Add PHP 8.4.18 and 8.5.3 configurations with OPCache and extension support

[N6REJ]

PR Type

Enhancement

---

Description

• Added comprehensive PHP 8.4.18 and 8.5.3 configurations with full extension and OPCache support

• Created php.ini files for both versions with development-oriented settings including memory limits (512M), error reporting (E_ALL), and essential extensions (curl, fileinfo, gd, intl, mbstring, mysqli, openssl, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, sodium)

• Added extension dependencies configuration (exts.properties) for both PHP versions specifying imagick, memcache, and xdebug with compatible versions

• Configured system dependencies (deps.properties) for both versions with ImageMagick 7.1.2-15

• Added Bearsampp bundle configurations (bearsampp.conf) for both PHP versions

• Added PEAR package manager configuration (pear.properties) for both versions with pearweb_phars 1.10.24

• Updated GitHub Actions workflow to include prereleased event type for release automation

• Updated bundle release version from 2026.1.30 to 2026.3.4

• Added documentation for dependencies directories explaining PECL dependencies and PATH injection

---

Diagram Walkthrough

flowchart LR
  A["PHP 8.4.18 & 8.5.3<br/>Versions"] --> B["php.ini<br/>Core Configuration"]
  A --> C["exts.properties<br/>Extension URLs"]
  A --> D["deps.properties<br/>System Dependencies"]
  A --> E["bearsampp.conf<br/>Bundle Config"]
  A --> F["pear.properties<br/>PEAR Manager"]
  B --> G["Extensions<br/>OPCache, xdebug"]
  C --> G
  D --> H["ImageMagick<br/>7.1.2-15"]
  E --> I["Bearsampp<br/>Integration"]
  F --> I
  J["GitHub Actions<br/>Workflow"] --> K["Release Events<br/>Support"]
  L["Build Version"] --> M["2026.3.4"]

Loading

File Walkthrough

	Relevant files
Configuration changes	12 files php.ini PHP 8.4.18 configuration with extensions and OPCache          bin/php8.4.18/php.ini Added comprehensive PHP 8.4.18 configuration file with development-oriented settings Configured core PHP directives including memory limits (512M), execution timeouts, and error reporting (E_ALL) Enabled essential extensions (curl, fileinfo, gd, intl, mbstring, mysqli, openssl, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, sodium) Configured OPCache extension with disabled state and xdebug for debugging support Set up session handling, file uploads (32M max), and temporary directories with BEARSAMPP path variables +1925/-0 exts.properties PHP 8.4.18 extension dependencies configuration                    bin/php8.4.18/exts.properties Added extension download URLs for PHP 8.4.18 (imagick, memcache, xdebug) Specified compatible versions: imagick 3.7.0, memcache 8.2, xdebug 3.5.1 All extensions target VS17 x64 architecture with thread-safe builds +3/-0      exts.properties PHP 8.5.3 extension dependencies configuration                      bin/php8.5.3/exts.properties Added extension download URLs for PHP 8.5.3 (imagick, memcache, xdebug) Specified compatible versions: imagick 3.8.1, memcache 8.2, xdebug 3.5.1 All extensions target VS17 x64 architecture with thread-safe builds +3/-0      update-releases-properties.yml GitHub Actions workflow release event types                            .github/workflows/update-releases-properties.yml Updated GitHub Actions workflow trigger to include prereleased event type Allows workflow to execute on released, pre-released, and edited release events +1/-1      bearsampp.conf PHP 8.4.18 Bearsampp bundle configuration                                bin/php8.4.18/bearsampp.conf Added Bearsampp configuration for PHP 8.4.18 Configured PHP version, CLI executables, Apache module, and bundle release placeholder +9/-0      bearsampp.conf PHP 8.5.3 Bearsampp bundle configuration                                  bin/php8.5.3/bearsampp.conf Added Bearsampp configuration for PHP 8.5.3 Configured PHP version, CLI executables, Apache module, and bundle release placeholder +9/-0      deps.properties PHP 8.4.18 system dependencies configuration                          bin/php8.4.18/deps.properties Added ImageMagick 7.1.2-15 dependency download URL for PHP 8.4.18 Targets portable Q16 HDRI x64 architecture +1/-0      deps.properties PHP 8.5.3 system dependencies configuration                            bin/php8.5.3/deps.properties Added ImageMagick 7.1.2-15 dependency download URL for PHP 8.5.3 Targets portable Q16 HDRI x64 architecture +1/-0      build.properties Build bundle release version update                                            build.properties Updated bundle release version from 2026.1.30 to 2026.3.4 +1/-1      pear.properties PHP 8.4.18 PEAR package manager configuration                        bin/php8.4.18/pear.properties Added PEAR package manager download URL for PHP 8.4.18 Specifies pearweb_phars version 1.10.24 from Bearsampp modules repository +1/-0      pear.properties PHP 8.5.3 PEAR package manager configuration                          bin/php8.5.3/pear.properties Added PEAR package manager download URL for PHP 8.5.3 Specifies pearweb_phars version 1.10.24 from Bearsampp modules repository +1/-0      php.ini PHP 8.5.3 development configuration with extensions and OPCache bin/php8.5.3/php.ini Added comprehensive PHP 8.5.3 configuration file with 1920 lines of settings Configured core PHP directives including error reporting, display settings, and resource limits Enabled essential extensions (curl, fileinfo, gd, gettext, intl, mbstring, mysqli, openssl, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, sodium) Configured OPCache, session handling, SOAP, and xdebug with development-friendly settings Set up paths and directories with ~BEARSAMPP_LIN_PATH~ placeholders for dynamic configuration +1920/-0
Documentation	2 files README.txt PHP 8.4.18 dependencies directory documentation                    bin/php8.4.18/deps/README.txt Added README documentation for PHP 8.4.18 dependencies directory Explains purpose of directory for PECL dependencies and PATH injection +2/-0      README.txt PHP 8.5.3 dependencies directory documentation                      bin/php8.5.3/deps/README.txt Added README documentation for PHP 8.5.3 dependencies directory Explains purpose of directory for PECL dependencies and PATH injection +2/-0

---

[qodo-code-review]

Review Summary by Qodo

Add PHP 8.4.18 and 8.5.3 configurations with OPCache and extension support

✨ Enhancement

Walkthroughs

Description

• Added comprehensive PHP 8.4.18 and PHP 8.5.3 configuration bundles with full extension support
• Configured core PHP directives including memory limits (512M), execution timeouts (60s), and file
  upload sizes (32M)
• Enabled essential extensions for both versions: curl, fileinfo, gd, intl, mbstring, mysqli,
  openssl, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, and sodium
• Added PECL extensions configuration (imagick, memcache, xdebug) for both PHP versions pointing to
  Bearsampp modules-untouched release 2026.3.4
• Configured OPCache extension with disabled state for both versions and xdebug for debugging
  support
• Set up Bearsampp bundle configurations for both PHP versions with CLI executables and Apache
  module paths
• Added system dependencies configuration (ImageMagick 7.1.2-15) for both versions
• Configured PEAR package manager (pearweb_phars 1.10.24) for both versions
• Updated bundle release version from 2026.1.30 to 2026.3.4
• Added documentation for dependencies directory structure

Diagram

flowchart LR
  A["Bundle Release<br/>2026.1.30"] -- "update to" --> B["Bundle Release<br/>2026.3.4"]
  B -- "configure" --> C["PHP 8.4.18<br/>Configuration"]
  B -- "configure" --> D["PHP 8.5.3<br/>Configuration"]
  C -- "includes" --> E["Extensions<br/>imagick, memcache, xdebug"]
  D -- "includes" --> E
  C -- "includes" --> F["Dependencies<br/>ImageMagick 7.1.2-15"]
  D -- "includes" --> F
  C -- "includes" --> G["PEAR Manager<br/>v1.10.24"]
  D -- "includes" --> G

Loading

File Changes

1. bin/php8.4.18/php.ini ⚙️ Configuration changes +1925/-0

PHP 8.4.18 comprehensive configuration with extensions

• Added comprehensive PHP 8.4.18 configuration file with 1925 lines of settings
• Configured core PHP directives including memory limits (512M), execution timeouts (60s), and file
 upload sizes (32M)
• Enabled essential extensions (curl, fileinfo, gd, intl, mbstring, mysqli, openssl, pdo_mysql,
 pdo_pgsql, pdo_sqlite, pgsql, sodium)
• Configured OPCache extension with disabled state and xdebug for debugging support
• Set up session handling, error reporting (E_ALL), and development-friendly display settings

bin/php8.4.18/php.ini

---

2. bin/php8.4.18/exts.properties ⚙️ Configuration changes +3/-0

PHP 8.4.18 PECL extensions configuration

• Added extension download URLs for PHP 8.4.18 (imagick, memcache, xdebug)
• Configured three PECL extensions with specific version compatibility for PHP 8.4
• All extensions point to Bearsampp modules-untouched release 2026.3.4

bin/php8.4.18/exts.properties

---

3. bin/php8.5.3/exts.properties ⚙️ Configuration changes +3/-0

PHP 8.5.3 PECL extensions configuration

• Added extension download URLs for PHP 8.5.3 (imagick, memcache, xdebug)
• Configured three PECL extensions with version compatibility for PHP 8.5
• All extensions point to Bearsampp modules-untouched release 2026.3.4

bin/php8.5.3/exts.properties

---

View more (10)

4. bin/php8.4.18/bearsampp.conf ⚙️ Configuration changes +9/-0

PHP 8.4.18 Bearsampp bundle configuration

• Added Bearsampp configuration file for PHP 8.4.18
• Configured PHP version, CLI executables, configuration file path, and Apache module
• Set bundle release version placeholder for automated updates

bin/php8.4.18/bearsampp.conf

---

5. bin/php8.5.3/bearsampp.conf ⚙️ Configuration changes +9/-0

PHP 8.5.3 Bearsampp bundle configuration

• Added Bearsampp configuration file for PHP 8.5.3
• Configured PHP version, CLI executables, configuration file path, and Apache module
• Set bundle release version placeholder for automated updates

bin/php8.5.3/bearsampp.conf

---

6. bin/php8.4.18/deps.properties ⚙️ Configuration changes +1/-0

PHP 8.4.18 system dependencies configuration

• Added ImageMagick dependency URL for PHP 8.4.18
• Configured ImageMagick 7.1.2-15 portable version from Bearsampp modules-untouched release

bin/php8.4.18/deps.properties

---

7. bin/php8.5.3/deps.properties ⚙️ Configuration changes +1/-0

PHP 8.5.3 system dependencies configuration

• Added ImageMagick dependency URL for PHP 8.5.3
• Configured ImageMagick 7.1.2-15 portable version from Bearsampp modules-untouched release

bin/php8.5.3/deps.properties

---

8. build.properties ⚙️ Configuration changes +1/-1

Bundle release version update

• Updated bundle release version from 2026.1.30 to 2026.3.4

build.properties

---

9. bin/php8.4.18/deps/README.txt 📝 Documentation +2/-0

PHP 8.4.18 dependencies directory documentation

• Added README file documenting the purpose of the deps directory
• Explains that PECL dependencies should be placed here and will be injected into PATH

bin/php8.4.18/deps/README.txt

---

10. bin/php8.5.3/deps/README.txt 📝 Documentation +2/-0

PHP 8.5.3 dependencies directory documentation

• Added README file documenting the purpose of the deps directory
• Explains that PECL dependencies should be placed here and will be injected into PATH

bin/php8.5.3/deps/README.txt

---

11. bin/php8.4.18/pear.properties ⚙️ Configuration changes +1/-0

PHP 8.4.18 PEAR package manager configuration

• Added PEAR package manager download URL for PHP 8.4.18
• Configured pearweb_phars version 1.10.24 from Bearsampp modules-untouched release 2025.12.7

bin/php8.4.18/pear.properties

---

12. bin/php8.5.3/pear.properties ⚙️ Configuration changes +1/-0

PHP 8.5.3 PEAR package manager configuration

• Added PEAR package manager download URL for PHP 8.5.3
• Configured pearweb_phars version 1.10.24 from Bearsampp modules-untouched release 2025.12.7

bin/php8.5.3/pear.properties

---

13. bin/php8.5.3/php.ini ⚙️ Configuration changes +1920/-0

PHP 8.5.3 configuration with extensions and OPCache

• Added comprehensive PHP 8.5.3 configuration file with 1920 lines of settings
• Configured core PHP directives including error reporting, display settings, and resource limits
• Enabled essential extensions (curl, fileinfo, gd, gettext, intl, mbstring, mysqli, openssl,
 pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, sodium)
• Configured OPCache settings (currently disabled with opcache.enable=0 and
 opcache.enable_cli=0)
• Set up session handling, file uploads, and SOAP caching with custom paths using
 ~BEARSAMPP_LIN_PATH~ placeholder
• Included xdebug extension configuration for debugging with cachegrind output support

bin/php8.5.3/php.ini

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (3) 📘 Rule violations (0) 📎 Requirement gaps (0)

1. OPcache not loaded 🐞 Bug ✓ Correctness

Description

bin/php8.5.3/php.ini has an [opcache] section but no zend_extension line to load php_opcache.dll, so
OPcache may be unavailable for 8.5.3 builds. This is inconsistent with other versions (e.g., 8.5.0)
that explicitly load php_opcache.dll.

Code

bin/php8.5.3/php.ini[R1723-1730]

+
+[opcache]
+; Determines if Zend OPCache is enabled
+opcache.enable=0
+
+; Determines if Zend OPCache is enabled for the CLI version of PHP
+opcache.enable_cli=0
+

Evidence

PHP 8.5.3’s ini jumps directly into the [opcache] section without a preceding zend_extension
directive, while PHP 8.5.0 explicitly loads php_opcache.dll right before [opcache]. This likely
means OPcache is not loaded for 8.5.3 despite opcache settings being present.

bin/php8.5.3/php.ini[1716-1735]
bin/php8.5.0/php.ini[1722-1735]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`bin/php8.5.3/php.ini` configures OPcache but does not load the OPcache Zend extension (php_opcache.dll). This can result in OPcache not being available/loaded for PHP 8.5.3.
### Issue Context
Other PHP versions in this repo (e.g., 8.5.0) include a `zend_extension = ".../ext/php_opcache.dll"` line immediately before the `[opcache]` section.
### Fix Focus Areas
- bin/php8.5.3/php.ini[1718-1726]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. Deps key casing mismatch ☑ 🐞 Bug ⛯ Reliability

Description

deps.properties for the new versions uses Imagemagick (capital I), but the build dependency
processor checks for depName == 'imagemagick' (lowercase) case-sensitively. This can prevent
ImageMagick binaries from being copied into the built PHP bundle, likely breaking imagick runtime
loading.

Code

bin/php8.5.3/deps.properties[1]

+Imagemagick = https://github.com/Bearsampp/modules-untouched/releases/download/php-2026.3.4/ImageMagick-7.1.2-15-portable-Q16-HDRI-x64.7z

Evidence

The dependency processing logic derives depName from the properties key and only handles ImageMagick
when depName equals the lowercase string 'imagemagick'. The new deps.properties uses 'Imagemagick',
so the condition won’t match and the copy step won’t run.

bin/php8.5.3/deps.properties[1-1]
bin/php8.4.18/deps.properties[1-1]
build.gradle[1908-1940]
bin/php8.5.0/deps.properties[1-1]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
Dependency packaging for ImageMagick is keyed off a case-sensitive match on `depName == 'imagemagick'` in `build.gradle`. New version configs use `Imagemagick` (capital I), so ImageMagick files may not be copied into the built bundle.
### Issue Context
`processDependencies()` derives `depName` from the property key and only copies ImageMagick files when it matches exactly `imagemagick`.
### Fix Focus Areas
- bin/php8.4.18/deps.properties[1-1]
- bin/php8.5.3/deps.properties[1-1]
- build.gradle[1909-1939]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. Versions not registered 🐞 Bug ⛯ Reliability

Description

This PR adds new version directories for 8.4.18 and 8.5.3 but does not add them to
releases.properties, despite docs explicitly requiring it when adding a new PHP version. As a
result, tooling/CI/release listing that reads releases.properties won’t discover these versions.

Code

bin/php8.5.3/bearsampp.conf[1]

+phpVersion = "8.5.3"

Evidence

The docs state that adding a new PHP version requires adding it to releases.properties.
releases.properties currently lists up to 8.5.2 / 8.4.17, and the new version 8.5.3 (and 8.4.18) are
absent.

docs/README.md[68-73]
releases.properties[1-4]
bin/php8.5.3/bearsampp.conf[1-1]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
New PHP versions (8.4.18, 8.5.3) were added under `bin/`, but `releases.properties` was not updated. Repo docs say new versions must be registered there.
### Issue Context
Automations and helpers (e.g., `listReleases`) rely on `releases.properties` as the canonical list.
### Fix Focus Areas
- releases.properties[1-10]
- bin/php8.4.18/bearsampp.conf[1-1]
- bin/php8.5.3/bearsampp.conf[1-1]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

ⓘ The new review experience is currently in Beta. Learn more

[github-actions]

🐘 PHP Module Tests - Results

Test Date: 2026-03-05 00:37:00 UTC
Status: ✅ All tests passed

📊 Test Results by Version

PHP 8.4.18

PHP 8.5.3

Results: 8 of 8 tests completed

All tests passed successfully! ✨

---

📋 Test Phases

Each version is tested through the following phases:

• Phase 1: Basic PHP Validation (Download, Extract, Verify Executable)
• Phase 2: Extension Validation (Download, Architecture Check, Loading Test)
• Phase 3: Dependency Validation (Download Dependencies, Test with Dependencies)
• Phase 4: Functional Testing (Test Extension Functionality)

Check artifacts for detailed logs.

[qodo-code-review]

PR Reviewer Guide 🔍

(Review updated until commit 7516e02)

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 No relevant tests

🔒 Security concerns Information exposure & unsafe runtime environment defaults: bin/php8.4.18/php.ini enables display_errors = On, display_startup_errors = On, and expose_php = On, which can disclose stack traces, file paths, configuration details, and the presence/version of PHP if accidentally used in production-like contexts. PATH/DLL hijacking risk: bin/php8.4.18/deps/README.txt (and the analogous PHP 8.5.3 file) indicates dependencies will be injected into PATH. If untrusted files can be placed in these directories, this can lead to loading unintended executables/DLLs ahead of system ones.

⚡ Recommended focus areas for review Security Defaults The shipped php.ini enables development-oriented settings (e.g., display_errors, display_startup_errors, and expose_php) that can leak sensitive runtime/config details if this config is used outside local development. Consider either hardening defaults or clearly separating dev vs prod configs to avoid accidental production use. expose_php = On ;;;;;;;;;;;;;;;;;;; ; Resource Limits ; ;;;;;;;;;;;;;;;;;;; ; Maximum execution time of each script, in seconds ; http://php.net/max-execution-time ; Note: This directive is hardcoded to 0 for the CLI SAPI max_execution_time = 60 ; Maximum amount of time each script may spend parsing request data. It's a good ; idea to limit this time on productions servers in order to eliminate unexpectedly ; long running scripts. ; Note: This directive is hardcoded to -1 for the CLI SAPI ; Default Value: -1 (Unlimited) ; Development Value: 60 (60 seconds) ; Production Value: 60 (60 seconds) ; http://php.net/max-input-time max_input_time = 90 ; Maximum input variable nesting level ; http://php.net/max-input-nesting-level ;max_input_nesting_level = 64 ; How many GET/POST/COOKIE input variables may be accepted ;max_input_vars = 1000 ; Maximum amount of memory a script may consume ; http://php.net/memory-limit memory_limit = 512M ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Error handling and logging ; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; This directive informs PHP of which errors, warnings and notices you would like ; it to take action for. The recommended way of setting values for this ; directive is through the use of the error level constants and bitwise ; operators. The error level constants are below here for convenience as well as ; some common settings and their meanings. ; By default, PHP is set to take action on all errors, notices and warnings EXCEPT ; those related to E_NOTICE and E_STRICT, which together cover best practices and ; recommended coding standards in PHP. For performance reasons, this is the ; recommend error reporting setting. Your production server shouldn't be wasting ; resources complaining about best practices and coding standards. That's what ; development servers and development settings are for. ; Note: The php.ini-development file has this setting as E_ALL. This ; means it pretty much reports everything which is exactly what you want during ; development and early testing. ; ; Error Level Constants: ; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) ; E_ERROR - fatal run-time errors ; E_RECOVERABLE_ERROR - almost fatal run-time errors ; E_WARNING - run-time warnings (non-fatal errors) ; E_PARSE - compile-time parse errors ; E_NOTICE - run-time notices (these are warnings which often result ; from a bug in your code, but it's possible that it was ; intentional (e.g., using an uninitialized variable and ; relying on the fact it is automatically initialized to an ; empty string) ; E_STRICT - run-time notices, enable to have PHP suggest changes ; to your code which will ensure the best interoperability ; and forward compatibility of your code ; E_CORE_ERROR - fatal errors that occur during PHP's initial startup ; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's ; initial startup ; E_COMPILE_ERROR - fatal compile-time errors ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) ; E_USER_ERROR - user-generated error message ; E_USER_WARNING - user-generated warning message ; E_USER_NOTICE - user-generated notice message ; E_DEPRECATED - warn about code that will not work in future versions ; of PHP ; E_USER_DEPRECATED - user-generated deprecation warnings ; ; Common Values: ; E_ALL (Show all errors, warnings and notices including coding standards.) ; E_ALL & ~E_NOTICE (Show all errors, except for notices) ; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) ; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) ; Default Value: E_ALL ; Development Value: E_ALL ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT ; http://php.net/error-reporting error_reporting = E_ALL ; This directive controls whether or not and where PHP will output errors, ; notices and warnings too. Error output is very useful during development, but ; it could be very dangerous in production environments. Depending on the code ; which is triggering the error, sensitive information could potentially leak ; out of your application such as database usernames and passwords or worse. ; For production environments, we recommend logging errors rather than ; sending them to STDOUT. ; Possible Values: ; Off = Do not display any errors ; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) ; On or stdout = Display errors to STDOUT ; Default Value: On ; Development Value: On ; Production Value: Off ; http://php.net/display-errors display_errors = On ; The display of errors which occur during PHP's startup sequence are handled ; separately from display_errors. We strongly recommend you set this to 'off' ; for production servers to avoid leaking configuration details. ; Default Value: On ; Development Value: On ; Production Value: Off ; http://php.net/display-startup-errors display_startup_errors = On ; Besides displaying errors, PHP can also log errors to locations such as a OPCache/Xdebug Setup opcache is loaded via zend_extension but opcache.enable / opcache.enable_cli are set to 0, which effectively disables it despite “OPCache support”. Also, the xdebug section uses zend_extension = "xdebug" which may rely on implicit extension naming/paths; validate that extension loading works consistently with the provided binaries and extension_dir, and that multiple zend_extension directives don’t conflict. zend_extension = "~BEARSAMPP_LIN_PATH~/bin/php/php8.4.18/ext/php_opcache.dll" [opcache] ; Determines if Zend OPCache is enabled opcache.enable=0 ; Determines if Zend OPCache is enabled for the CLI version of PHP opcache.enable_cli=0 ; The OPcache shared memory storage size. ;opcache.memory_consumption=128 ; The amount of memory for interned strings in Mbytes. ;opcache.interned_strings_buffer=8 ; The maximum number of keys (scripts) in the OPcache hash table. ; Only numbers between 200 and 1000000 are allowed. ;opcache.max_accelerated_files=10000 ; The maximum percentage of "wasted" memory until a restart is scheduled. ;opcache.max_wasted_percentage=5 ; When this directive is enabled, the OPcache appends the current working ; directory to the script key, thus eliminating possible collisions between ; files with the same name (basename). Disabling the directive improves ; performance, but may break existing applications. ;opcache.use_cwd=1 ; When disabled, you must reset the OPcache manually or restart the ; webserver for changes to the filesystem to take effect. ;opcache.validate_timestamps=1 ; How often (in seconds) to check file timestamps for changes to the shared ; memory storage allocation. ("1" means validate once per second, but only ; once per request. "0" means always validate) ;opcache.revalidate_freq=2 ; Enables or disables file search in include_path optimization ;opcache.revalidate_path=0 ; If disabled, all PHPDoc comments are dropped from the code to reduce the ; size of the optimized code. ;opcache.save_comments=1 ; If enabled, compilation warnings (including notices and deprecations) will ; be recorded and replayed each time a file is included. Otherwise, compilation ; warnings will only be emitted when the file is first cached. ;opcache.record_warnings=0 ; Allow file existence override (file_exists, etc.) performance feature. ;opcache.enable_file_override=0 ; A bitmask, where each bit enables or disables the appropriate OPcache ; passes ;opcache.optimization_level=0x7FFFBFFF ;opcache.dups_fix=0 ; The location of the OPcache blacklist file (wildcards allowed). ; Each OPcache blacklist file is a text file that holds the names of files ; that should not be accelerated. The file format is to add each filename ; to a new line. The filename may be a full path or just a file prefix ; (i.e., /var/www/x blacklists all the files and directories in /var/www ; that start with 'x'). Line starting with a ; are ignored (comments). ;opcache.blacklist_filename= ; Allows exclusion of large files from being cached. By default all files ; are cached. ;opcache.max_file_size=0 ; Check the cache checksum each N requests. ; The default value of "0" means that the checks are disabled. ;opcache.consistency_checks=0 ; How long to wait (in seconds) for a scheduled restart to begin if the cache ; is not being accessed. ;opcache.force_restart_timeout=180 ; OPcache error_log file name. Empty string assumes "stderr". ;opcache.error_log= ; All OPcache errors go to the Web server log. ; By default, only fatal errors (level 0) or errors (level 1) are logged. ; You can also enable warnings (level 2), info messages (level 3) or ; debug messages (level 4). ;opcache.log_verbosity_level=1 ; Preferred Shared Memory back-end. Leave empty and let the system decide. ;opcache.preferred_memory_model= ; Protect the shared memory from unexpected writing during script execution. ; Useful for internal debugging only. ;opcache.protect_memory=0 ; Allows calling OPcache API functions only from PHP scripts which path is ; started from specified string. The default "" means no restriction ;opcache.restrict_api= ; Mapping base of shared memory segments (for Windows only). All the PHP ; processes have to map shared memory into the same address space. This ; directive allows to manually fix the "Unable to reattach to base address" ; errors. ;opcache.mmap_base= ; Facilitates multiple OPcache instances per user (for Windows only). All PHP ; processes with the same cache ID and user share an OPcache instance. ;opcache.cache_id= ; Enables and sets the second level cache directory. ; It should improve performance when SHM memory is full, at server restart or ; SHM reset. The default "" disables file based caching. ;opcache.file_cache= ; Enables or disables opcode caching in shared memory. ;opcache.file_cache_only=0 ; Enables or disables checksum validation when script loaded from file cache. ;opcache.file_cache_consistency_checks=1 ; Implies opcache.file_cache_only=1 for a certain process that failed to ; reattach to the shared memory (for Windows only). Explicitly enabled file ; cache is required. ;opcache.file_cache_fallback=1 ; Enables or disables copying of PHP code (text segment) into HUGE PAGES. ; This should improve performance, but requires appropriate OS configuration. ;opcache.huge_code_pages=0 ; Validate cached file permissions. ;opcache.validate_permission=0 ; Prevent name collisions in chroot'ed environment. ;opcache.validate_root=0 ; If specified, it produces opcode dumps for debugging different stages of ; optimizations. ;opcache.opt_debug_level=0 ; Specifies a PHP script that is going to be compiled and executed at server ; start-up. ; http://php.net/opcache.preload ;opcache.preload= ; Preloading code as root is not allowed for security reasons. This directive ; facilitates to let the preloading to be run as another user. ; http://php.net/opcache.preload_user ;opcache.preload_user= ; Prevents caching files that are less than this number of seconds old. It ; protects from caching of incompletely updated files. In case all file updates ; on your site are atomic, you may increase performance by setting it to "0". ;opcache.file_update_protection=2 ; Absolute path used to store shared lockfiles (for *nix only). ;opcache.lockfile_path=/tmp [curl] ; A default value for the CURLOPT_CAINFO option. This is required to be an ; absolute path. ;curl.cainfo = [openssl] ; The location of a Certificate Authority (CA) file on the local filesystem ; to use when verifying the identity of SSL/TLS peers. Most users should ; not specify a value for this directive as PHP will attempt to use the ; OS-managed cert stores in its absence. If specified, this value may still ; be overridden on a per-stream basis via the "cafile" SSL stream context ; option. ;openssl.cafile= ; If openssl.cafile is not specified or if the CA file is not found, the ; directory pointed to by openssl.capath is searched for a suitable ; certificate. This value must be a correctly hashed certificate directory. ; Most users should not specify a value for this directive as PHP will ; attempt to use the OS-managed cert stores in its absence. If specified, ; this value may still be overridden on a per-stream basis via the "capath" ; SSL stream context option. ;openssl.capath= [ffi] ; FFI API restriction. Possible values: ; "preload" - enabled in CLI scripts and preloaded files (default) ; "false" - always disabled ; "true" - always enabled ;ffi.enable=preload ; List of headers files to preload, wildcard patterns allowed. ;ffi.preload= [xdebug] zend_extension = "xdebug" xdebug.mode = debug xdebug.start_with_request = trigger xdebug.output_name = cachegrind.out.%t.%p xdebug.output_dir = "~BEARSAMPP_LIN_PATH~/tmp/cachegrind" xdebug.var_display_max_children = "1024" xdebug.var_display_max_depth = "8192" xdebug.var_display_max_data = "32768" xdebug.max_nesting_level = "250" PATH Injection The documentation states that dependency directories will be injected into PATH. This is convenient but increases risk of DLL hijacking / unintended binary precedence. Ensure the injection is scoped (e.g., per-process), ordered safely, and ideally limited to known dependency filenames/locations. Place dependencies required by PHP here like PECL deps (http://windows.php.net/downloads/pecl/deps/). The dependencies will be injected into the PATH environment variable.

[qodo-code-review]

PR Code Suggestions ✨

Latest suggestions up to 7516e02

Category	Suggestion	Impact
Possible issue	Fix incorrect runtime paths Fix the include_path and extension_dir in php.ini by removing the incorrect, extra php/ segment from the paths to prevent PHP startup errors. bin/php8.5.3/php.ini [744-768] -include_path=".;~BEARSAMPP_LIN_PATH~/bin/php/php8.5.3/pear/pear" +include_path=".;~BEARSAMPP_LIN_PATH~/bin/php8.5.3/pear/pear" ... -extension_dir = "~BEARSAMPP_LIN_PATH~/bin/php/php8.5.3/ext" +extension_dir = "~BEARSAMPP_LIN_PATH~/bin/php8.5.3/ext" [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 9 __ Why: This suggestion correctly identifies a critical path misconfiguration in include_path and extension_dir that would prevent PEAR and all PHP extensions from loading, effectively breaking the PHP installation.	High
	Use absolute Zend extension paths Use an absolute path for the xdebug zend_extension directive to ensure it loads reliably, similar to how the opcache extension is configured. bin/php8.4.18/php.ini [1917] ; OPCache zend_extension = "~BEARSAMPP_LIN_PATH~/bin/php/php8.4.18/ext/php_opcache.dll" [opcache] ; Determines if Zend OPCache is enabled opcache.enable=0 ... [xdebug] -zend_extension = "xdebug" +zend_extension = "~BEARSAMPP_LIN_PATH~/bin/php/php8.4.18/ext/php_xdebug.dll" xdebug.mode = debug [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 6 __ Why: The suggestion correctly points out that using an absolute path for zend_extension is more robust and consistent with how opcache is loaded, improving configuration reliability.	Low
Security	Disable unsafe PATH_INFO behavior Set cgi.fix_pathinfo to 0 to mitigate a common security vulnerability related to request routing in CGI/FastCGI environments. bin/php8.4.18/php.ini [804-805] ; http://php.net/cgi.fix-pathinfo -cgi.fix_pathinfo = 1 +cgi.fix_pathinfo = 0 Apply / Chat Suggestion importance[1-10]: 8 __ Why: This is a valid and important security hardening suggestion that mitigates a well-known vulnerability in certain PHP-CGI/FPM setups by disabling cgi.fix_pathinfo.	Medium
	Enable strict session handling Enable session.use_strict_mode by setting it to 1 to enhance security against session fixation attacks. bin/php8.4.18/php.ini [1345-1346] ; https://wiki.php.net/rfc/strict_sessions -session.use_strict_mode = 0 +session.use_strict_mode = 1 Apply / Chat Suggestion importance[1-10]: 8 __ Why: The suggestion correctly recommends enabling session.use_strict_mode, which is a crucial security measure to prevent session fixation attacks and should be enabled by default.	Medium
General	Enable opcode caching by default Enable OPCache by setting opcache.enable=1 in php.ini to provide the expected performance benefits by default. bin/php8.5.3/php.ini [1724-1729] [opcache] ; Determines if Zend OPCache is enabled -opcache.enable=0 +opcache.enable=1 ; Determines if Zend OPCache is enabled for the CLI version of PHP -opcache.enable_cli=0 +opcache.enable_cli=1 Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion correctly points out that OPCache is disabled by default, which contradicts the likely user expectation for a performance feature. Enabling it provides a better out-of-the-box experience.	Low
More

---

Previous suggestions

Suggestions up to commit a9e67aa

Category	Suggestion	Impact
Possible issue	Fix OPCache module loading Replace the hardcoded, platform-specific path for the OPCache Zend extension with the portable zend_extension = opcache directive to ensure it loads correctly across different operating systems. bin/php8.4.18/php.ini [1725-1731] ; OPCache -zend_extension = "~BEARSAMPP_LIN_PATH~/bin/php/php8.4.18/ext/php_opcache.dll" +zend_extension = opcache [opcache] ; Determines if Zend OPCache is enabled opcache.enable=0 Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies a platform inconsistency where a Windows DLL is used with a Linux-style path, and proposes a more portable and correct solution that will work if opcache is enabled.	Medium
	Fix broken extension download URL Correct the memcache extension download URL in bin/php8.4.18/exts.properties by removing the extraneous .1 before .zip to prevent a download failure. bin/php8.4.18/exts.properties [2] -memcache=https://github.com/Bearsampp/modules-untouched/releases/download/php-2026.3.4/php_memcache-8.2-8.4-ts-vs17-x64.1.zip +memcache=https://github.com/Bearsampp/modules-untouched/releases/download/php-2026.3.4/php_memcache-8.2-8.4-ts-vs17-x64.zip Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies a typo in a download URL that would likely cause a runtime failure when fetching dependencies, which is a significant functional bug.	Medium
Security	Harden session cookie defaults Harden session security by explicitly setting session.cookie_httponly = 1 and session.cookie_samesite = Lax to mitigate risks of session theft via XSS and CSRF. bin/php8.4.18/php.ini [1382-1390] ; Whether or not to add the httpOnly flag to the cookie, which makes it ; inaccessible to browser scripting languages such as JavaScript. ; http://php.net/session.cookie-httponly -session.cookie_httponly = +session.cookie_httponly = 1 ; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) ; Current valid values are "Lax" or "Strict" ; https://tools.ietf.org/html/draft-west-first-party-cookies-07 -session.cookie_samesite = +session.cookie_samesite = Lax Suggestion importance[1-10]: 8 __ Why: The suggestion correctly points out a significant security risk from insecure default session cookie settings and proposes changes that harden the configuration against XSS and CSRF attacks.	Medium
	Harden default session cookies Harden default session cookies in bin/php8.5.3/php.ini by setting session.cookie_httponly to 1 and session.cookie_samesite to Lax to mitigate XSS and CSRF risks. bin/php8.5.3/php.ini [1383-1388] -session.cookie_httponly = +session.cookie_httponly = 1 ; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) ; Current valid values are "Lax" or "Strict" ; https://tools.ietf.org/html/draft-west-first-party-cookies-07 -session.cookie_samesite = +session.cookie_samesite = Lax Suggestion importance[1-10]: 6 __ Why: The suggestion improves security by setting secure defaults for session cookies, which is a valuable hardening measure even in a development configuration file.	Low
	Reduce server fingerprinting Disable PHP version exposure by setting expose_php to Off in bin/php8.5.3/php.ini to reduce the server's fingerprinting surface. bin/php8.5.3/php.ini [392] -expose_php = On +expose_php = Off Suggestion importance[1-10]: 5 __ Why: The suggestion is a valid security hardening best practice, but the php.ini file is explicitly for development, where exposing PHP version information is less critical.	Low