --ini΍phpinfoͰ͍͍ͷͰ͸ʁʯ ɹ"ʮ͸͍ɺ΅͘΋Αͦ͘ΕͰௐ΂·͢ʯʣ

Slide 51

Slide 51 text

ௐ΂͍ͨॴʹίʔυૠೖ $info = php_ini_loaded_ﬁle().",\n"; $info .= php_ini_scanned_ﬁles(); error_log($info); // ϑΝΠϧʹग़ྗ ҎԼ݁Ռ /Users/uzulla/.phpenv/versions/7.0.1/etc/php.ini, /Users/uzulla/.phpenv/versions/7.0.1/etc/conf.d/xdebug.ini, /Users/uzulla/.phpenv/versions/7.0.1/etc/conf.d/my_special.ini

Slide 52

Slide 52 text

tips: σόοάϩάΛͲ͔͜ʹग़͢ͳΒ… » ﬁle_put_contents('/tmp/info.txt', $info); » ఆ൪ɺָͰ͸͋Δ » ೋճ૸ͬͨΒ্ॻ͖͞ΕͪΌ͏…ʢAppend͢Δʁʣ » /tmp ʹݟ͔ͭΒͳ͍ࣄ΋ » ࠷ۙ͸ private tmp ͱ͍͏΋ͷ͕͋ͬͯͳ…

Slide 53

Slide 53 text

» phpʹ͸error_log()ͱ͍͏ศརؔ਺͕͋Δ » error_log($info); » نఆͷΤϥʔϩάʹͰ·͢ » ʢͨͱ͑͹ɺapacheͷerror_logʹग़Δʣ » error_log($info, $ﬁlename); ͱϑΝΠϧ໊ࢦఆ΋Ͱ͖·͢ » ʮ௕͍ͱ੾ΓࣺͯΒΕΔͷͰɺͦͷ৔߹͸php.iniͰ log_errors_max_lenΛ;΍͠·͠ΐ͏ʯʮ͏ʔΜʯ

Slide 54

Slide 54 text

ॴͰ… » php.iniͬͯҰ͔ͭ͠ͳ͍ΠϝʔδͳΜ͚ͩͲɺͳΜͰෳ਺͋Δͷʁ /Users/uzulla/.phpenv/versions/7.0.1/etc/php.ini, /Users/uzulla/.phpenv/versions/7.0.1/etc/conf.d/xdebug.ini, /Users/uzulla/.phpenv/versions/7.0.1/etc/conf.d/my_special.ini

Slide 55

Slide 55 text

» Config file scan directoryͱΑ͹Εɺ࠷ۙΑ͔ͭ͘ΘΕ͍ͯ·͢ » php --ini ౳Ͱ͠Β΂ΒΕ·͢(Scan for additional .ini files) » ༗ΔσΟϨΫτϦҎԼͷ *.ini ͕શ෦ಡ·Ε·͢ɺ/etc/php.ini ͱ ಉ౳ » ʮΠϯϑϥετϥΫνϟʔΞζίʔυʹͽͬͨΓ!ʯ » ʢphp.iniͷઃఆΛॻ͖׵͑Δͷʹɺsedͱ͔΋͏ͨ͘͠ͳ͍͔Β Ͷ…ʣ » ͳ͓ɺಉҰͷઃఆهड़͕͋ͬͨ৔߹ɺ্ॻ͖͞Ε·͢

Slide 56

Slide 56 text

·ͱΊ » php.iniͷ৔ॴ͕օ͞ΜΘ͔Γ·ͨ͠Ͷ » ܁Γฦ͠ʹͳΔͷͰ͕͢ɺ͔ͳΒͣ ✅ʮௐ΂͍ͨϑΝΠϧͷɺௐ΂͍ͨߦͰௐ΂Δʯ ࣄΛ๨Εͳ͍Ͱ͍ͩ͘͞Ͷɻ

Slide 57

Slide 57 text

php.iniΛॻ͘

Slide 58

Slide 58 text

» php.ini͸ςΩετͷઃఆϑΝΠϧͰ͢ » ݟͨΒղΔఔ౓ͷγϯϓϧͳ΋ͷͰ͢ » Ͳ͏͍͏߲໨͕͋Δ͔͸ɺphp.netΛΈΑ͏ʢࡶʣ

Slide 59

Slide 59 text

ϑΥʔϚοτʹ͍ͭͯ ; comment here [hoge] key = value key2 = "this is value2" key3 = On key4 = This is value4 ; ΫΦʔτ͸࣮͸ෆཁ

Slide 60

Slide 60 text

» γϯϓϧͳɺΩʔͱ஋ϖΞ » ;ͷޙ͸ίϝϯτͰ͢ » [ʙ]͜Ε͸ແࢹ͞Ε·͢ɺԿΛॻ͍ͯ΋ҙຯͳ͍Ͱ͢ɻ » ͦ͏ʮ⚠sectionʹҙຯ͸ແ͍ʯΜͰ͢ʢҎ֎ͱ஌ΒΕͯͳ͍ʣ » ໨ҹͰ͔͠ͳ͍ » (hoge[] = fugeͱ͍͏ॻ͕ࣜ͋Δ͕ɺݟ͔͚ͳ͍)

Slide 61

Slide 61 text

ܕ͸(࣮࣭)ೋछྨ͚ͩ » String » Boolean » On/Off, true/false, yes/no,none » ⚠boolean͸ஸೡʹ͔͍͋ͭ·͠ΐ͏

Slide 62

Slide 62 text

» (integer) » ʢͬͯ͋Δ͚Ͳɺ࣮࣭StringͰ͸…ʣ

Slide 63

Slide 63 text

ಉ͡Ωʔ͕͋Ε͹ɺ্ॻ͖Ͱ͢ mbstring.strict_detection = On mbstring.strict_detection = Off // OffʹͳΓ·͢ » ॏෳ͸ΤϥʔʹͳΓ·ͤΜ

Slide 64

Slide 64 text

» ͨͩ͠ɺॱং͕ҙຯΛ࣋ͭ৔߹΋͋Γ·͢ » ྫɿmbstring.languageͱmbstring.internal_encoding » ྫɿdefault_charsetͱinternal_encoding » ʢলུ͞Εͨͱ͖ɺ͋Δ஋Λ҉໧ͰσϑΥϧτͱͯ͠࢖͏ɺ౳ʣ

Slide 65

Slide 65 text

ಥવphp.iniΫΠζʂ

Slide 66

Slide 66 text

ҎԼͷߦɺͲΕ͕ʮΤϥʔʯʂʁ k1 = 1 k2 = True k3 = On k4 = "On" k5 = text contain new line. k6 = text

Slide 67

Slide 67 text

ਖ਼ղ͸ɺʮΤϥʔʯʹ͸ͳΓ·ͤΜʂʂ » ʮΤϥʔͰ͓͜ΒΕͳ͍͚Ͳʯk5ͷ஋͸"text contain"ͱͳΔ » A=B ܗࣜҎ֎͸ಡΈඈ͹͞ΕΔ » ⚠ͭ·Γɺϛεͬͯ΋͖͔ͮͳ͍ͧʢ஫ҙʂʣ » ⚠BooleanʹޡͬͨςΩετΛ͋ͯͯ΋ແࢹ͞Ε·͢ » Α͋͘Δྫ: hoge = enable ͱ͔…

Slide 68

Slide 68 text

ୈೋ໰

Slide 69

Slide 69 text

ҎԼͷߦɺͲΕ͕ʮΤϥʔʯʂʁ ೔ຊਓ = ೔ຊޠ # hoge = 1 1 echo ! ⭕=❌ [] ]

Slide 70

Slide 70 text

ਖ਼ղ͸ɺʮΤϥʔʹͳΓ·ͤΜʯʂʂʂʂ » ⚠܁Γฦ͠ʹͳΓ·͕͢ɺϛεͬͯ΋ؾ͚ͮͳ͍ͧ

Slide 71

Slide 71 text

ΤϥʔʹͳΔͷ͸ҎԼ͘Β͍Ͱ͢ » ߦͷઌ಄ʹ = » ಉҰߦʹ ] Ͱด͡ΒΕ͍ͯͳ͍ [

Slide 72

Slide 72 text

ͱ͜ΖͰɺಠࣗͷΩʔ͸ೖΕΒΕΔͷ͔ʁ » ࣗ෼ͷΞϓϦͷม਺ͱ͔ɺτʔΫϯͱ͔ » ෆՄೳͰ͢ɺແࢹ͞Ε·͢ɻ » ͦ͏͍͏ศར؀ڥม਺Ͱ͸ͳ͍

Slide 73

Slide 73 text

؀ڥม਺ΛಡΈࠐΊΔΑ » mysqli.default_user = ${MYSQL_DEFAULT_USER} » ͔ͭͬͨ͜ͱ͸΄΅ແ͍ͳ…! » ʢPHPੈքͰ͸ɺ͋·Γ؀ڥม਺͸͔ͭΘΕͳ͍(ओ؍ʣʣ

Slide 74

Slide 74 text

ΤϥʔʹͳΒͳ͍ͷා͍ʁlint͍ͨ͠ʁ » iniΛύʔε͢Δؔ਺͸͋Γ·͢ » parse_ini_ﬁle, parse_ini_string » http://php.net/manual/ja/function.parse-ini-file.php php > var_dump(parse_ini_ﬁle('dummy.ini')); array(9) { ["k1"]=> string(1) "1" ུ

Slide 75

Slide 75 text

» ͨͩ͠ɺʮphp.iniʯͱͯ͠ਖ਼͍͔͠Ͱ͸ͳ͍ » ⚠php.iniͱͯ͠ਖ਼͍͔͠lint͢Δπʔϧ͸ແ͍ » ʢͭΒ͍ʣ » ํ๏͸ޙड़͠·͕͢ɺઃఆͨ͠Βඞͣ֬ೝ͠·͠ΐ͏

Slide 76

Slide 76 text

൓ө͢Δʹ͸… » php ࣮ߦ؀ڥΛ࠶ىಈ » apache » php-fpm » ౳

Slide 77

Slide 77 text

൓ө͞Εͳ͍Μ͚ͩͲʁ! » ͪΌΜͱ࠶ىಈͨ͠ʁCLIͱmod_php͸ผͰ͢Α » nginxΛ࠶ىಈͯ͠ͳ͍ʁ(fpmΛ࠶ىಈ͠·͠ΐ͏) » php.iniͷ৔ॴɺؒҧ͑ͯͳ͍ʁ » ಠཱͨ͠phpinfo()Ͱ͸൓ө͞Εͯͳ͍ʁ » ൓ө͕ޙʑ্ॻ͖͞Ε͍ͯͳ͍ʁʢޙड़ʣ » ҰԠϩά΋ݟΑ͏

Slide 78

Slide 78 text

·ͱΊ » php.ini͸ςΩετͷઃఆϑΝΠϧ » จ๏ϛε΍هೖϛε͸εϧʔ͞ΕΔͧ » ઃఆͨ͠Βɺ͙֬͢ೝ » ൓өʹ͸࠶ىಈ

Slide 79

Slide 79 text

php.iniΛௐ΂Δ

Slide 80

Slide 80 text

» !ʮ͖ͬ͞࿩ͨ͠ͷͰ͸ʁʯ » "ʮphp.iniϑΝΠϧ(ઃఆ)ͱɺphp.ini(ݱ࣮)͸ҧ͏ʯ

Slide 81

Slide 81 text

Ͳ͜Ͱ΋ઃఆͰ͖ͯศརͳphpͷઃఆ৔ॴࣄྫ » php.ini ΍ scan dirͷ.ini » httpd.conf ΍ nginx.conf » .htaccess ΍ .user.ini » ϢʔβʔϓϩάϥϜ಺ » ʮ͋Δؔ਺(౳)Λ࣮ߦ͢Δͱɺ҉໧ʹมΘΔʯ » ؀ڥม਺ɺWindowsͷϨδετϦ…etcetc

Slide 82

Slide 82 text

» ͭ·Γɺphp.iniʢϑΝΠϧʣΛ͍͘Βݟͯ΋ແବͱ͍͏͜ͱͩʂ ϫϋϋϋʂ!

Slide 83

Slide 83 text

» ϫϋϋͰ͸ͳ͍!

Slide 84

Slide 84 text

ͳ͓ » ʮͲ͜Ͱઃఆ͞ΕΔ͔ʯΛશ෦ௐ΂Δࣄ͸ࠔ೉ » ͦ΋ͦ΋ɺͲ͜Ͱઃఆ͞Εͨͷ͔͕໾ཱͭࣄ΋গͳ͍ » ⚠มΘ͍ͬͯΔͱ͍͏͜ͱ͸ɺͲ͔͜Ͱҙਤ͕͋ͬͯ΍͍ͬͯΔ » ⚠্ҐͰ͔͑ͪΌ͏ͱϩΫͳ͜ͱʹͳΒͳ͍

Slide 85

Slide 85 text

͓΋͍ͩ͠·͠ΐ͏ » ✅ʮௐ΂͍ͨ؀ڥͷɺௐ΂͍ͨϑΝΠϧͰ͠Β΂Ζʂʯ

Slide 86

Slide 86 text

» ͱɺ͍͏͜ͱͰɺօ͞Μ͸php.iniʢཧ૝ʣΛݟ্ͨͰɺphp.iniʢݱ ࣮ʣ΋ݟΔඞཁ͕͋Δͷͩͬͨ…ɻ

Slide 87

Slide 87 text

ௐ΂ΔͨΊͷؔ਺ » phpinfo > লུ » ini_get > Α͔ͭ͘͏ » ini_get_all > ࢲ͸Α͔ͭ͘͏ » get_cfg_var > ໨త͕ҧ͏

Slide 88

Slide 88 text

࢝·ΓͱऴΘΓͷ஍ɺphpinfo()

Slide 89

Slide 89 text

ม਺ʹΩϟϓνϟ͸Ͱ͖ͳ͍ͷͰ… ob_start(); phpinfo(); $info = ob_get_clean(); ﬁle_put_contents('/tmp/phpinfo.html', $info); » ͠ΜͲ͍ɺͷͰɺඍົɻ

Slide 90

Slide 90 text

ini_get() » ini_get ( string $varname ) » ݱࡏͷઃఆΛҰͭऔಘͰ͖Δ » ⚠ࣦഊ࣌ʹ͸False͕ฦΔ » ⚠ฦ஋͸ʮStringʯͰ͋Δ

Slide 91

Slide 91 text

ʮࣦഊ࣌ʹfalseΛฦ͠·͢ʯ » ϛΤϛΤͷ᠘ » ⚠PHPͷࣗಈม׵ͰɺfalseͱۭจࣈΛϛεΔ » Α͋͘Δϛε͕ҎԼ if( ini_get('display_error') ){ die('display_error͸ফ͠·͠ΐ͏'); }

Slide 92

Slide 92 text

if( ini_get('display_errors') ){ die('display_errors͸ফ͠·͠ΐ͏'); } » ʢ͜ͷίʔυ͕Ͳ͏ͳͷ͔ɺͱ͍͏ͷ͸ଞॴʹஔ͘ͱͯ͠ʣ » ͨͩ͘͠͸display_errorsʢݸਓతʹΑ͋͘ΔTypoʣ » ΩʔΛؒҧ͑Δͱɺ͔ͳΒͣfalseʹͳΔ » ʮ·͋ɺ===΍Ε͹͍͍Ͱ͢ΑͶʂʯʢ܇࿅͞Εͨਓؒͷൃ૝ʣ

Slide 93

Slide 93 text

ʮini_get͸StringͰฦ͖ͯ͠·͢ʯ » ͦ͏Ͱ͔͢ » ΈͯΈ·͠ΐ͏

Slide 94

Slide 94 text

// php.iniʢϑΝΠϧʣͰ͸ Off ͩͱ… short_open_tag = Off // ͜ͷΑ͏ʹۭจࣈ͕ฦͬͯ͘Δ php > var_dump(ini_get('short_open_tag')); string(0) "" » php.ini هड़ͷ··Ͱ͸ͳ͍ʢྫ֎΋͋Δʣ » มΘΔͷ͸ྑ͍͕ɺॳݟࡴ͠Ͱ͢ » ͳͥ On/Offɺtrue/falseɺ1/0 ౳Ͱͳ͍ͷ͔… » ʮࣗಈม׵ͷPHPͰ͢ɺ׳Ε·͠ΐ͏!ʯ

Slide 95

Slide 95 text

php > var_dump( ini_get('upload_max_filesize')); string(4) "2M" » upload_max_filesize ͸هड़͕ͦͷ··Ͱ͖ͯ·͢ » upload_max_filesize ͷࢦఆʹ͸ɺK,M,GͳͲͷ୹ॖه๏͕࢖͑ͯਓ ͕ಡΈ΍͘͢Ͱ͖Δɻ » http://php.net/manual/ja/ faq.using.php#faq.using.shorthandbytes » ͔͜͠͠ΕʹΑͬͯҾ͖ى͜͞ΕΔ൵ܶʂ()

Slide 96

Slide 96 text

php > echo ini_get('upload_max_ﬁlesize'); 2M // 2Mbyte = 2*1024*1024 if( 1*1024*1024 > ini_get('upload_max_ﬁlesize') ) { die("plz more!!!"); } //-> plz more!! // ͋ΕΕΕʁ php > echo (int)"2M"; // "2M"Λ਺஋΁Ωϟετ 2 » ⚠օ͞Μ͝ଘ͡ɺ"2M" ͕ධՁͰ 2 ʹͳΔ҆ఆͷࣗಈม׵ » ͪͳΈʹɺ୹ॖه๏ΛόΠτʹม׵͢Δؔ਺͸ͳ͍ɻͳΜͰ΍… » ֤ࣗॻ͔͘ɺൿ఻ͷͨΕΛάάΓ·͠ΐ͏(෗ͬͯͳ͍͔֬ೝ΋)

Slide 97

Slide 97 text

࿩Λ໭ͯ͠ » ini_get()ͷ࿩Ͱͨ͠Ͷ

Slide 98

Slide 98 text

ini_get_all() » ini_get_all([str $extension [,bool $details]]) » ݱࡏͷઃఆΛɺશ෦ΛऔಘͰ͖Δ » Ҿ਺͸(null, false)͕͓͢͢Ί » ฦ஋͸Ωʔͱ஋ͷ഑ྻ

Slide 99

Slide 99 text

php > var_dump(ini_get_all()); array(233) { ["allow_url_fopen"]=> // Ωʔ໊ array(3) { ["global_value"]=> // άϩʔόϧͷ஋ʢʁʣ string(1) "1" ["local_value"]=> // ݱࡏͷ஋ string(1) "1" ["access"]=> // ΞΫηεϨϕϧ int(4) }

Slide 100

Slide 100 text

null, false ࢦఆྫ php > var_dump( ini_get_all(null,false)); array(233) { ["allow_url_fopen"]=> string(1) "1" ["allow_url_include"]=> string(0) ""

Slide 101

Slide 101 text

໪࿦͜͏͢Ε͹୯ମͷ஋΋ͱΕ·͢ var_dump( ini_get_all(null, false)['display_errors'] ); string(0) "" » ⚠ͱ͜Ζ͕ɺini_getͱ͸ڍಈ͕ҟͳΔ

Slide 102

Slide 102 text

php > var_dump(ini_get('upload_tmp_dir')); string(0) "" php > var_dump(ini_get_all(null, false)['upload_tmp_dir']); NULL // ಥવͷNULLʂʂ » ʮ໊લ͕ࣅͯΔ͚ͩͰɺೋͭؔ਺ͷฦ஋͕ಉ͡ͱ୭͕ݴͬͨʁʯ » ຊདྷ upload_tmp_dir ͸ɺ(php.netᐌ͘)σϑΥϧτ͕NULL » ini_getͷ΄͏͕ਖ਼͘͠(?)ͳ͍ » ܕΛҙࣝͨ͘͠ͳΓ·͢Ͷʂ

Slide 103

Slide 103 text

ͭ·Γɺ஋͸औΕΔ͕ཁ஫ҙ » ࠓճ͸var_dumpΛ͔ͭͬͯ·͕͢ɺฦ஋͕ͳ͍ͷͰॻ͖ग़ͮ͠Β͍! » phpinfoͱಉ༷ɺob͔ͭ͑͹औΕΔ » print_rͰ͸ฦ஋ʹग़དྷΔͷʹ…

Slide 104

Slide 104 text

ΈΜͳେ޷͖print_r͸… php > echo print_r("",1); // ͳʹ΋Ͱͳ͍ php > echo print_r(null,1); // ͳʹ΋Ͱͳ͍ php > echo print_r(true,1); // true͸1ʹͳΔ… 1 » ͜ͷΑ͏ʹprint_r͸ܕΛͩ͞ͳ͍ » ͠ܕͳ͍ͷͰɺผͷಓ۩͕ඞཁ

Slide 105

Slide 105 text

༨ஊɿ͜ͱ͋Δຖʹ͜ͷෆຬΛݴ͏ࢲ » var_dump͸ɺԿނม਺ʹΩϟϓνϟͰ͖ͳ͍ͷͩΖ͏… » ΈΜͳࢥ͏Ͱ͠ΐ…ࢥΘͳ͍ʁ » ๭ࣝऀʮob͔͓ͭ͏ΑʯࢲʮͳΜͰ΍ʂob͞ΘΓͨ͘ͳ͍͠ɺΊΜ Ͳ͍΍Ζʂʯ » ผͷࣝऀʮਂԕͳΔཧ༝͕͋ΔͷͩΖ͏ʢ࡞ͬͯΔਓʹฉ͚ʣʯࢲ ʮ͔ͨ͠ʹ…ʯ

Slide 106

Slide 106 text

meanwhile in php conference 2015... » PHP࡞ऀͷϥεϜε͕͖͍ͯͨ » ʮࣃϒϥγʯͰ༗໊ͳਓ » ϔλͳӳޠͰ͜ͷ݅Λ௚ૌ࣭໰ » ࡞ऀʮͦΕ͸ͦ͏͍͏΋ͷͩɺobΛ͔ͭ͑!ʯࢲʮ͸͍…"ʯ » PHPʹٹ͍͸ͳ͔ͬͨ » ࢲʹ৯͍Լ͕Δӳޠྗ΋ͳ͔ͬͨ(fin…)

Slide 107

Slide 107 text

༨ஊऴΘΓ » var_dumpͷر๬͸௵͑·ͨ͠ͷͰɺଞͷख๏ͷ঺հ

Slide 108

Slide 108 text

serialize() php > echo serialize(0); // i:0; php > echo serialize("false"); // s:5:"false"; php > echo serialize(false); // b:0; php > echo serialize(null); // N; » Ұจࣈ໨Ͱܕ͕Θ͔ͬͯศརʂ! » i:int, s:string, b:bool, N:null » օɺPHPͷγϦΞϥΠζܗࣜΛಡΉΑ͏ʹͳΓ·͢ʢΑͶʁʣ

Slide 109

Slide 109 text

json_encode php > echo json_encode(""); // "" php > echo json_encode(null); // null php > echo json_encode(true); // true php > echo json_encode("true"); // "true" php > echo json_encode(1); // 1 php > echo json_encode("1"); // "1" » ܕ΋ɺͪΌΜͱΈΕ͹Θ͔Δ!

Slide 110

Slide 110 text

ݸʑͰͳ͘ɺશ෦ͷઃఆΛݟ͍ͨ࣌͸ php > echo json_encode(ini_get_all(null,false), JSON_PRETTY_PRINT); { "allow_url_fopen": "1", "allow_url_include": "", "arg_separator.input": "&", » ݁ՌΛjson_encodeͰɺJSON_PRETTY_PRINT » ൺֱʹ΋ศརͰ͢ʢॏཁʣ!

Slide 111

Slide 111 text

jsonͱdiffͰࡶʹൺֱ͢Δྫ! $ diff 56.json 7.json 26c25 < "date.timezone": "Asia\/Tokyo", --- > "date.timezone": "", 42c41 < "error_reporting": "-1", --- > "error_reporting": "22527", » ֤ࣗπʔϧΛద౰ʹ

Slide 112

Slide 112 text

tips͓ΘΓ » ✅ී௨͸ json_encode() ͕Ұ൪Ͱ͸ʁ » ػցతॲཧʹ΋޲͍͍ͯΔ » ଞʹvar_export()ͳͲ΋͔ͭ͑·͢ɺ΄΅jsonʹ͍ۙ͠ݟ΍͢͞ » serialize() ΛਓྗͰಡΉͷʹ͸ɺ਺࣌ؒ͸ܦݧ͕͍Δ

Slide 113

Slide 113 text

get_cfg_var » ॳظͷphp.iniͷઃఆΛऔಘͰ͖Δ » ·͋ɺ࢖Θͳ͍ » ini_get_allͷ$detail=trueͰ·͔ͳ͑Δ

Slide 114

Slide 114 text

தٳΈ » ini_get/ini_get_allͰݱࡏͷઃఆΛ֬ೝ » ✅ܕ΍ɺ୹ॖه๏ͷةݥੑΛ͖ͪΜͱҙࣝɺ೺Ѳ͠Α͏ » ⚠ಛʹini_getͷฦ஋͕Stringͳͷ͸஫ҙͤΑ » #ini_get_allΛjson_encodeͳͲͰ੔ܗ͢ΔͱҰཡੑߴ͍͠ɺjson ͔ͩΒൺֱʹศར

Slide 115

Slide 115 text

php.iniʹ ઃఆ͢Δ

Slide 116

Slide 116 text

» ֬ೝͨ͠Β࣍͸ઃఆͰ͢ΑͶ » ʮ΋͏΍ͬͨͷͰ͸ʁʯʮͦͷ݅Ͱ͸ͳ͍ʯ » php.ini(ϦΞϧ)ͷઃఆ͸ʮ࣮ߦ࣌ʹมߋͰ͖Δʯ ࢮ

Slide 117

Slide 117 text

ઃఆʹ͔ͭ͏ؔ਺ » ini_set() » ΄Μͱ͏ʹΑ͔ͭ͘͏ » ini_alter()ͱ͍͏Alias͕͋Δ͕ɺݟ͔͚ͨࣄ͸ͳ͍ » ini_restore() » ࢖ͬͨ͜ͱͳ͍

Slide 118

Slide 118 text

ini_set » ini_set ( string $varname , string $newvalue ) » Ωʔͱ஋Ληοτ͠·͢ » ஋͸StringͰ͢ʢ஫ҙʣ » ⚠ฦ஋͸ʮมߋલͷ஋ʯͰ͢ʢ஫ҙʣ » ⚠ࣦഊ࣌͸FALSE͕ฦΓ·͢ʢ஫ҙʣ » ⚠ઃఆͰ͖ͳ͍΋ͷ΋͋Γ·͢(ޙड़)

Slide 119

Slide 119 text

஋͸StringͰ͢ » ѱ͍༧ײ͔͠͠ͳ͍! » ࣮ࡍѱ͍ࣄʹɺ᠘͕͋Δ

Slide 120

Slide 120 text

php > ini_set('mbstring.strict_detection', 'On'); php > var_dump(ini_get('mbstring.strict_detection')); string(2) "On" php > var_dump(mb_get_info()['strict_detection']); string(3) "Off" <-- !!?? » mbstring.strict_detectionͰ֬ೝ » boolܕͳͷͰɺphp.iniͰ͸"On"Λࢦఆ͢Δ » ͔͠͠ini_set ͸ɺ"On"Λਖ਼͘͠ड͚෇͚·ͤΜʂ!

Slide 121

Slide 121 text

৭ʑͳ஋Λini_setܦ༝Ͱboolʹ͍ΕΔͱ… » OnʹͳΔ » true, 1, -1 » OffʹͳΔ » false, "true", "false", 0, "On", "Off" ͏ʔΜ͜ͷ!

Slide 122

Slide 122 text

ࢿྉΛΈͯΈ·͠ΐ͏ » php.iniͰ͸ true/false,on/off, yes/no, none ͱࢦఆ͢Δ http://php.net/manual/ja/configuration.file.php ; ࿦ཧ஋͸ɺ࣍ͷ͍ͣΕ͔Ͱࢦఆ͠·͢ ; true, on, yes ; ·ͨ͸ false, off, no, none » ͔͠͠ɺ"true"Λ͍ΕΔͱɺΦϑʹͳΔ…ͷ͕… » ·͕ͪ͑ͳ͚Ε͹Ͳ͏ͱ͍͏͜ͱ͸ͳ͍!

Slide 123

Slide 123 text

͍ͬͯ͏͔Ͷɺ » mbstring.strict_detection͸ » Booleanͱ͔͍ͯ͋Δͷʹ » (php.netᐌ͘)σϑΥϧτ͸"0"ͳΜͩΑ » ͏͙͙͙…Booleanͱ͸…

Slide 124

Slide 124 text

ͦ΋ͦ΋ɺini_get͢Δͱ » ʢલड़΋͠·͚ͨ͠Ͳʣ » BooleanͰɺOffͷͱ͖ʹini_get͢Δͱ""ʢۭจࣈʣ͕͔͑ͬͯ͘ ΔͷͰɺOffͳΜͯͳ͔ͬͨΜ΍…ɻʢ༗Γ·͢ʣ

Slide 125

Slide 125 text

ଞʹ΋ҋ͕ » σϑΥϧτNULLͷmbstring.substitute_character » ini_setͰNULLΛ͍Εͯ΋""ʹͳΔΑ͒… » ʢͨͩɺ""≒NULLͰ͋Γɺࠔͬͨ͜ͱ͸ͳ͍…ʣ php > ini_set('mbstring.substitute_character', null); php > var_dump(ini_get_all()['mbstring.substitute_character']); string(0) ""

Slide 126

Slide 126 text

ݸਓͷײ૝Ͱ͢ » ʢbool૬ख͸ʣ1ͱ0Λ࢖͏ͱΑ͍ » 0/1ͷࢦఆ͸php.iniͰ΋࢖͑·͢ » php.netʹ͸ॻ͍ͯແ͍͚Ͳ…ɻ » "On"ɺ”Off”ͷ͜ͱ͸Θ͢ΕΑ͏… » ʢݸਓͷײ૝Ͱ͢ʣ

Slide 127

Slide 127 text

தٳΈ·ͱΊ » ini_setͰphp.iniͷઃఆΛม͑ΒΕΔ » ✅Ҿ਺͸str͕ͩɺ૬ख͕boolͷ৔߹1/0͕ແ೉ʢݸਓͷײ૝Ͱ͢ʣ » ਖ਼͍͠ਓ͸ɺphp.iniͱini_setͰ࢖͍෼͚͍ͯͩ͘͞"

Slide 128

Slide 128 text

ΞΫηεϨϕϧ

Slide 129

Slide 129 text

» ઌఔͷ௨Γɺphp.iniͷઃఆ͸࣮ߦ࣌΋มߋͰ͖Δ » ͨͩ͠ɺini_setͰͦͷ৔ͰมߋͰ͖ͳ͍΋ͷ΋͋Δ » ͦͷ੍ݶΛʮΞΫηεϨϕϧʯͱ͍͏ » ̐ஈ֊ʹͳ͍ͬͯΔ

Slide 130

Slide 130 text

ΞΫηεϨϕϧ͸࢛छ » PHP_INI_ALL =>Ͳ͜Ͱ΋ઃఆՄೳɺଟ͕͘ίϨ » PHP_INI_USER =>΄΅ଘࡏ͠ͳ͍ » PHP_INI_PERDIR =>.htaccess,.user.ini,php.ini,httpd.conf(౳) » PHP_INI_SYSTEM =>php.iniɺhttpd.conf(౳)

Slide 131

Slide 131 text

» PHP_INI_ALL » Ͳ͜Ͱ΋ » PHP_INI_PERDIR » .htaccessɺ.user.ini͕ར༻Ͱ͖Ε͹Մೳ » PHP_INI_SYSTEM » αʔόʔ؅ཧऀͷΈ͕มߋՄೳ

Slide 132

Slide 132 text

ͳͥશ͕ͯPHP_INI_ALLͰ͸ͳ͍ͷ͔ » ϢʔβϓϩάϥϜ࣮ߦલʹඞཁͳ৘ใ » ηΩϡϦςΟతͳཧ༝ͳͲ » (Α΄Ͳͷࣄ͕ͳ͚Ε͹ɺALLͰ͢ɺ։์తͰ͢)

Slide 133

Slide 133 text

» ॴͰɺʮΞΫηεϨϕϧʯ໊ͬͯশ͕ਖ਼͔ࣜෆ໌ʢʁʣ » Ϩϕϧ͕هࡌ͞ΕͨҎԼͷURLͳͲʹ͸ಛʹ໊শ͕ͳ͍… » http://php.net/manual/ja/configuration.changes.modes.php » ͜͜Ͱ͔ͭΘΕ͍ͯΔͷͰɺଟ෼ਖ਼໊ࣜশͩͱ͓΋͍·͢… » http://php.net/manual/ja/function.ini-get-all.php

Slide 134

Slide 134 text

Α͋͘ΔϋϚΓɺҎԼ͸PHP_INI_ALLͰ͸ͳ͍ » PHP_INI_SYSTEM » sendmail_path » max_ﬁle_uploads » upload_tmp_dir

Slide 135

Slide 135 text

» PHP_INI_PERDIR » max_input_varsɺmax_input_time » auto_append_fileɺauto_prepend_file » post_max_size » session.use_trans_sid » short_open_tag » upload_max_filesize

Slide 136

Slide 136 text

·ͱΊ » php.iniʹ͸̐छͷΞΫηεϨϕϧ͕͋Δ » ͨͩɺ؅ཧऀ੍͕ݶͨͦ͠͏ͳɺmemory_limitͱ͔ɺ max_execution_timeΈ͍ͨͳͷ΋ALLͰ͋Δ » ηΩϡϦςΟ౳ΑΓɺΠϯλϓϦλͳͲͷಈ࡞্ͷ౎߹͕ϝΠϯͷ۠ ෼͚ͬΆ͍ » ʮphp.iniͬͯݖҖ͕ͳ͘ͳ͍…ʁβϧͰ͸ʁʯ » ΋ͬͱ΋ɺͦΕΛ๷͙खஈ΋͋Δ(ޙड़)

Slide 137

Slide 137 text

SAPIຖʹಠಛͳ php.iniͷઃఆํ๏

Slide 138

Slide 138 text

» ͢Ͱʹड़΂ͨΑ͏ʹɺSAPIͱ͍͏΋ͷ͕͋Δ » ͦΕͧΕͰɺগ͚ͩ͠ಠࣗͷઃఆํ๏͕͋Δ » php.iniͷઃఆΛ੍ݶ͢Δํ๏͕͋Δ » ͍͔ͭ͘Λ͝঺հ

Slide 139

Slide 139 text

CLI ྫɿ /etc/php.ini /etc/php/conf.d/*.ini

Slide 140

Slide 140 text

CLI » /etc/php.ini౳ » ͋Δ͍͸-c /path/to/php.ini php.iniΛύεͰࢦఆ » ͋Δ͍͸/etc/php-cli.ini ͷઃஔ » ຊདྷͷphp.iniͷdirʹɺphp-{SAPI໊}.ini͕͋Δͱphp.iniʹ༏ ઌ͞ΕΔ

Slide 141

Slide 141 text

CLI͸ಠಛ͕͋͞Δ » CLI͸͍͔ͭ͘ڍಈ͕ҧ͏ʢ૬ख͕TERMͳͷͰʣ » phpinfoग़ྗ͕txtϞʔυʹͳͬͨΓ » ࣮ߦ࣌ؒͳͲ֤छϦϛοτ͕֎ΕͨΓ » CLI͸खܰͰ৭ʑ֬ೝͰ͖Δ͕ɺσϑΥϧτ஋͕มΘΔͷͰɺςετ ʹ࢖͏࣌͸஫ҙ͠·͠ΐ͏ » cli͸-d memory_limit=-1ͳͲͱCLIΦϓγϣϯͰࢦఆՄೳ

Slide 142

Slide 142 text

apache+mod_php ྫɿ /etc/php.ini /etc/php/conf.d/*.ini /etc/apache/httpd.conf /etc/apache/conf.d/some.conf /var/www/html/.htaccess /var/www/html/abc/.htaccess

Slide 143

Slide 143 text

apache+mod_php » /etc/php.ini౳ » ͋Δ͍͸PHPIniDir ࢦఆͰphp.iniͷ৔ॴΛࢦఆ » httpd.conf΍.htaccess » ͍͔ͭ͘௥ՃͷσΟϨΫςΟϒ͕ར༻Մೳʹ

Slide 144

Slide 144 text

mod_phpͷ௥ՃσΟϨΫςΟϒ » php_value key value ͱStringͷઃఆ͕Մೳ » php_admin_value ಉ্͕ͩɺϢʔβ͕ઃఆ্ॻ͖Ͱ͖ͳ͘ͳΔ » php_ﬂag key on ͱBoolͷઃఆ͕Մೳ » php_admin_ﬂag ಉ্͕ͩɺϢʔβ͕ઃఆ্ॻ͖Ͱ͖ͳ͘ͳΔ

Slide 145

Slide 145 text

mod_phpͷ௥ՃσΟϨΫςΟϒྫ php_admin_value memory_limit 128M php_admin_value max_execution_time 10 php_ﬂag display_errors off

Slide 146

Slide 146 text

ίϐϖ͠Α͏ͱͯ͠Α͋͘Δ᠘ » (httpd.conf΍ɺಛʹ.htaccessʹ͓͍ͯ…ʣ » ʮphp_value(౳)ೖΕͨΒΤϥʔʯ » ͦͷαʔό͸mod_phpೖͬͯͳ͍ͷͰ͸ʁ » ͦͷ؀ڥ͸mod_phpͰ͸͘ɺCGI/FastCGIͰ͸ʁ

Slide 147

Slide 147 text

» ʮ൓ө͞Εͳ͍ͧʁʯ » mod_php͸ೖ͍ͬͯΔ͕ɺલड़ͷ௨ΓCGI/FastCGIͰPHPΛ͔ͭ ͍ͬͯΔ » ΞΫηεϨϕϧΛແࢹ͍ͯ͠Δ » ࢒೦ɺఆ਺͸࢖͑ͳ͍ͷͩʢྫ:E_NOTICEʣ » ࠶ىಈΛΘ͢Ε͍ͯΔ

Slide 148

Slide 148 text

CGI ྫɿ /etc/php.ini /etc/php/conf.d/*.ini /var/web/html/.user.ini

Slide 149

Slide 149 text

CGI » /etc/php.iniͳͲ » .user.ini » .htaccessͷphp_value౳ͷ୅༻ɺه๏͸php.iniͱಉ͡ » ಉҰDir͔ΒDocRoot·Ͱͷؒʹઃஔ͢Δ » Ұ౓ಡΉͱσϑΥϧτͰ̑෼Ωϟογϡ͞Ε·͢ » publicʹஔ͘=࿙Ӯʹ஫ҙʂʢ.htaccessΈ͍ͨʹ403ʹ͠Α͏ʣ

Slide 150

Slide 150 text

nginx+FastCGI ྫɿ /etc/php.ini /etc/php/conf.d/*.ini /etc/php/php-fpm.conf /etc/php/php-fpm.d/*.conf /etc/nginx/nginx.conf /var/web/html/.user.ini

Slide 151

Slide 151 text

nginx+FastCGI » جຊCGIͱಉ༷ʢphp.iniɺ.user.iniʣ » nginxͷfast_cgi_paramͰ௥ՃࢦఆՄೳ » fastcgi_param PHP_VALUE "memory_limit=-1; max_execute_time=-1"; » ಉ༷ʹɺPHP_ADMIN_VALUE΋͋Δ » /etc/php-fpm.conf(ϓʔϧઃఆϑΝΠϧɺ࣍ϖʔδ)

Slide 152

Slide 152 text

ϓʔϧઃఆϑΝΠϧ php_ﬂag[display_errors] = off php_admin_value[error_log] = /var/log/fpm-php.www.log php_admin_ﬂag[log_errors] = on php_admin_value[memory_limit] = 32M » ·ͨ৽ͨͳه๏͕͏·Εͨ…!

Slide 153

Slide 153 text

ʮ͋ΕɺWindowsͷ࿩͸ʁʯ » ͸͍ » GUIͳͲͰɺઃఆͨ͠ΓɺϨδετϦ(!)ͳͲ͕ɺ͋Γ·͢ɻ » ϨδετϦ͸͔ͭΘͳ͍Ͱɺphp.ini΍.user.iniΛ͔͍ͭ·͠ΐ͏ » ࠷ۙͷIIS͸ී௨FastCGIΒ͍͠ͷͰɺFastCGIͷࢿྉΛΈ͍ͯͩ͘͞

Slide 154

Slide 154 text

·ͱΊ » php.iniͷޙʹɺ֤SAPIʹΑΔઃఆ͕Ͱ͖Δ » ֤SAPIͰઃఆϑΝΠϧ΍ख๏͕͕ͪ͏ » ઃఆͰ͖ΔΩʔ໊ͳͲ͸ಉ͡ » ⚠ͨͩ͠ɺphpͷఆ਺͸ར༻Ͱ͖ͳ͍ʢ஫ҙʣ » ✅php_admin_*ͰɺϢʔβʔʹ੍໿Λͭ͘ΕΔ

Slide 155

Slide 155 text

όʔδϣϯؒࠩҟ

Slide 156

Slide 156 text

㙽ʹ֯มΘΔɺϚΠφʔͰมΘΔ » PHP͸ϚΠφʔόʔδϣϯΞοϓʢx.y.zͷyʣͰ΋ͬ͘͢͝มΘΔ » ʢsemverͰ͸ͳ͍ͷͰɺҙຯ͕ҧ͏͕ʣ » z͘Β͍ͳΒɺେମେৎ෉…େମͶ… » ͭ·ΓͲ͕͜มΘͬͯ΋৴༻ͮ͠Β͍ͬͯ͜ͱͩͳɺΨοϋοϋ » ʢΨοϋοϋͰ͸ͳ͍ʣ

Slide 157

Slide 157 text

͍ʹ͑͠ͷ࣮ߦ؀ڥ » PHP5.1ɺ5.2ɺ5.3͋ͨΓ͸7ͱ͸૬౰͕ͪͬͨΓ͢Δ » ʮͦͷ࣌୅Λੜ͖͖ͯͨԶͨͪʯʹ͸Α͍͚Ͳɺͦ͏Ͱ΋ͳ͍ਓ͸ͭ Βͦ͏ » php.netͷ෇࿥ΛΑΈ·͠ΐ͏ » ࣮ػͰ৺ߦ͘·Ͱࢼ͠·͠ΐ͏ » ςετ༻ʹݹ͍phpΛϏϧυ͢Δͷʹ͔ͭΕͨΒɺ ݹ͍LinuxσΟετϦΛDL͢ΔͱΑ͍Ͱ͢(ਅإ)

Slide 158

Slide 158 text

σϑΥϧτมߋΛ֬ೝ͢Δ » php.netʹ͸ʮ෇࿥ʯͱ͍͏ʮ͜Εͦ͜ຊฤʯΈ͍ͨͳ৘ใ͕͋Δ » ͦ͜ΛͪΌΜͱνΣοΫ͢Ε͹ɺେମେৎ෉ » php -n -aͰiniΛϩʔυͤͣʹini_get_allΛಈ͔ͯ͠ɺࠩΛݟΔ » ͕ࠩ͋ͬͨΒɺద੾ʹຒΊΔiniΛॻ͘ // ϦϞʔτͱखݩΛ֬ೝ͢Δ༗໊ςΫɻ͕ͩɺલड़ͨ͠Α͏ʹ҆қʹcliͰ֬ೝ͢Δͷ͸͓קΊ͠ͳ͍ɻ diff <(php -r 'phpinfo();') <(~/.phpenv/versions/5.6.9/bin/php -r 'phpinfo();') diff <(php -r 'phpinfo();') <(ssh remote 'php -r "phpinfo();"') diff <(ssh remote1 'php -r "phpinfo();"') <(ssh remote2 'php -r "phpinfo();"')

Slide 159

Slide 159 text

্͕Γଓ͚Δόʔδϣϯɺେม » ࡢࠓ͸PHPͰ΋ΨϯΨϯόʔδϣϯΛ্͍͛ͯ͘ελΠϧ » όʔδϣϯ্͛Δલʹςετ͠·͠ΐ͏Ͷʙ » php΋ɺphpenvͱ͔Ͱෳ਺όʔδϣϯ؅ཧ͠΍͘͢ͳΓ·͔ͨ͠Β » ʢೖΕ΍͍͢ͱ͸ݴ͍ͬͯͳ͍ʣ » σΟετϦͷඪ४ɺಛʹRH΍CentOS͸ͷΜͼΓͯ͠ΔͷͰɺΏΔ; Θ೿͸ͦΕͰ… » ʢver͸্͕Βͳ͍͚Ͳɺ͋Δఔ౓ύον͸߱ͬͯ͘ΔͷͰ…ʣ

Slide 160

Slide 160 text

tips ୔ࢁͷphp.iniΛ๊͑ͨԶͨͪ͸Ͳ͏͢Ε͹ » ຖճphp.iniΛΤσΟλͰ͍͡Δͷ͸େมͳͷͰ… » php.ini͸͞ΘΒͣɺඞཁͳઃఆΛ͔͍ͨiniΛconf.dʹίϐʔ͠ɺ্ ॻ͖͢Δͱָ » ࢲ͸ɺखݩͷphpenv૬ख͸πʔϧΛ͔͍ͯͲ͏ʹ͔ͯ͠·͢ » https://github.com/uzulla/setmyphpini.php

Slide 161

Slide 161 text

tips Ͱ΋ɺmod_php͸Ͳ͏͢Ε͹͍͍ͷΑ » php-build΍phpbrew͕͋Δݱ୅Ͱ΋ɺmod_php͸Ұखؒ » ͪΌΜͱapacheͰ֬ೝ͢Δ͔͠ͳ͍… » ࢲ͸apacheΛbuiltin serverΈ͍ͨʹαοͱཱͯΔπʔϧΛॻ͍ͯɺ ͦΕͰ΍ͬͯ·͢ » https://github.com/uzulla/apachehere » ʢlibphpX.soͭ͘Δͷ͸ɺґવͱͯ͠μϧ͍ʣ

Slide 162

Slide 162 text

·͋ɺΧοίΠΠձࣾ͸ » CIͱ͔ΛͪΌΜͱ͘ΜͰ΍ͬͯΔΜ͡ΌΖʁ » ࣮ࡍɺαʔόʔΛࣗ༝ʹͰ͖ΔͳΒɺΑͦ͞͏ » ಥવαʔόʔͷftpΞΧ΢ϯτ͕ϝʔϧ͞Εͯ͘ΔΑ͏ͳɺ໺ྑͷ PHPer͸ͦ͏΋͍͔ͳͯͭ͘Β͍ʢ۪ஒʣ » ͕Μ͹Ζ͏…!

Slide 163

Slide 163 text

ͪΐͬͱٳܜ ࣭໰͍͟͝·͔͢ʁ

Slide 164

Slide 164 text

» ͱ͍͏͜ͱͰɺphp.iniͱͦͷ༇շͳ஥ؒୡͷ͓࿩Ͱͨ͠ » άάΔͱͰͯ͘Δ͠ɺphp.netʹ͍͍ͩͨͷͬͯ·͢ʢ౰વ͕ͩʣ » ✅ʮͦͷߦͰͷphp.ini(ϦΞϧ)͔͠৴༻͢Δͳɺඞͣ֬ೝͤΑʯ » ✅ʮSAPIͰઃఆख๏͕มΘΔʯ » ݴ͍͍ͨࣄ͸͜ͷೋߦͰ͢

Slide 165

Slide 165 text

͔͜͜Βઌ͸ » php.iniͰઃఆͰ͖Δ֤߲໨ʹ͍ͭͯͷ͓࿩… » ʮͭ·Γ͜͜·Ͱ͸جૅ஌ࣝͩͬͨΜͩΑʂʂʂʯΩ » ΩΩΩ ʮͳɺͳΜͩͬͯʔ͈́ʯ » ʮPHPΉ͔ͣ͠ਿ಺ʁʯʮͨ͠ֈʯ

Slide 166

Slide 166 text

͓඼ॻ͖ ϑΝΠϧΞοϓϩʔυɺmbstringɺηογϣϯɺassertɺdbɺcurlɺη ΩϡϦςΟɺϝʔϧɺ೔෇ɺΤϥʔͱϩάपΓɺϦιʔε੍ݶ

Slide 167

Slide 167 text

ΤϥʔͱϩάपΓ

Slide 168

Slide 168 text

·ͣݴ͍͍ͨͷ͸ » άάͬͯग़ͯ͘Δʮ͜͏΍ͬͨΒΤϥʔ͕͖͑·ͨ͠ʂʯ » ͷ8ׂ͘Β͍͸ʮΤϥʔ͕Έ͑ͳ͘ͳͬͨʯ͚ͩͰ͋Δ » !μϝઈରʂʂʂʂ

Slide 169

Slide 169 text

log_errors = On ; ͦ΋ͦ΋ΤϥʔϩάΛऔΔ͔ error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT display_errors = Off ; ը໘ʹΤϥʔΛग़͔͢ display_startup_errors = Off ; PHPͷىಈγʔέϯεʹ͓͍ͯൃੜͨ͠ΤϥʔΛը໘ʹग़͔͢ log_errors_max_len = 1024 ; Τϥʔϩάͷ࠷௕ʢ੾Γࣺͯ error_log = ; ग़ྗઌɺলུ࣌SAPI΁ html_errors = On ; SAPI΁ग़ྗ࣌ɺΤϥʔจࣈྻΛhtmlԽ͢Δ͔

Slide 170

Slide 170 text

» phpͷΤϥʔ͸͔ΘΓͭͭ͋Δ » php<=5.6 ྫ֎ͱΤϥʔ͕ผ » php>=7 ྫ֎ͱΤϥʔ͕ʮࣅͯΔʯ » Errorʢ಺෦తʹ͸ྫ֎ͳͷ͕ͩɺϢʔβʔ͸࡞Εͳ͍ʣ » Exceptionʢྫ֎ˍϢʔβʔྫ֎ʣ » ྫ֎΋Ωϟον͖͠Εͳ͚Ε͹ΤϥʔͱͳΓɺͦΕ͸ϩάʹग़Δ

Slide 171

Slide 171 text

» ʢphp7Ҏલ͸ɺΤϥʔ͕ThrowableͷൽΛඃ͍ͬͯͳ͍͚ͩͰɺ php.iniʹ͓͚Δѻ͍ํͱͯ͠͸ͦ͜·Ͱ͔ΘΓ·ͤΜʣ

Slide 172

Slide 172 text

Τϥʔʹ͸छྨ͕͋Δ » 16ݸ͋Δʢଟ͗͢ͳ͍ʁʣ » NOTICE΋ΤϥʔͰ͢ » E_NOTICE,E_ERROR,E_DEPRECATEDͳͲ » http://php.net/manual/ja/errorfunc.constants.php

Slide 173

Slide 173 text

» error_reporting ʹεΠονࢦఆ͢Δ » දݱ͸਺஋͕ͩɺఆ਺ͷϏοτԋࢉͰࢦఆͰ͖Δ » PHPer͕།ҰϏοτԋࢉΛ͢Δ৔Ͱ͢ʢʁʣ » ྫ E_ALL & ~E_DEPRECATED & ~E_STRICT » = 22527 ɺ֮͑ΒΕΔ͔ʂ(ͳͷͰbitԋࢉ) » શ෦ͷΤϥʔ͔Βɺඇਪ঑ΤϥʔͱɺStrictΤϥʔΛൈ͍ͯΔ » ఆ਺ͳͷͰ*.ini΍ini_setҎ֎Ͱ͸͜ͷه๏͸͔ͭ͑ͳ͍ » ʮԿ΋ߟ͑ͣɺ-1 ʹ͓͚ͯ͠͹Φοέʔʯʢݸਓͷײ૝Ͱ͢ʣ

Slide 174

Slide 174 text

» ͍ͬͯ͏͔ɺ-1 Ҏ֎ʹઃఆ͢Δਓ͸ɺΘ͔͍ͬͯΔͷ͔ͳ͍ͷ͔ » ࠷ॳʹ͔͍͚ͨͲɺݟ͑ͳͯ͘͠Δ͚ͩͰ͸ʁ » E_DEPRECATED͸ɺݱ৔ʹΑͬͯ͸ʮΘ͔Δʙ࢓ํͳ͍ΑͶʙʯ » E_NOTICEΛάϩʔόϧʹམͱ͢ਓ͸ָ؍తͰɺਓੜָͦ͠͏() » Θ͔ͬͯ΍ͬͯΔͳΒ͍͍ͱ͓΋͍·͢ » ʮPHP͸੍ࣗ৺͕΋ͱΊΒΕΔݴޠʯ

Slide 175

Slide 175 text

» log_errors_max_len » ΨϯΨϯμϯϓ͢Δਓ͸ͷ͹͠·͠ΐ͏ » display_errorsɺdisplay_startup_errors » ։ൃ࣌͹͔Γ͸Onͷ΄͏͕͸͔ͲΔࣄ͸ଟ͍Ͱ͢ » PHP͸ࠣࡉͳΤϥʔ͸ɺͦͷ··͢͢Μ͡Ό͏ͷͰɺdisplay͠ͳ ͍ͱΤϥʔϩάݟͳ͍͔͗Γແݴɻ » ʮΤϥʔ͸ΤϥʔʂNoticeͰ΋ͱ·ͬͯ΄͍͠ʂʯ » ʢࢭΊΔςΫ΋͋Γ·͢ʣ

Slide 176

Slide 176 text

» error_log » ະࢦఆ࣌͸SAPIͷΤϥʔϩά΁ɺࢦఆ͢Δͱ޷͖ͳϑΝΠϧ΍ SYSLOGʹΤϥʔΛग़ͤ·͢ɻ » ApacheͷΤϥʔϩά͸๲େ͗ͯ͢ݟͮΒ͍ͱ͔ɺਂԕͳཧ༝ͰΤ ϥʔϩά͕ཌ೔ʹͳΒͳ͍ͱݟΕͳ͍ɺ౳ͷ৔߹ʹศར() » ॻ͖ࠐΊͳ͍৔߹ɺSAPIͷϩάʹϑΥʔϧόοΫ͞Ε·͢ » ͏͔ͬΓ ini_set('error_log', 'php.log');ͱ͔΍ͬͯɺެ։ σΟϨΫτϦʹग़ྗ͠ͳ͍Α͏ʹؾΛ෇͚͍ͯͩ͘͞Ͷɺϑϧύε ࢦఆʹͳΔΑ͏ʹॻ͜͏ʂ

Slide 177

Slide 177 text

» ⚠error_log͸ɺphp.iniͰࢦఆ͠ͳ͍΄͏͕͍͍ » ⚠Builtin server΍CLIͰը໘ʹΤϥʔͰͯ͜ͳ͘ͳΓ·͢(᠘) » SAPIଆͷphp_value౳Ͱઃఆ͢Δͷ͕ྑ͍Ͱ͠ΐ͏ » (͋Δ͍͸ɺہॴini_set͕Α͍͔ͱ) php > echo ini_get("error_log"); /tmp/php_errors.log php > echo $a; // ະఆٛม਺Λ৮͍ͬͯΔͷͰɺΤϥʔ͕ͰΔ͸͕ͣͩग़ͳ͍ php > ^D $ tail /tmp/php_errors.log [XXXX] PHP Notice: Undeﬁned variable: a in php shell code on line 1

Slide 178

Slide 178 text

» ϩάϩʔςʔγϣϯͱ͔ɺແ͍ɻ // init.dͰɺ؀ڥม਺ࢦఆͰɺޙ͸࠶ىಈͰ…ʂʁ export D_OF_WEEK=`date +%w` rm -f /path/to/php_errorlog.$D_OF_WEEK // php.ini error_log = php_errorlog.${D_OF_WEEK} - ʢδϣʔΫͰ͢ʣ - ૉ௚ʹlogrotateઃఆͯ͠࠶ىಈͨ͠΄͏͕ປ͕ߴ͍Ͱ͢ - ύΠϓͰ͖ͳ͍ͷͰɺ rotatelogsͱ͔͸࢖͑͵

Slide 179

Slide 179 text

·ͱΊ

Slide 180

Slide 180 text

-1

Slide 181

Slide 181 text

» error_reporting = -1 ͕࠷ڧ! » ʢલड़ͷ௨Γ੔਺ͳͷͰʣ֬ೝ͠΍͍͢͠ » ʮ͔͠͠ݱ࣮ੈք͸ਏ͍ۤ͘͠"ʯ » E_NOTICE͕མͱͯ͋ͬͨ͠ΒɺղΓ΍͍͢ةݥϑϥά » ෆՄආͳίʔυ͸ɺͦ͜Ͱ͚ͩerror_reportingΛม͑ͨΓ@Λ ͚ͭΑ͏ɺ΍ͬͺΓPHP͸ศར

Slide 182

Slide 182 text

೔෇

Slide 183

Slide 183 text

date.timezone ·ΘΓ date.timezone = "Asia/Tokyo" ;date.default_latitude = 31.7667 ;date.default_longitude = 35.2333 ;date.sunrise_zenith = 90.583333 ;date.sunset_zenith = 90.583333

Slide 184

Slide 184 text

date.timezone » ✅㙽ʹ֯ઃఆ͠Α͏ » "Asia/Tokyo" » ઃఆ͠ͳ͍ͱɺօେ޷͖strtotime౳ͰWarn͕ग़Δ » …ͷ͸PHP5.6·Ͱɺ7͔ΒUTC͕σϑΥϧτʹͳͬͨ » ⚠Ή͠Ζ᠘ʹͳͬͨͷͰ͸ʁ

Slide 185

Slide 185 text

date.timezoneͷมભ… » date.timezone͸WarnΛແࢹ͢Ε͹ɺUTC(υΩϡϝϯτͰ͸GMT) » աڈɺTZ ؀ڥม਺ΛಡΜͰ͍͕ͨɺ5.4͔Βࢀর͠ͳ͘ͳͬͨ » ᐌ͘ʮλΠϜκʔϯͷ൑ఆ࣌ʹɺOS͔ΒಘΒΕΔ৘ใʹཔΒͳ͍Α͏ ʹͳΓ·ͨ͠ɻ ਪଌʹجͮ͘λΠϜκʔϯ͸৴པͰ͖ͳ͍͔ΒͰ͢ʯ » TZ͸͔֬ʹ͘͢͝ॏཁͩΑͶʂͰ΋ͦΕͳΒඞਢͷ··ͰΑ͔ͬͨͷ Ͱ͸…

Slide 186

Slide 186 text

༨ஊɿṖͷҢ౓ܦ౓ ;date.default_latitude = 31.7667 ;date.default_longitude = 35.2333 ;date.sunrise_zenith = 90.583333 ;date.sunset_zenith = 90.583333 » ʮdate_sunrise() ͱ date_sunset() ͰͷΈ࢖༻͞Ε·͢ɻʯ » ͳΜͱద੾ʹઃఆ͢Δ͜ͱͰ೔ͷग़ͱ೔ͷೖΓΛܭࢉͰ͖·͢ʂ » php.iniʹ࣋ͭඞཁ͕͋ΔͷͩΖ͏͔…ਂԕͳΔཧ༝͕͋Γͦ͏ʂ

Slide 187

Slide 187 text

mbstring ౳

Slide 188

Slide 188 text

৭ʑ͋Δ͚Ͳɺେ఍͜ΕͰΑ͍✅ default_charset = "UTF-8" ; Content-Type ͷσϑΥϧτ internal_encoding = "UTF-8" [mbstring] mbstring.language = Japanese mbstring.internal_encoding = "UTF-8" mbstring.strict_detection = On

Slide 189

Slide 189 text

༨ஊ(ʁ)ʮdefault_charsetͱ͸Ұମ…ʯ ; Use of this INI entry is deprecated, use global internal_encoding instead. ; internal/script encoding. ; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) ; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. ; The precedence is: default_charset < internal_encoding < iconv.internal_encoding ;mbstring.internal_encoding = » ʮmbstring.internal_encodingͱ͔࣌୅஗Εɺ ࣌୅͸default_charsetҰՕॴͰ͓̺!!!ʯ » ࢲʮ΁ʔͦ͏ͳΜͩʯ

Slide 190

Slide 190 text

» ʮʢdefault_charset͸ʣ mbstring.internal_encoding ͕ະઃఆ ͷ৔߹ͷσϑΥϧτͱͯ͠΋༻͍ΒΕ·͢ʯ » ΁ʔɺ͍͢͝ɺָͰ͍͍Ͷʂ » ͕ʂ࢒೦ʂ » SJIS-win͸ɺೖΕͯ΋൓ө͞Εͳ͍ʂʢίϝϯτʹ΋ॻ͍ͯ͋Δʣ » eucJP-win΋μϝͬΆ͍ʂ » UTF-8ͳΒɺͦ΋ͦ΋σϑΥϧτ΍Ζ͕͍ » ʮ…·ɺੲͳ͕Βʹઃఆ͠·͢Θɺ৴༻Ұ൪ʯ

Slide 191

Slide 191 text

ͦ΋ͦ΋… » ʮσϑΥϧτ஋ʯͱ͍͏͜ͱ͸ɺ » ࣮ߦ࣌ʹdefault_charsetΛมߋͯ͠΋ɺ mbstring.internal_encodingͳͲʹ΋൓ө͞ΕΔΘ͚Ͱ͸ͳ͛͞ » ʢphp.iniΛಈతʹ͍͡ΔࡍʹൺֱతΑ͋͘ΔλΠϓͷ᠘Ͱ͢ʣ » ͜ͷΑ͏ʹɺPHPʹ͸͠͹͠͹มͳظ଴Λ͍͔ͩͤΒΕɺཪ੾ΒΕΔ ͜ͱ͕ྑ͋͘Γ·͢ɻ » ͱ͍͏͜ͱͰ༨ஊऴΘΓ

Slide 192

Slide 192 text

௥ՃͰ… » mbstring.substitute_character » จࣈྻͷΤϯίʔσΟϯάΛม׵ͨ͠ࡍʹɺม׵Ͱ͖ͳ͔ͬͨจࣈ Λʮήλ(ˤ)ʯ౳ͷಛఆจࣈʹஔ׵͢Δ͜ͱͰɺม׵࿙Ε౳ΛΘ͔ Γ΍͘͢Ͱ͖Δɻ » SJIS,EUC,JISڞଘ࣌୅ͷҨ෺ײ͋Δ » UTF-8ͷ࣌୅͸΋͏͍Βͳ͍ͷͰ͸ » ʢͱɺࢥ͍͍͚ͨͲ·ͩ·ͩcp932Λ࢖͏ࣄ͸͋ΔͶ…ʣ

Slide 193

Slide 193 text

ҎԼ͸ةݥͳͷͰར༻͠ͳ͍͜ͱ! ;mbstring.http_input = ;mbstring.http_output = ;mbstring.encoding_translation = Off ;mbstring.func_overload = 0 ;mbstring.http_output_conv_mimetype= » ؒҧͬͯ΋ʮศརʂʯͱࢥͬͯ͸͍͚ͳ͍

Slide 194

Slide 194 text

·ͱΊ » ✅σϑΥϧτ͸UTF-8ʹͳ͚ͬͨͲɺ֮ࣗͷҝʹࢦఆ͠·͠ΐ͏ɻ » ࣗಈม׵ܥɺؔ਺Φʔόʔϩʔυ͸μϝઈର » ίϝϯτ΍php.netͱ࣮ػͷ৯͍ҧ͍͸ɺૉ௚ʹ࣮ػ༏ઌ͠·͠ΐ͏ » ଞʹ΋ɺίϝϯτʹ͋Δ http://php.net/internal-encoding ͳͲͷURL͕404ͩͬͨΓ͢ΔͷͰ͢ » ʮphp.net࠷ߴʂʯͱ͔͍͍·͕͢ɺͦΜͳ΋ΜͳͷͰ͢

Slide 195

Slide 195 text

Ϧιʔε੍ݶ

Slide 196

Slide 196 text

Ϧιʔε੍ݶ » PHPer͕ॳΊͯάάΔࣄʹͳΔͷ͕͜͜Β΁ΜͰ͸ » max_execution_time = 30 » memory_limit = 128M » ʢ࣮ࡍ͸ɺ΋ͬͱ΋ͬͱ΁Βͯ͠΋Α͍ʣ

Slide 197

Slide 197 text

҆શห » PHP͸ͲΜͳʹΞϗͳίʔυΛ͔͍ͯ΋ɺ͜͜Β΁ΜΛҋӢʹ޿͛ͳ ͚Ε͹ʢൺֱతʣ҆શͳͷͰ͢ » ʮPHP͸ΏΔ;ΘίʔυΛࣻ͢!ʯ » ʢ৚݅ࣜΛ͍ͭ΋ϊϦͰॻ͍ͯɺແݶϧʔϓ͢Δͷݟ͔ͯΒ௚͢λ Πϓͷਓͱ͔ʣ » ʢ2GB͘Β͍͋ΔϩάϑΝΠϧͷઌ಄1ߦΛͩͨ͢Ίʹɺશ෦Λ ﬁle_get_contentsͨ͠Γ͢Δਓͱ͔ʣ

Slide 198

Slide 198 text

צҧ͍͞Ε͕ͪͳࣄ » max_execition_time͸CPU࣌ؒҎ֎ɺಛʹI/O࣌ؒ͸ϊʔΧ΢ϯτ ͳͷͰ஫ҙ » ʮʢ࣌ܭΛݟͯʣ͋ͱ10ඵͰڧ੍ऴྃʯͰ͸ͳ͍ɻ » ⚠ͨͱ͑͹DBϚλʔͳߴෛՙͰ͸શવऴྃ͠ͳ͍ » ී௨ͷ΢ΣϒΞϓϦͰԿඵ΋CPU࣌ؒ৯͏ͳΜͯ͋Γ͑ͳ͍ » ʢצҧ͍ͯ͠ɺApache+mod_phpͰΨϯΨϯϓϩηε਺Λ্͛Δɺ ِεέʔϧΞοϓපʹؕΔ=>ѱԽ͕Ճ଎ʣ

Slide 199

Slide 199 text

» ʢͦΕΑΓ΋લʹɺϒϥ΢β΍ NAT ͷ TCPηογϣϯ͕੾ΕͨΓʣ » ʢࣅͨΑ͏ͳʮΧ΢ϯτͷ࢓ํΛޡղʯ͸ηογϣϯपΓͳͲʹ΋ଟ ͍ʣ

Slide 200

Slide 200 text

ʮPHP͸ΏΔ;ΘίʔυΛࣻ͢ʯ͕… » ʮԿ΋ߟ͑ͣʹศརͩͱ͔͍͍ͭͭɺ memory_limit = 1024M ͱ MaxClients 512 ͱ͔ίϐϖͰઃఆ͢Δͷ͸ΏΔ͞Μ!ʯ » ʮPHP͸੍ࣗ৺͕΋ͱΊΒΕΔݴޠʯ

Slide 201

Slide 201 text

» memory_limitͱɺfpmͳΒϓϩηε਺΋΄Ͳ΄Ͳʹ͠Α͏ » ʢfpmͷpm.max_children) » ʮ΄Ͳ΄Ͳͱ͸ʁʯʮଟͯ͘΋ίΞ਺ͷ10ഒ͑ͯͨ͜ΒɺҰ౓ݕ ূͯ͠΋Α͍ͷͰ͸ʯ(ݸਓͷײ૝Ͱ͢) » ʮmod_php͸ʁʯʮલஈʹnginxஔ͘ͱΑ͍ͷͰ͸()ʯ » ࣗ৴͕ͳ͍ʁisuconͬͯ΍ͭͷաڈ໰ͰͨΊͯ͠ΈΔͱ͍͍Αʂ! ԾʹΘ͔ͣʹεϧʔϓοτ্͕ͬͯ΋ɺϝϞϦރׇͰͷswap΍OOM Killerͷڪාͱ͸௼Γ߹Θͳ͍Α

Slide 202

Slide 202 text

ελοΫ·ΘΓ » pcre.backtrack_limit=100000 » pcre.recursion_limit=100000 » ෳࡶͳਖ਼نදݱɺ͋Δ͍͸σΧΠσʔλΛॲཧ͢Δͱ͜Εʹ͔͔Δ͜ ͱ͕͋Γ·͢ » Կ͔ҟৗͳ͜ͱΛ΍͍ͬͯͳ͍ʁ » ͔ͨ͠ͳ͘େ͖͘͠·͠ΐ͏

Slide 203

Slide 203 text

ϑΝΠϧΞοϓϩʔυ

Slide 204

Slide 204 text

file_uploads = On upload_tmp_dir = upload_max_filesize = 2M max_file_uploads = 20 post_max_size = 8M

Slide 205

Slide 205 text

» PHP͸ϑΝΠϧΞοϓϩʔυΛͲͷ؀ڥͰ΋ͪΌΜͱѻ͑Δɺ ͛͑͢ʂʂ » ʢ౰ͨΓલʹฉ͑͜Δ͚Ͳɺ݁ߏ໘౗ͳΜ΍Ͱ…ʢ࿝֐ʣ)

Slide 206

Slide 206 text

» upload_max_ﬁlesize͸΄Ͳ΄Ͳʹ » ϑΝΠϧαΠζ͕σΧΠͱ߈ܸʹ΋ͳΓ͏Δ » ࠷ۙ͸ճઢ଎͍͠ɺDiskͷখ͍͞ΠϯελϯεͩͱϠϥΕΔ » post_max_sizeͷมߋΛ๨Ε͕ͪ » post_max_size > upload_max_ﬁlesize » ʢෳ਺Ξοϓϩʔυ਺΋ߟྀ͠·͠ΐ͏ʣ

Slide 207

Slide 207 text

» 2GBҎ্ͷΞοϓϩʔυΛѻ͏৔߹͸… » ʮҟৗʁେৎ෉ʁʯʮҎ্Ͱ͢ɺେৎ෉Ͱ͢ʯ » 64bit؀ڥʹ͠·͠ΐ͏ » php>=5.6ʹ͠·͠ΐ͏ » nginx/apacheͷઃఆʢ੍ݶʣ΋֬ೝ͠·͠ΐ͏ ʢඇৗʹΑ͋͘ΔϋϚϦॴʣ » ܦ࿏ʹ͋ΔϦόʔεϓϩΩγ΋

Slide 208

Slide 208 text

» ʮͳΜ͔memory_limitʹ౰ͨͬͨʂ;΍ͦ͏ʂ!ʯ » ڊେϑΝΠϧΛม਺ʹϩʔυͯ͠͸μϝʢ౰ͨΓલʣ » ﬁle_get_contentsΛ࢖͏ͳ » fread౳Λ͔͍ͭͬͯͩ͘͞ » GeneratorΛ͔͍ͭͬͯͩ͘͞ » Stream WrapperΛ͍ͭͬͯͩ͘͘͞

Slide 209

Slide 209 text

» upload_tmp_dir » লུ࣌ɺsystemͷtmpΛ͔͍ͭ·͢ » ؀ڥ΍ΞϓϦ಺༰ʹΑͬͯ͸ɺ҆શͳॴʹม͑Α͏

Slide 210

Slide 210 text

·ͱΊ » খ͍͞ϑΝΠϧαΠζͳΒ؆୯ʂPHP࠷ߴʂ » େ͖͍ϑΝΠϧαΠζͩͱ᠘͕୔ࢁʂͦΕͰ΋PHP࠷ߴʂ

Slide 211

Slide 211 text

ηΩϡϦςΟؔ࿈

Slide 212

Slide 212 text

» PHPࣗମ͸σϑΥϧτͰ΋ͦΕͳΓʹେৎ෉ » 12ԯͷαΠτ()͕શ෦΍ΒΕͨΓ͸ͯ͠ͳ͍ » ʮΘΓͱʯͶ…HTTPOXYͱ͔͚͋ͬͨͲ » ༗໊ͳOSS͕Ϡό͍! » ʮEOLͳόʔδϣϯͷPHP͸͋͛ͯ͜ʂʯʢϙδγϣϯτʔΫͰ͢ʣ

Slide 213

Slide 213 text

» max_input_time » ʮεΫϦϓτ͕ POSTɺGET ͳͲͷೖྗΛ ύʔε͢Δ࠷େͷ࣌ؒΛɺ ඵ୯ҐͰࢦఆ͠·͢ɻ ͜Ε͸ɺαʔόʔଆͰ PHP ͕ىಈ͔ͯ͠Βε ΫϦϓτͷ࣮ߦΛ։࢝͢Δ·Ͱͷ࣌ؒͰ͢ɻʯ » Α͘Θ͔ΒΜͶʁਖ਼௚Զ΋Α͘Θ͔ΒΜ » େ఍͜Ε͸΋ͬͱ΁Βͤ·͢ » ʮ͜ΕηΩϡϦςΟͳͷʁʯʮ͏ʔΜ…͍ΕΔॴ͕…ʯ

Slide 214

Slide 214 text

» max_input_nesting_level = 64 » PHP͸hoge[hage]Έ͍ͨͳύϥϝλ͕ࣗಈతʹ഑ྻͱͯ͠ѻ͑Δɺ ͦͷ࠷େਂ͞Ͱ͋Δɻ » σϑΥϧτͷ64͸ɺͭ·Γ64࣍ݩม਺·ͰڐՄ » ͦΜͳʹڪΖ͍͠ϓϩάϥϜ͕͋ΔͷͩΖ͏͔…! ͱೲಘͤ͞Δύϫʔ͕PHPʹ͸͋Δ » ਫ਼ʑ5ͱ͔Ͱ͸ʁ

Slide 215

Slide 215 text

» max_input_vars = 1000 » POST΍GETͷΫΤϦύϥϝλͷ࠷େ਺ » 1000Λଟ͍ͱΈΔ͔গͳ͍ͱΈΔ͔ɺਓʹΑ༷ͬͯʑͰ͠ΐ͏ɺͲ ͏Ͱ͔͢ʁ » 1000ͰͨΓͳ͍͜ͱ͸͋Δʢਅإʣ » ओʹDoSରࡦ͕ϕʔεʢϋογϡίϦδϣϯ߈ܸͱ͔ʣ » ௒͑ΔͱʁWARN͕Ͱͯɺ੾ΓࣺͯΒΕͯɺ࣮ߦ͸ਐߦ͢Δʢ஫ҙʣ

Slide 216

Slide 216 text

͜ͷ͋ͨΓɺߜ͍ͬͯ͘ͷ͸ਖ਼͍͠ͷ ͕ͩ » ߈ܸͷୈҰ೾໨͘Β͍·Ͱ͸΍Βͳͯ͘΋͍͍ΜͰ͸ » ✅PHPͰͷKISSͱ͸ɺͰ͖Δ͜ͱͳΒσϑΥϧτઃఆͰ͔ͭ͏͜ͱ Ͱ͋Δʢཁग़యʣ » ͔͠͠ɺ͍͔ͭରԠ͢ΔͨΊʹ஌͓͖ͬͯ·͠ΐ͏

Slide 217

Slide 217 text

» open_basedir = /var/www/html:/tmp » phpίʔυ্͔Β͸ࢦఆ͞Εͨpathͷ֎ΛಡΈॻ͖Ͱ͖ͳ͍Α͏ʹ » ʮ҆શͦ͏ͩʂ͜Ε͸PHPքͷSELinux͔ʂ!ʯ » ʢͭ·Γɺ͙͢ʹΦϑʹ͞Ε·͢ʣ » ʢ͔͠΋ɺPHP_INI_ALLͰ͢ʣ » ෳ਺ࢦఆ࣌͸PathΛ:Ͱͭͳ͙͕ɺWinͷ৔߹͸;Ͱͭͳ͙ » Ұจࣈͷ୅ΘΓʹɺ௕͍PATH_SEPARATORఆ਺Λ͔ͭ͑͹ղܾ

Slide 218

Slide 218 text

» allow_url_fopen = On » $html = ﬁle_get_contents('https://example.com/'); » ΛڐՄ͢Δ͔ » ڐՄ͠·͠ΐ͏! » ʢ͜Ε͕Ͱ͖ͳ͔ͬͨΒͳͥPHPΛ͔͍ͭͬͯΔͷ͔ٙ໰Λ๊͍ͯ͠ ·͏…ʣ

Slide 219

Slide 219 text

» allow_url_include = Off » require ('http://example.com/super_lib.php'); » ΛڐՄ͢Δ͔ɻ » ʮϠόͳ͍ʁ!ʯʮωοτ͔ΒίʔυDLͱ͔Ҿ͘Θ"ʯ » curl https://hoge/installer.sh | bash ͬͯ΍ͬͨ͜ͱ͕ͳ͍ਓ͸ͦ͏ݴͬͯ΋ྑ͍ » Ͱ΋·͊ɺແ͍Θʔ

Slide 220

Slide 220 text

» sql.safe_mode = Off » ʮ໊લ͔Βͯͭ͠Αͦ͏ʂ!ʯ » ͔͠͠ʮPHPͰ͍͏ͱ͜Ζͷsafe_modeʯͱ͍͏ҙຯͰ͋Γɺผʹ safeͰ͸ͳ͍" » ʮΦϯʹ͢ΔͱɺσϑΥϧτ஋͕ࢦఆ͞Ε͍ͯΔσʔλϕʔε઀ଓؔ ਺͸ɺ Ҿ਺Ͱࢦఆ͞Εͨ஋ΑΓ΋σϑΥϧτ஋Λ༏ઌͯ͠࢖༻͠· ͢ɻ ʯ » ʢphpʹ͓͚Δʮsafe modeʯͱ͸ɺϢʔβʔͷϙΧʢ΍ѱҙʣΛଟ গअຐ͢Δͱ͍͏ҙຯͰ͢ʣ

Slide 221

Slide 221 text

» expose_php = On » X-Powered-By: PHP/7.0.9 ͳͲΛӅ͢ » ·͋Φϑʹ͍ͨ͠ਓ͸Φϑʹͨ͠΄͏͕ΑΖ͍͠ » ʢϔομʔʹPHP͔͍ͬͯͯ͋Δͱ͏Ε͍͔͠Β൱ఆͮ͠Β͍ʣ » ෭࡞༻ͱͯ͠ɺʮΠʔελʔΤοάʯ͕͔ͭ͑ͳ͘ͳΓ·͢

Slide 222

Slide 222 text

No content

Slide 223

Slide 223 text

» ·͋ɺPHP5.5͔Β͸΋ͱ΋ͱແ͍ » ʢ͔͠͠ɺapacheͰ͸͏͚͘͝ͲɺbuiltinserverͰ͸͏͔͝ΜͷΑ Ͷ͜Εɻʣ

Slide 224

Slide 224 text

disable_functions = disable_classes = » ؔ਺΍ΫϥεΛېࢭͰ͖Δ » ຊ೔ࢄʑ͔ͭͬͨini_setͳͲΛࡴͤΔ » ʮͳ͓ɺecho͸ؔ਺Ͱ͸ͳ͍ͷͰېࢭͰ͖ͳ͍ɺ͜Ε౾ͳʯ

Slide 225

Slide 225 text

ϝʔϧ

Slide 226

Slide 226 text

࠷ॳʹॻ͍͓͕ͯ͘… » ϝʔϧؔ࿈ͷઃఆΛ͍͡Δ৔߹ɺmail()ͱ͔ɺmb_send_mail()ͱ͔ ͷڍಈΛม͍͑ͨͷͩΖ͏ͱ͓΋͏ » ⚠΍Ί͓ͯ͜͏⚠ » ✅ྑ͍ϝʔϧૹ৴ϥΠϒϥϦΛ͔͓ͭ͏ʂ » ͢ΔͱͩͶɺઃఆͷ΄ͱΜͲ͕ཁΒͳ͘ͳΔΜͩͳ… » ʮͦ΋ͦ΋ɺएऀ͸Mailgunͱ͔SESͱ͔͔ͭ͏Μ͡ΌΖʁʯ

Slide 227

Slide 227 text

» sendmail_path = "/usr/sbin/sendmail -t -i" » ͍͍ͤͥɺsendmailͷPath͕มΘͬͯΔ৔߹ʹมߋ » ௨ৗɺ͜ͷpathʹsendmail͕͋ΔͷͰมߋ͢Δඞཁ͸ͳ͍

Slide 228

Slide 228 text

tips: sendmail_pathʹࣗ࡞ͷϓϩάϥϜΛࢦఆ͢Δͱศར #!/usr/bin/perl my $out_ﬁle_name = '/tmp/mailout'; open(my $fh, ">>", $out_ﬁle_name) or die $!; while(){ print $fh $_; }

Slide 229

Slide 229 text

» ʮPerl΍Μ͚ʂʯ » ʮ͹Ε͔ͨʯ

Slide 230

Slide 230 text

» (ଞʹ΋߲໨͸͋Δ͚Ͳɺຊ౰ʹ͍ͬͯ͡ྑ͍͜ͱͳ͍ͷͰলུ)

Slide 231

Slide 231 text

ηογϣϯ

Slide 232

Slide 232 text

» PHP࠷ߴศརػೳͷҰͭɺηογϣϯ » ʮPHP͸ϑϨʔϜϫʔΫͩʂʯ » ݴޠʢʁʣʹηογϣϯػೳ͕͋ΔͷͰɺຊ౰ʹָ » ͜Ε͚ͩͰ60෼࿩ͤΔ(?)

Slide 233

Slide 233 text

PHPҎ֎ͷݴޠͷํʑ΁ɺPHPͷηογϣϯ͸… » ద੾ʹൃ൪͞ΕͨηογϣϯID͚͕ͩCookieʹอଘɺૹ৴͞Εɺ » ΞΫηε࣌ʹ͸ɺࣗಈతʹSIDʹώϞ෇͍ͨΩʔΛݩʹɺ » (ࣗ࡞΋Ͱ͖Δ)ηογϣϯετϨʔδϋϯυϥ͔ΒσʔλΛͻ͖ͩ ͠ɺ$_SESSION΁σγϦΞϥΠζɻ » ऴྃ࣌ʹ͸ɺࣗಈతʹٯํ޲Ͱ$_SESSIONΛγϦΞϥΠζͯ͠อଘɻ » ηογϣϯIDͷ࠶ׂΓ౰ͯ΋ܰʑʂ » …ͱɺ͍ͬͨ΋ͷ͕ݴޠʢ؀ڥʣͰ༻ҙ͞Ε͓ͯΓ·͢ɻ

Slide 234

Slide 234 text

» PHPͷηογϣϯػೳ͸େ͖͘ೋͭͷػೳʹΘ͚ΒΕ·͢ » ηογϣϯIDͷ؅ཧ » ετϨʔδ

Slide 235

Slide 235 text

» ηογϣϯID(SID)ͷ؅ཧ » ԿͰ΍ΓऔΓ͢Δ͔ » URL » Cookie » IDͷੜ੒ɺ؅ཧ » γʔυ » ௕͞ʢڧ౓ʣ » ηΩϡϦςΟڧԽͷઃఆ

Slide 236

Slide 236 text

» ΋͸΍ςϯϓϨɺSessionͰCookieΛ࢖͏֤छઃఆ session.use_cookies = 1 ; SIDΛCookie͔ΒಡΊΔΑ͏ʹ session.use_only_cookies = 1 ; ͍·Ͳ͖URLʹຒΊࠐ·ͳ͍ͷͰɺOn session.name = PHPSESSID ; CookieΩʔ໊ session.cookie_secure = 1 ; httpsͰͷΈηογϣϯͷCookieΛ΍ΓͱΓ session.cookie_domain = ; ະࢦఆͰݱࡏͷυϝΠϯʹͳΔͷͰɺ௨ৗෆཁ session.cookie_path = / ; ηογϣϯΫοΩʔͷPath session.cookie_httponly = 1 ; SIDΛJS͔Βݟ͑ͳ͘͢Δ session.use_strict_mode = 1 ; SIDΛ஫ೖͤ͞ͳ͍

Slide 237

Slide 237 text

session.cookie_lifetime = 0 ; ηογϣϯΫοΩʔͷExpireΛࢦఆ » 0͸ϒϥ΢βΛด͡Δ·Ͱ༗ޮ » ʢݱ୅Ͱʮϒϥ΢βΛด͡Δʯͱ͸…ʁʣ » sessionΛҡ࣋͢Δʹ͸ɺద੾ʹઃఆ͢Δ » ʮࠓ͔ΒNඵʯ » ผ్ɺετϨʔδͷlifetimeͷઃఆ΋͍Δʢޙड़ʣ » ʮ௕͔͋͘͞Δ΂͠ʯͷٞ࿦͸͜͜Ͱ͸͠ͳ͍

Slide 238

Slide 238 text

» Ψϥέʔ࣌୅͸ऴΘͬͨɺURLʹSIDؔ࿈͸Onʹ͠ͳ͍ » ηΩϡϦςΟతʹɺϩΫͳ͜ͱʹͳΓ·ͤΜ session.use_trans_sid = 0 ; URLͷηογϣϯIDΛड͚ೖΕΔ͔ʁ session.referer_check = ; ͦͷ৔߹ɺड͚ೖΕΔυϝΠϯΛݻఆ

Slide 239

Slide 239 text

ηογϣϯIDͷੜ੒खஈؔ܎ » ηΩϡϦςΟʹίμϫϦ͕͋ΔͳΒม͑ͯ΋Α͍ͷͰ͸ » มߋ͢Δͱɺݱࡏͷશηογϣϯ͕ফ͑·͢ʢ౰ͨΓલ͕ͩ…ʣ session.hash_function = 1 ; ηογϣϯͷϥϯμϜจࣈͷ௕͞ ; 0:md5͔1:sha1͔ࢦఆͰ͖Δɺ͚Ͳ7.1Ͱফ͑·ͨ͠ session.entropy_length = 32 ; PHP 7.1Ͱফ͑·ͨ͠ session.entropy_ﬁle = /dev/urandom ; PHP 7.1Ͱফ͑·ͨ͠

Slide 240

Slide 240 text

ͳ͓ɺphp7.1͸͜ͷΑ͏ʹγϯϓϧʹͳͬͨ » php.iniͷσϑΥϧτͩͱޙํޓ׵ੑͷͨΊʹ26จࣈʹͳ͍ͬͯΔ ͕ɺ΋ͬͱͷ͹ͨ͠΄͏͕͍͍ͧͱ͍͏͜ͱΒ͍͠ɻ ; Shorter length than default is supported only for compatibility reason. ; Users should use 32 or more chars. ; Default Value: 32 ; Development Value: 26 ; Production Value: 26 session.sid_length = 26

Slide 241

Slide 241 text

session.auto_start = 0 ; ࣗಈతʹηογϣϯΛ։࢝͢Δ͔Ͳ͏͔ » େ఍ͷίʔυͰ͸ࣗલͰsession_start()͍ͯ͠·͢ͷͰɺ session.auto_start͸ΦϑͰΑ͍Ͱ͢ » ෆཁͳ࣌͸͏͔͝ͳ͍ͷͰෛՙ΋͕͞Γ·͢

Slide 242

Slide 242 text

session.cache_limiter = nocache ; Ωϟογϡͤ͞ͳ͍ session.cache_expire = 180 » ηογϣϯ͕͍ͭͨϨεϙϯεΛͲ͏Ωϟογϡͤ͞Δ͔ » ͳʹ͔ͷ౎߹΍ෛՙͷࣄΛଞॴʹ͢Ε͹ɺσϑΥϧτͰେৎ෉

Slide 243

Slide 243 text

» ηογϣϯετϨʔδʢϋϯυϥʣ » ௨ৗ͸file » memcachedͱ͔ͷ֦ுΛ͍ΕΔͱɺ૿͑Δ » KVSΈ͍ͨͳΫϥεΛ࣮૷͢Δͱɺࣗ࡞Ͱ͖Δ » ෳ਺୆ͷαʔόʹ͢ΔͳͲͰมߋ͢Δ

Slide 244

Slide 244 text

session.save_handler = files ; σϑΥϧτͷfileετϨʔδΛ࢖͏ session.save_path = "/tmp" ; fileετϨʔδͷઃఆͰɺͲ͜ʹ৘ใΛอଘ͢Δ͔ » session.save_pathʹ͸ηογϣϯ৘ใ͕อଘ͞ΕͨେྔͷϑΝΠϧ ͕Ͱ͖Δ » अຐͩͱ͔ɺCronͰ૟আ͞Εͳ͍Α͏ʹͱ͔ɺnfsͰڞ༗͍ͨ͠ ͱ͔(ݹ)ɺඞཁ͕͋Ε͹มߋ͢Δ » ʢύʔϛογϣϯʹ஫ҙʂʣ » ʮPHPҎ֎ͰɺηογϣϯϑΝΠϧΛࣗલͰಡΈॻ͖͢ΔʯͳͲ ͱ͍ͬͨɺڧ·ͬͨΞϓϦΛॻ͘ͳΒ͜ͷpathΛ֬ೝ͢Δ

Slide 245

Slide 245 text

» $_SESSIONΛγϦΞϥΠζ͢ΔϋϯυϥΛࢦఆ » ʮมߋ͢Δͷʁڧ͍Ͷʙʯ session.serialize_handler = php ; $_SESSIONΛԿͰγϦΞϥΠζ͢Δ͔ ; ଞʹphp_serializeͳͲ͕͋Δ ;session.lazy_write = On ; 7͔Βɺߋ৽͕͋Δ৔߹ͷΈॻ͖ࠐΉࣄͰੑೳ޲্ » ղͬͯΔਓ͚͕͍ͩ͡Δ߲໨Ͱ͢

Slide 246

Slide 246 text

» ηογϣϯͷ༗ޮظؒؔ࿈ » gc_maxlifetimeɺσϑΥϧτͷ24෼͸୹͍Α͏ͳɺ௕͍Α͏ͳ… session.gc_maxlifetime = 1440 ; ηογϣϯ༗ޮظؒɺඵ ; ΞΫηεຖʹgc_probability/gc_divisorͷαΠίϩΛৼΓɺ ; ֬཰తʹsessionͷGCཁٻ͕ߦΘΕΔ session.gc_probability = 1 session.gc_divisor = 1000

Slide 247

Slide 247 text

ηογϣϯ༗ޮظؒͷܾΊํ » session.cookie_lifetimeͰɺSID(Cookie)ͷण໋Λద੾ʹ௕͘͠ ·͠ΐ͏ » session.gc_maxlifetimeͰɺετΞ͞Εͨ৘ใ͕ഁغ͞ΕΔ·Ͱͷ ظؒΛԆ͹͠·͠ΐ͏ » Ͳ͕ͬͪ੾Εͯ΋ηογϣϯʢʹอଘ͞Εͨ৘ใ͸ʣফ͑·͢ » ʮԿނผͳͷʁʯʮSID؅ཧͱɺετϨʔδ͸ผͷ֓೦ͳΜͰʯ

Slide 248

Slide 248 text

ʮʢηογϣϯʣΩϨͯͳʙ͍ʯ » ετϨʔδଆͷGC͸ɺαΠίϩ೚ͤɺஸ౓ʹফ͑Δ͜ͱ͸ͳ͍ » ʮԿ෼Ͱηογϣϯ͕੾ΕΔͷ͔อূ͍ͯͩ͘͠͞ʯʮ໘౗ͳ…ʯ » ͦͷ৔߹ɺExpireΛPHPʹ೚ͤΔͳΒఘΊͯɺ$_SESSIONͷதʹ ࣌ࠁ෇͖ͷ৘ใΛ͍Ε·͠ΐ͏ ; ͳ͓ɺ͜ͷΑ͏ͳΠΧαϚαΠίϩ͸۪ߟͰ͢ session.gc_probability = 1 session.gc_divisor = 1

Slide 249

Slide 249 text

» ʮ͡Ό͋gc_divisorΛ૿΍͢ͱ͍ܰͷ͔ʂʁʯͬͯࢥ͏͔΋͠Ε·ͤ Μ͕ɺ͍͔ͭ͸GC͕૸ͬͯɺͦΕ͸ͦΕͰॏ͍ॲཧʹͳΓ·͢ɻ » ʢISUCONͳΒ͍͍͔΋Ͷ͆ʣ

Slide 250

Slide 250 text

» ݬͷػೳɺupload_progress ;session.upload_progress.enabled = On ;session.upload_progress.cleanup = On ;session.upload_progress.preﬁx = "upload_progress_" ;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" ;session.upload_progress.freq = "1%" ;session.upload_progress.min_freq = "1" » ͳΜͱʮϑΝΠϧΞοϓϩʔυͷϓϩάϨεόʔʯΛग़ͤΔ » ΞοϓϩʔυதʹผͷϦΫΤετΛඈ͹ͯ͠ɺηογϣϯΛݟΔͱɺ ਺஋͕औΕΔ » ਅ໘໨ʹ͔ͭͬͨ͜ͱ͸ͳ͍

Slide 251

Slide 251 text

session.hash_bits_per_character » ͓ೃછΈͰ͸ͳ͍Ͱ͠ΐ͏

Slide 252

Slide 252 text

No content

Slide 253

Slide 253 text

» ʮͳΜͱʂදʹೋճొ৔͠·͢ʂʯ » ͖ͬͱॏཁ͔ͩΒͳΜͰ͠ΐ͏ʂ » ʢ͔ͭͬͨ͜ͱͳ͍ʣ » ʮ·ͨɺPHP 7.1.0 Ͱ࡟আ͞Ε·ͨ͠ɻʯ » ʮ͑ʁphp.iniϑΝΠϧʹ࢒ͬͯΔΜ͚ͩͲ…ʯʢini_get͸Ͱ͖·ͤ ΜͰͨ͠ʣ » ʢ㙽ʹ֯·͋ɺͦΜͳ͔͍͋ͭͩͱ͍͏͜ͱͰ͢Ͷʣ

Slide 254

Slide 254 text

·ͱΊ » ηογϣϯपΓ͸7.1Ͱͪΐͪ͜ΐ͜࢓༷͕มΘΓ·ͨ͠ » σϑΥϧτͰ͔ͭͬͯΔਓʹ͸ؔ܎ͳ͍͚Ͳɺ৭ʑ֦ுͨ͠Γͯ͠Δ ڧ͍ਓ͸஫ҙ͕ඞཁ » ʮࡢ೔͙͢ʹϏϧυ͚ͨ͠Ͳɺ7.1ͱ͔͍ͭ࢓ࣄͰ࢖͑ΔΜͩΖ ͏…ʯʮ͋͞…ʯ

Slide 255

Slide 255 text

Assert

Slide 256

Slide 256 text

» ࣮͸ੲ͔Β͋Δ » 7͔ΒϓϦϓϩηεͰࡴͤΔΑ͏ʹͳͬͨ » ࣜධՁ͕Ͱ͖ΔΑ͏ʹͳͬͨ » ։ൃ؀ڥ͚ͩͰ࢖ΘΕΔ΋ͷͰ͢ » ͳʹ͔͜ΕͰϩδοΫΛॻ͍ͯ͸͍͚ͳ͍ » ʮ͔͜͜Βීٴ͢Δͷ͔ͳ…ʁʯ

Slide 257

Slide 257 text

; -1 ίϯύΠϧ࣌ແࢹɺ0 ࣮ߦ͠ͳ͍ɺ1 ࣮ߦ͢Δ zend.assertions = -1 ;assert.exception = On ; fail࣌ྫ֎(ʁ)εϩʔ ; ͜ΕҎԼ͸ԼҐޓ׵ੑͷͨΊ࢒͍ͬͯΔ͕ɺ͔ͭ͏ͳͱ ;assert.active = On ;assert.warning = On ;assert.bail = Off ;assert.callback = 0 ;assert.quiet_eval = 0

Slide 258

Slide 258 text

» εϩʔͱ͍͏͕ɺ\ErrorͷࢠͳͷͰɺ\ExceptionͰ͸Ωϟον͞Ε ͳ͍ » PHPͰ౤͛ΒΕΔྫ֎͸ɺThrowableͱ͍͏਌͔ΒɺErrorͱ ExceptionʹΘ͔Ε͓ͯΓɺաڈͷίʔυ͸ExceptionΛ਌ͱͯ͠ ͍ͨͷͰʮී௨ʯ͸ʹ͗ΓͭͿ͞Εͳ͍ͧ » 7͔Βྫ֎ͱΤϥʔ͕ͲͪΒ΋ʢجຊతʹ͸ʣʮThrowʯʹͳͬ ͨɻ » Ωϟον͸Ͱ͖Δ » ͨͩ͠ɺError͸ϢʔβʔΫϥεͰ௨ৗܧঝͰ͖ͳ͍

Slide 259

Slide 259 text

curl

Slide 260

Slide 260 text

curl.cainfo=/path/to/cacert.pem » SSL certiﬁcate problem: unable to get local issuer certiﬁcateΈ͍ͨͳΤϥʔ͕ग़ͨΒରԠ » ূ໌ॻ͸ݕূͯͦ͜͠ɺCURLOPT_SSL_VERIFYPEERΛfalseʹ͢Δͱ͔ μϝઈର » cacert.pem͸https://curl.haxx.se/ca/cacert.pemͳͲ͔Βೖख

Slide 261

Slide 261 text

Slide 262

Slide 262 text

͸͖ͬΓ͍ͬͯɺphp.iniͰ DBͱ͔ͷઃఆͳΜͯͤ͑΁Μ ͷͰলུ

Slide 263

Slide 263 text

·ͱΊʹ͸͍͍͖ͬͯ· ͢ʂ

Slide 264

Slide 264 text

୔ࢁ͋Δͧʂࠓ೔࿩ͤͳ͔ͬͨ͜ͱ » cgi.force_redirectͱ͔ͷ࿩ » urlrewriterͷ࿩ » ﬁlterͷ࿩ » realpth_cacheͱ͔ͷ࿩ » zend.enable_gcͷਆ࿩ » report_memleaksͷظ଴ͱઈ๬

Slide 265

Slide 265 text

ຊτʔΫશମͷ·ͱΊ

Slide 266

Slide 266 text

͋͋ʂphp.ini໘౗͍͘͞ʂ » ʮphp.iniͳΜͯͳͯ͘͠͠·͑͹͍͍ʂ!ʯ » લड़΋͚ͨ͠Ͳɺͳͯ͘΋͏͖͝·͢ » ͨͩ͠ɺphpͷόʔδϣϯΞοϓͰσϑΥϧτ͸มΘΔ » ʮϚΠφʔͰେมߋ͕ೖΔࣄͰఆධͷ͋ΔPHPʯ » ΤϯίʔσΟϯάͷσϑΥϧτ͕UTF-8ʹ » datetime.zoneσϑΥϧτ͕UTCʹ » ʮ೺Ѳ͠ଓ͚Δ͘Β͍ͳΒɺphp.iniΛॻ͍ͨํ͕ϚγͰ͸ʯ

Slide 267

Slide 267 text

» ʮͨΕͰ͍͍͡ΌΜ!ʯ » ·͋ɺݱ࣮ͱͯͦ͠ΕͰ΋͍͍Μ͚ͩͲɺϋϚͬͨ࣌ͭΒ͍ » ಛʹɺΑ͘Θ͔ΒΜଞਓͷPHP؀ڥ͸Α͘Θ͔ΒΜ » ͦ͏͍͏ॴ͸ʮͳΜ͔৭ʑม͑ͨΒۮવಈ͍ͨʂʯˠʮൿ఻ͷλ ϨԽʯ͓ͯ͠Γ… » ʮ͜Ε΋͏͍Βͳ͍Ͱ͠ΐʯʮফ͞ͳ͍Ͱ͍ͩ͘͞ʂʯ » ʮ͜ͷ.htaccess͕ஔ͚ͳ͚Ε͹ࢮʯʮͪ͜ͱΒnginxʯ » ౳ͷ໰౴͕ൃੜ

Slide 268

Slide 268 text

» ʮphp.iniʹઃఆ͕͋Δͱ؅ཧ͕େม…!ʯͱࢥ͏ਓ΋ଟ͍ » ຊ຤స౗ͬΆ͍͚Ͳɺʮશ෦ίʔυʹຒΊࠐΈʯ » ࣮͸ɺ͜Ε͸͜ΕͰղܾࡦͰ΋͋Δ » ʢPHP_INI_SYSTEMͳͲ͸࢒Δ͕…ʣ » ࢲ΋ɺini_setΛଟ༻͢Δ » ͔͠͠ɺࣗ෼Ҏ֎͕৮Δ͔΋͠Εͳ͍Μͩͧ » CLIͰόονճ͢ͱ͖ʹϋϚΔͧ

Slide 269

Slide 269 text

ʮ΍͸Γphp͸ѱ͍ݴޠʂຣࡴ͢Δʂ!"ʯ » php.ini͕ʢ΋ʁʣ΍΍ͯ͘͜͠΋ɺPHPΛݏ͍ʹͳΒͳ͍Ͱͩ͘͞ ͍པΉ » ීஈ͔Β࢖͍ͬͯΕ͹ɺ׳Ε͍͖ͯ·͢ͷͰ… » ຊ೔ͷࢿྉ͸ීஈ࢖͍ͷൣғΛ݁ߏΧόʔ͍ͯ͠ΔͷͰ…͕Μ͹ͬ ͯ… » ฉ͍ͯ͘Εͯ΋͍͍ͷΑʁ

Slide 270

Slide 270 text

php.iniϚελʔʹͳΔʹ͸ » php.netΛख़ಡ͢Δʢ͕ɺ࠲ֶͰ৴༻͢Δͳʣ » php.iniΛख़ಡ͢Δʢ͕ɺ࠲ֶͰ৴༻͢Δͳʣ » ini_get_allͷ஋Λશ෦ݟ͍ͯ͘ » ࣮஍ͰϋϚ֮ͬͯ͑Δ » 20೥͸࣋ͭphp.iniͩ͠ɺ͋ͱ10೥͸࢖ΘΕͦ͏(ʁ)