#!/bin/sh
# -*- mode: Shell-script; tab-width: 8; fill-column: 70; -*-
# $Id: php.mod_php.control,v 0.0.1 2005/04/02 02:57:11 legion Exp $

. /etc/control.d/functions

PHP_SAPI=mod_php
PHP_VERSION=5.0.5
CONFIG="/etc/php/$PHP_VERSION/$PHP_SAPI/php.ini"

php_true='([Oo]n|[Yy]es|[Tt]rue|1)'
php_on='On'

php_false='([Oo]ff|[Nn]o|[Ff]alse|0)'
php_off='Off'

s='[[:space:]]*'

###
### Restricted mode
###

new_subst restricted \
    "^${s}safe_mode${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(safe_mode${s}=\).*$,\1 ${php_on},g"
new_subst restricted \
    "^${s}safe_mode_include_dir${s}=${s}['\"]?./:/usr/lib/php/:/usr/lib/php/$PHP_VERSION/:/usr/share/php/pear/:/usr/share/php/modules/:/usr/share/php/$PHP_VERSION/modules/['\"]?${s}$" \
    "s,^${s};\?${s}\(safe_mode_include_dir${s}=\).*$,\1 \"./:/usr/lib/php/:/usr/lib/php/$PHP_VERSION/:/usr/share/php/pear/:/usr/share/php/modules/:/usr/share/php/$PHP_VERSION/modules/\",g"
new_subst restricted \
    "^${s}safe_mode_allowed_env_vars${s}=${s}PHP_${s}$" \
    "s,^${s};\?${s}\(safe_mode_allowed_env_vars${s}=\).*$,\1 PHP_,g"
new_subst restricted \
    "^${s}safe_mode_protected_env_vars${s}=${s}['\"]?LD_LIBRARY_PATH,LD_PRELOAD,PATH,TMPDIR['\"]?${s}$" \
    "s,^${s};\?${s}\(safe_mode_protected_env_vars${s}=\).*$,\1 \"LD_LIBRARY_PATH\,LD_PRELOAD\,PATH\,TMPDIR\",g"
new_subst restricted \
    "^${s}disable_functions${s}=${s}['\"]?chdir,dl,exec,ini_get_all,phpinfo,shell_exec,system['\"]?${s}$" \
    "s,^${s};\?${s}\(disable_functions${s}=\).*$,\1 \"chdir\,dl\,exec\,ini_get_all\,phpinfo\,shell_exec\,system\",g"

# Resource Limits
new_subst restricted \
    "^${s}max_execution_time${s}=${s}30${s}$" \
    "s,^${s};\?${s}\(max_execution_time${s}=\).*$,\1 30,g"
new_subst restricted \
    "^${s}max_input_time${s}=${s}30${s}$" \
    "s,^${s};\?${s}\(max_input_time${s}=\).*$,\1 30,g"
new_subst restricted \
    "^${s}memory_limit${s}=${s}5M$" \
    "s,^${s};\?${s}\(memory_limit${s}=\).*$,\1 5M,g"

new_subst restricted \
    "^${s}error_reporting${s}=${s}E_ALL${s}$" \
    "s,^${s};\?${s}\(error_reporting${s}=\).*$,\1 E_ALL,g"
new_subst restricted \
    "^${s}display_errors${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(display_errors${s}=\).*$,\1 ${php_off},g"
new_subst restricted \
    "^${s}display_startup_errors${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(display_startup_errors${s}=\).*$,\1 ${php_off},g"
new_subst restricted \
    "^${s}log_errors${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(log_errors${s}=\).*$,\1 ${php_on},g"
new_subst restricted \
    "^${s}ignore_repeated_errors${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(ignore_repeated_errors${s}=\).*$,\1 ${php_off},g"
new_subst restricted \
    "^${s}ignore_repeated_source${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(ignore_repeated_source${s}=\).*$,\1 ${php_off},g"
new_subst restricted \
    "^${s}report_memleaks${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(report_memleaks${s}=\).*$,\1 ${php_on},g"
new_subst restricted \
    "^${s}html_errors${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(html_errors${s}=\).*$,\1 ${php_off},g"
new_subst restricted \
    "^${s}variables_order${s}=${s}['\"]?GPCS['\"]?${s}$" \
    "s,^${s};\?${s}\(variables_order${s}=\).*$,\1 \"GPCS\",g"
new_subst restricted \
    "^${s}register_globals${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(register_globals${s}=\).*$,\1 ${php_off},g"
new_subst restricted \
    "^${s}register_argc_argv${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(register_argc_argv${s}=\).*$,\1 ${php_off},g"
new_subst restricted \
    "^${s}post_max_size${s}=${s}2M${s}$" \
    "s,^${s};\?${s}\(post_max_size${s}=\).*$,\1 2M,g"
new_subst restricted \
    "^${s}include_path${s}=${s}['\"]?./:/usr/lib/php/:/usr/lib/php/$PHP_VERSION/:/usr/share/php/pear/:/usr/share/php/modules/:/usr/share/php/$PHP_VERSION/modules/['\"]?${s}$" \
    "s,^${s};\?${s}\(include_path${s}=\).*$,\1 \"./:/usr/lib/php/:/usr/lib/php/$PHP_VERSION/:/usr/share/php/pear/:/usr/share/php/modules/:/usr/share/php/$PHP_VERSION/modules/\",g"
new_subst restricted \
    "^${s}extension_dir${s}=${s}['\"]?/usr/lib/php/$PHP_VERSION/extensions/['\"]?${s}$" \
    "s,^${s};\?${s}\(extension_dir${s}=\).*$,\1 \"/usr/lib/php/$PHP_VERSION/extensions/\",g"
new_subst restricted \
    "^${s}enable_dl${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(enable_dl${s}=\).*$,\1 ${php_off},g"
new_subst restricted \
    "^${s}upload_max_filesize${s}=${s}2M${s}$" \
    "s,^${s};\?${s}\(upload_max_filesize${s}=\).*$,\1 2M,g"
new_subst restricted \
    "^${s}allow_url_fopen${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(allow_url_fopen${s}=\).*$,\1 ${php_off},g"
new_subst restricted \
    "^${s}define_syslog_variables${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(define_syslog_variables${s}=\).*$,\1 ${php_off},g;"
new_subst restricted \
    "^${s}alt_sapi_config_ini_scan_dir${s}=${s}['\"]?/etc/php/$PHP_VERSION/mod_php/php.d['\"]?${s}$" \
    "s,^${s};\?${s}\(alt_sapi_config_ini_scan_dir${s}=\).*$,\1 \"/etc/php/$PHP_VERSION/mod_php/php.d\",g;"

###
### Relaxed mode
###

new_subst relaxed \
    "^${s}safe_mode${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(safe_mode${s}=\).*$,\1 ${php_off},g"
new_subst relaxed \
    "^${s}(disable_functions${s}=|;${s}disable_functions${s}=.*)${s}$" \
    "s,^${s}\(disable_functions${s}=.*\)$,;\1,g"
new_subst relaxed \
    "^${s}error_reporting${s}=${s}E_ALL${s}$" \
    "s,^${s};\?${s}\(error_reporting${s}=\).*$,\1 E_ALL,g"
new_subst relaxed \
    "^${s}display_errors${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(display_errors${s}=\).*$,\1 ${php_off},g"
new_subst relaxed \
    "^${s}display_startup_errors${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(display_startup_errors${s}=\).*$,\1 ${php_off},g"
new_subst relaxed \
    "^${s}log_errors${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(log_errors${s}=\).*$,\1 ${php_on},g"
new_subst relaxed \
    "^${s}ignore_repeated_errors${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(ignore_repeated_errors${s}=\).*$,\1 ${php_off},g"
new_subst relaxed \
    "^${s}ignore_repeated_source${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(ignore_repeated_source${s}=\).*$,\1 ${php_off},g"
new_subst relaxed \
    "^${s}report_memleaks${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(report_memleaks${s}=\).*$,\1 ${php_on},g"
new_subst relaxed \
    "^${s}html_errors${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(html_errors${s}=\).*$,\1 ${php_on},g"
new_subst relaxed \
    "^${s}variables_order${s}=${s}['\"]?GPCS['\"]?${s}$" \
    "s,^${s};\?${s}\(variables_order${s}=\).*$,\1 \"GPCS\",g"
new_subst relaxed \
    "^${s}register_globals${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(register_globals${s}=\).*$,\1 ${php_off},g"
new_subst relaxed \
    "^${s}register_argc_argv${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(register_argc_argv${s}=\).*$,\1 ${php_off},g"
new_subst relaxed \
    "^${s}post_max_size${s}=${s}4M${s}$" \
    "s,^${s};\?${s}\(post_max_size${s}=\).*$,\1 4M,g"
new_subst relaxed \
    "^${s}include_path${s}=${s}['\"]?./:/usr/lib/php/:/usr/lib/php/$PHP_VERSION/:/usr/share/php/pear/:/usr/share/php/modules/:/usr/share/php/$PHP_VERSION/modules/['\"]?${s}$" \
    "s,^${s};\?${s}\(include_path${s}=\).*$,\1 \"./:/usr/lib/php/:/usr/lib/php/$PHP_VERSION/:/usr/share/php/pear/:/usr/share/php/modules/:/usr/share/php/$PHP_VERSION/modules/\",g"
new_subst relaxed \
    "^${s}extension_dir${s}=${s}['\"]?/usr/lib/php/$PHP_VERSION/extensions/['\"]?${s}$" \
    "s,^${s};\?${s}\(extension_dir${s}=\).*$,\1 \"/usr/lib/php/$PHP_VERSION/extensions/\",g"
new_subst relaxed \
    "^${s}enable_dl${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(enable_dl${s}=\).*$,\1 ${php_on},g"
new_subst relaxed \
    "^${s}upload_max_filesize${s}=${s}2M${s}$" \
    "s,^${s};\?${s}\(upload_max_filesize${s}=\).*$,\1 2M,g"
new_subst relaxed \
    "^${s}allow_url_fopen${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(allow_url_fopen${s}=\).*$,\1 ${php_on},g"
new_subst relaxed \
    "^${s}define_syslog_variables${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(define_syslog_variables${s}=\).*$,\1 ${php_off},g;"
new_subst relaxed \
    "^${s}alt_sapi_config_ini_scan_dir${s}=${s}['\"]?/etc/php/$PHP_VERSION/mod_php/php.d['\"]?${s}$" \
    "s,^${s};\?${s}\(alt_sapi_config_ini_scan_dir${s}=\).*$,\1 \"/etc/php/$PHP_VERSION/mod_php/php.d\",g;"

###
### Public mode
###

new_subst public \
    "^${s}(;${s}safe_mode${s}=|safe_mode${s}=${s}${php_false})${s}$" \
    "s,^${s}\(safe_mode${s}=\).*$,\1 ${php_off},g"
new_subst public \
    "^${s}(disable_functions${s}=|;${s}disable_functions${s}=.*)${s}$" \
    "s,^${s}\(disable_functions${s}=.*\)$,;\1,g"
new_subst public \
    "^${s}error_reporting${s}=${s}E_ALL & ~E_NOTICE${s}$" \
    "s,^${s};\?${s}\(error_reporting${s}=\).*$,\1 E_ALL \& ~E_NOTICE,g"
new_subst public \
    "^${s}display_errors${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(display_errors${s}=\).*$,\1 ${php_on},g"
new_subst public \
    "^${s}display_startup_errors${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(display_startup_errors${s}=\).*$,\1 ${php_on},g"
new_subst public \
    "^${s}log_errors${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(log_errors${s}=\).*$,\1 ${php_on},g"
new_subst public \
    "^${s}ignore_repeated_errors${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(ignore_repeated_errors${s}=\).*$,\1 ${php_off},g"
new_subst public \
    "^${s}ignore_repeated_source${s}=${s}${php_false}${s}$" \
    "s,^${s};\?${s}\(ignore_repeated_source${s}=\).*$,\1 ${php_off},g"
new_subst public \
    "^${s}html_errors${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(html_errors${s}=\).*$,\1 ${php_on},g"
new_subst public \
    "^${s}variables_order${s}=${s}['\"]?EGPCS['\"]?${s}$" \
    "s,^${s};\?${s}\(variables_order${s}=\).*$,\1 \"EGPCS\",g"
new_subst public \
    "^${s}register_globals${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(register_globals${s}=\).*$,\1 ${php_on},g"
new_subst public \
    "^${s}register_argc_argv${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(register_argc_argv${s}=\).*$,\1 ${php_on},g"
new_subst public \
    "^${s}extension_dir${s}=${s}['\"]?/usr/lib/php/$PHP_VERSION/extensions/['\"]?${s}$" \
    "s,^${s};\?${s}\(extension_dir${s}=\).*$,\1 \"/usr/lib/php/$PHP_VERSION/extensions/\",g"
new_subst public \
    "^${s}enable_dl${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(enable_dl${s}=\).*$,\1 ${php_on},g"
new_subst public \
    "^${s}allow_url_fopen${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(allow_url_fopen${s}=\).*$,\1 ${php_on},g"
new_subst public \
    "^${s}define_syslog_variables${s}=${s}${php_true}${s}$" \
    "s,^${s};\?${s}\(define_syslog_variables${s}=\).*$,\1 ${php_on},g"
new_subst public \
    "^${s}alt_sapi_config_ini_scan_dir${s}=${s}['\"]?/etc/php/$PHP_VERSION/mod_php/php.d['\"]?${s}$" \
    "s,^${s};\?${s}\(alt_sapi_config_ini_scan_dir${s}=\).*$,\1 \"/etc/php/$PHP_VERSION/mod_php/php.d\",g;"

###
### Help messages
###

new_help restricted "The good mode of security. But not good enough. (recommended)"
new_help relaxed "The middle mode of security."
new_help public "The weakest mode of security. If you not the madman do not use it."

###
### Action
###

control_subst "$CONFIG" "$*" || exit 1
