Added PHP 8.3.27 and 8.4.14 configurations with dependencies and exte…

[N6REJ]

User description

Added PHP 8.3.27 and 8.4.14 configurations with dependencies and extension support
first release without .ber for php.ini

---

PR Type

Enhancement

---

Description

• Added PHP 8.3.27 and 8.4.14 complete configurations with comprehensive settings and extension support

• Created php.ini files for both versions with 1925-1959 lines of configuration including memory limits (512M), execution timeouts (60s), and file upload sizes (32M)

• Enabled essential PHP extensions: curl, fileinfo, gd, gettext, intl, mbstring, mysqli, openssl, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, sodium

• Configured optional extensions (imagick, memcache, xdebug) with download URLs in exts.properties files

• Added bearsampp.conf files specifying executable names, configuration files, and Apache modules for both PHP versions

• Created deps.properties files with ImageMagick 7.1.2-8 as a required dependency for both versions

• Added pear.properties files with PEAR installer configuration for both versions

• Updated bundle release version from 2025.9.24 to 2025.10.31 in build.properties

• Added release entries for PHP 8.3.27 and 8.4.14 in releases.properties

• Created dependency directory documentation with README.txt files explaining PECL dependency injection

• First release without .ber format for php.ini files

---

Diagram Walkthrough

flowchart LR
  A["PHP 8.3.27 & 8.4.14<br/>Release"] --> B["php.ini<br/>Configuration"]
  A --> C["Extensions<br/>exts.properties"]
  A --> D["Dependencies<br/>deps.properties"]
  A --> E["PEAR<br/>pear.properties"]
  A --> F["Bearsampp<br/>bearsampp.conf"]
  B --> G["Development<br/>Environment"]
  C --> G
  D --> G
  E --> G
  F --> G
  H["build.properties"] --> I["Version Update<br/>2025.10.31"]
  J["releases.properties"] --> I

Loading

File Walkthrough

	Relevant files
Configuration changes	12 files php.ini PHP 8.3.27 configuration file with extensions and settings bin/php8.3.27/php.ini Added comprehensive PHP 8.3.27 configuration file with 1959 lines of settings Configured core PHP directives including memory limits (512M), execution timeouts (60s), and file upload sizes (32M) Enabled essential extensions: curl, fileinfo, gd, gettext, intl, imap, mbstring, mysqli, openssl, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, sodium Set up development environment defaults with error reporting enabled, display_errors on, and xdebug debugging support +1959/-0 releases.properties Added PHP 8.3.27 and 8.4.14 release URLs                                  releases.properties Added PHP 8.3.27 release entry with download URL from GitHub releases (2025.10.31) Added PHP 8.4.14 release entry with download URL from GitHub releases (2025.10.31) +2/-0      exts.properties PHP 8.3.27 extensions configuration and download URLs        bin/php8.3.27/exts.properties Created new file with three PHP extensions for version 8.3.27 Configured imagick, memcache, and xdebug extensions with their respective download URLs +3/-0      exts.properties PHP 8.4.14 extensions configuration and download URLs        bin/php8.4.14/exts.properties Created new file with three PHP extensions for version 8.4.14 Configured imagick, memcache, and xdebug extensions with their respective download URLs +3/-0      bearsampp.conf PHP 8.3.27 Bearsampp bundle configuration                                bin/php8.3.27/bearsampp.conf Created configuration file specifying PHP 8.3.27 version details Defined executable names (php.exe, php-win.exe), configuration file (php.ini), and Apache module (php8apache2_4.dll) +9/-0      bearsampp.conf PHP 8.4.14 Bearsampp bundle configuration                                bin/php8.4.14/bearsampp.conf Created configuration file specifying PHP 8.4.14 version details Defined executable names (php.exe, php-win.exe), configuration file (php.ini), and Apache module (php8apache2_4.dll) +9/-0      deps.properties PHP 8.3.27 dependencies configuration                                        bin/php8.3.27/deps.properties Created dependencies configuration file for PHP 8.3.27 Specified ImageMagick 7.1.2-8 portable version as a required dependency +1/-0      deps.properties PHP 8.4.14 dependencies configuration                                        bin/php8.4.14/deps.properties Created dependencies configuration file for PHP 8.4.14 Specified ImageMagick 7.1.2-8 portable version as a required dependency +1/-0      build.properties Updated bundle release version to 2025.10.31                          build.properties Updated bundle release version from 2025.9.24 to 2025.10.31 Removed blank line for formatting consistency +1/-2      pear.properties PHP 8.3.27 PEAR installer configuration                                    bin/php8.3.27/pear.properties Created PEAR configuration file for PHP 8.3.27 Specified download URL for install-pear-nozlib.phar from GitHub releases +1/-0      pear.properties PHP 8.4.14 PEAR installer configuration                                    bin/php8.4.14/pear.properties Created PEAR configuration file for PHP 8.4.14 Specified download URL for install-pear-nozlib.phar from GitHub releases +1/-0      php.ini PHP 8.4.14 development configuration with extensions and debugging bin/php8.4.14/php.ini Added comprehensive PHP 8.4.14 configuration file with 1925 lines of settings Configured core PHP directives including memory_limit = 512M, max_execution_time = 60, and post_max_size = 32M Enabled essential extensions: curl, fileinfo, gd, gettext, intl, mbstring, mysqli, openssl, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, sodium Configured development environment settings with error reporting enabled (display_errors = On, log_errors = On) and xdebug extension for debugging Set up session handling, file upload parameters, and PEAR include path with ~BEARSAMPP_LIN_PATH~ placeholder for dynamic path substitution +1925/-0
Documentation	2 files README.txt PHP 8.3.27 dependencies directory documentation                    bin/php8.3.27/deps/README.txt Created README file documenting the purpose of the deps directory Explains that PECL dependencies should be placed here and will be injected into PATH +2/-0      README.txt PHP 8.4.14 dependencies directory documentation                    bin/php8.4.14/deps/README.txt Created README file documenting the purpose of the deps directory Explains that PECL dependencies should be placed here and will be injected into PATH +2/-0

---

[qodo-code-review]

PR Compliance Guide 🔍

(Compliance updated until commit eddbfcc)

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Verbose error display Description: Error display is enabled via display_errors = On and display_startup_errors = On, which can disclose sensitive information in production environments. php.ini [500-510] Referred Code display_errors = On ; The display of errors which occur during PHP's startup sequence are handled ; separately from display_errors. We strongly recommend you set this to 'off' ; for production servers to avoid leaking configuration details. ; Default Value: On ; Development Value: On ; Production Value: Off ; http://php.net/display-startup-errors display_startup_errors = On
	Information disclosure Description: expose_php = On reveals PHP presence/version in headers, aiding fingerprinting of the stack in production. php.ini [396-399] Referred Code ; http://php.net/expose-php expose_php = On ;;;;;;;;;;;;;;;;;;;
	Excessive attack surface Description: Loads many extensions by default which increases attack surface; ensure only needed extensions are enabled in production. php.ini [918-958] Referred Code ; ; Notes for Windows environments : ; ; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+) ; extension folders as well as the separate PECL DLL download (PHP 5+). ; Be sure to appropriately set the extension_dir directive. ; ;extension=bz2 extension=curl ;extension=ffi ;extension=ftp extension=fileinfo extension=gd extension=gettext ;extension=gmp extension=intl extension=imap ;extension=ldap extension=mbstring ;extension=exif extension=mysqli ... (clipped 20 lines)
	Performance-related risk Description: OPCache is explicitly disabled (opcache.enable=0 and opcache.enable_cli=0), which may lead to performance issues and encourage misconfigurations to re-enable it insecurely; review intended production defaults. php.ini [1761-1769] Referred Code zend_extension = "~BEARSAMPP_LIN_PATH~/bin/php/php8.3.27/ext/php_opcache.dll" [opcache] ; Determines if Zend OPCache is enabled opcache.enable=0 ; Determines if Zend OPCache is enabled for the CLI version of PHP opcache.enable_cli=0
	Session entropy Description: session.sid_bits_per_character = 5 and session.sid_length = 26 are acceptable but shorter than defaults; consider stronger settings to reduce session ID predictability risk. php.ini [1511-1514] Referred Code ; http://php.net/session.hash-bits-per-character session.sid_bits_per_character = 5 ; Enable upload progress tracking in $_SESSION
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed
🔴	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Verbose errors: User-facing error display is enabled (display_errors=On and display_startup_errors=On), which risks exposing internal details contrary to secure error handling guidance. Referred Code display_errors = On ; The display of errors which occur during PHP's startup sequence are handled ; separately from display_errors. We strongly recommend you set this to 'off' ; for production servers to avoid leaking configuration details. ; Default Value: On ; Development Value: On ; Production Value: Off ; http://php.net/display-startup-errors display_startup_errors = On
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Error visibility: The configuration enables verbose error display (display_errors=On and display_startup_errors=On) which is suitable for development but does not implement or reference an audit logging mechanism for critical actions, and may not be appropriate for production. Referred Code display_errors = On ; The display of errors which occur during PHP's startup sequence are handled ; separately from display_errors. We strongly recommend you set this to 'off' ; for production servers to avoid leaking configuration details. ; Default Value: On ; Development Value: On ; Production Value: Off ; http://php.net/display-startup-errors display_startup_errors = On
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Startup errors on: The php.ini sets display_errors=On and display_startup_errors=On, which is development-oriented; without context of deployment environment this may indicate insufficiently robust production error handling practices. Referred Code display_errors = On ; The display of errors which occur during PHP's startup sequence are handled ; separately from display_errors. We strongly recommend you set this to 'off' ; for production servers to avoid leaking configuration details. ; Default Value: On ; Development Value: On ; Production Value: Off ; http://php.net/display-startup-errors display_startup_errors = On
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Log destination: Logging is enabled (log_errors=On) but the explicit secure log destination is commented out, leaving ambiguity about log handling and potential exposure. Referred Code log_errors = On ; Set maximum length of log_errors. In error_log information about the source is ; added. The default is 1024 and 0 allows to not apply any maximum length at all. ; http://php.net/log-errors-max-len log_errors_max_len = 1024 ; Do not log repeated messages. Repeated errors must occur in same file on same ; line unless ignore_repeated_source is set true. ; http://php.net/ignore-repeated-errors ignore_repeated_errors = Off ; Ignore source of message when ignoring repeated messages. When this setting ; is On you will not log errors with repeated messages from different files or ; source lines. ; http://php.net/ignore-repeated-source ignore_repeated_source = Off ; If this parameter is set to Off, then memory leaks will not be shown (on ; stdout or in the log). This is only effective in a debug compile, and if ; error reporting includes E_WARNING in the allowed list ... (clipped 57 lines)
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: URL fopen enabled: The configuration enables allow_url_fopen=On which can increase risk if not paired with strict input validation and stream handling, though actual application code is not shown. Referred Code ; http://php.net/allow-url-fopen allow_url_fopen = On ; Whether to allow include/require to open URLs (like http:// or ftp://) as files. ; http://php.net/allow-url-include allow_url_include = Off ; Define the anonymous ftp password (your email address). PHP's default setting

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

---

Previous compliance checks

Compliance check up to commit 2bec34a

Security Compliance
🔴	Mismatched binary paths Description: include_path and extension_dir reference previous version directories (php8.3.26) which may cause loading mismatched binaries, potentially leading to unstable or unsafe behavior. php.ini [748-774] Referred Code ;***** Added by go-pear include_path=".;~BEARSAMPP_LIN_PATH~/bin/php/php8.3.26/pear/pear" ;***** ; ; PHP's default setting for include_path is ".;/path/to/php/pear" ; http://php.net/include-path ; The root of the PHP pages, used only if nonempty. ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root ; if you are running php as a CGI under any web server (other than IIS) ; see documentation for security issues. The alternate is to use the ; cgi.force_redirect configuration below ; http://php.net/doc-root doc_root = ; The directory under which PHP opens the script using /~username used only ; if nonempty. ; http://php.net/user-dir user_dir = ; Directory in which the loadable extensions (modules) reside. ... (clipped 6 lines)
⚪	Information disclosure Description: PHP exposure header is enabled via expose_php = On, which unnecessarily reveals PHP version information to clients and can aid attackers in fingerprinting. php.ini [395-399] Referred Code ; on your server or not. ; http://php.net/expose-php expose_php = On ;;;;;;;;;;;;;;;;;;;
	Verbose error display Description: Error display is enabled in development config (display_errors = On and display_startup_errors = On), which can leak sensitive data if used in production. php.ini [500-510] Referred Code display_errors = On ; The display of errors which occur during PHP's startup sequence are handled ; separately from display_errors. We strongly recommend you set this to 'off' ; for production servers to avoid leaking configuration details. ; Default Value: On ; Development Value: On ; Production Value: Off ; http://php.net/display-startup-errors display_startup_errors = On
	Insecure configuration placeholder Description: Placeholder @PHP_EXTENSIONS@ remains in extensions section, which may lead to unintended dynamic loading behavior or misconfiguration if not sanitized. php.ini [956-958] Referred Code ;extension=xsl @PHP_EXTENSIONS@
	Disabled opcode cache Description: OPCache is explicitly disabled (opcache.enable=0 and opcache.enable_cli=0), which can increase attack surface via repeated parsing and reduce performance; verify this is intended for production. php.ini [1761-1769] Referred Code zend_extension = "~BEARSAMPP_LIN_PATH~/bin/php/php8.3.26/ext/php_opcache.dll" [opcache] ; Determines if Zend OPCache is enabled opcache.enable=0 ; Determines if Zend OPCache is enabled for the CLI version of PHP opcache.enable_cli=0
	Untrusted binaries Description: Xdebug artifacts are alpha versions and memcache DLLs are downloaded from external URLs; using pre-release debugging extensions in production can introduce instability and potential vulnerabilities. exts.properties [1-3] Referred Code imagick = https://github.com/Bearsampp/modules-untouched/releases/download/php-2025.9.24/php_imagick-3.7.0-8.3-ts-vs16-x64.zip memcache = https://github.com/Bearsampp/modules-untouched/releases/download/php-2025.9.24/php-8.3.x_memcache.dll xdebug = https://github.com/Bearsampp/modules-untouched/releases/download/php-2025.10.31/php_xdebug-3.5.0alpha2-8.3-ts-vs16-x86_64.dll
	Debug extension enabled Description: Xdebug is enabled by default (zend_extension = "xdebug" and xdebug.mode = debug), which can leak debug information and significantly impact performance and security in production environments. php.ini [1951-1959] Referred Code zend_extension = "xdebug" xdebug.mode = debug xdebug.start_with_request = trigger xdebug.output_name = cachegrind.out.%t.%p xdebug.output_dir = "~BEARSAMPP_LIN_PATH~/tmp/cachegrind" xdebug.var_display_max_children = "1024" xdebug.var_display_max_depth = "8192" xdebug.var_display_max_data = "32768" xdebug.max_nesting_level = "250"
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed
🔴	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Verbose errors: User-facing error display is enabled via display_errors = On and display_startup_errors = On, which can expose internal details and violates secure error handling guidance. Referred Code display_errors = On ; The display of errors which occur during PHP's startup sequence are handled ; separately from display_errors. We strongly recommend you set this to 'off' ; for production servers to avoid leaking configuration details. ; Default Value: On ; Development Value: On ; Production Value: Off ; http://php.net/display-startup-errors display_startup_errors = On
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Audit logging: The PR adds configuration files without implementing application-level logging of critical actions, so it is unclear whether audit trails for sensitive operations are produced elsewhere. Referred Code [PHP] ;;;;;;;;;;;;;;;;;;; ; About php.ini ; ;;;;;;;;;;;;;;;;;;; ; PHP's initialization file, generally called php.ini, is responsible for ; configuring many of the aspects of PHP's behavior. ; PHP attempts to find and load this configuration from a number of locations. ; The following is a summary of its search order: ; 1. SAPI module specific location. ; 2. The PHPRC environment variable. (As of PHP 5.2.0) ; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) ; 4. Current working directory (except CLI) ; 5. The web server's directory (for SAPI modules), or directory of PHP ; (otherwise in Windows) ; 6. The directory from the --with-config-file-path compile time option, or the ; Windows directory (usually C:\windows) ; See the PHP docs for more specific information. ; http://php.net/configuration.file ... (clipped 1938 lines)
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Error handling: The PR primarily introduces configuration; it does not show application error handling or edge case management, leaving compliance indeterminate from the diff. Referred Code [PHP] ;;;;;;;;;;;;;;;;;;; ; About php.ini ; ;;;;;;;;;;;;;;;;;;; ; PHP's initialization file, generally called php.ini, is responsible for ; configuring many of the aspects of PHP's behavior. ; PHP attempts to find and load this configuration from a number of locations. ; The following is a summary of its search order: ; 1. SAPI module specific location. ; 2. The PHPRC environment variable. (As of PHP 5.2.0) ; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) ; 4. Current working directory (except CLI) ; 5. The web server's directory (for SAPI modules), or directory of PHP ; (otherwise in Windows) ; 6. The directory from the --with-config-file-path compile time option, or the ; Windows directory (usually C:\windows) ; See the PHP docs for more specific information. ; http://php.net/configuration.file ... (clipped 1938 lines)
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Log config unset: Logging is enabled (log_errors = On) but no structured logging or redaction settings are evident and error_log is commented, so secure logging practices cannot be confirmed from the config alone. Referred Code log_errors = On ; Set maximum length of log_errors. In error_log information about the source is ; added. The default is 1024 and 0 allows to not apply any maximum length at all. ; http://php.net/log-errors-max-len log_errors_max_len = 1024 ; Do not log repeated messages. Repeated errors must occur in same file on same ; line unless ignore_repeated_source is set true. ; http://php.net/ignore-repeated-errors ignore_repeated_errors = Off ; Ignore source of message when ignoring repeated messages. When this setting ; is On you will not log errors with repeated messages from different files or ; source lines. ; http://php.net/ignore-repeated-source ignore_repeated_source = Off ; If this parameter is set to Off, then memory leaks will not be shown (on ; stdout or in the log). This is only effective in a debug compile, and if ; error reporting includes E_WARNING in the allowed list ... (clipped 57 lines)
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Input validation: The PR adds PHP configurations (e.g., enabling URL fopen, upload limits) but does not include application code showing validation/sanitization or parameterized queries, so compliance cannot be determined from the diff. Referred Code ; Whether to allow HTTP file uploads. ; http://php.net/file-uploads file_uploads = On ; Temporary directory for HTTP uploaded files (will use system default if not ; specified). ; http://php.net/upload-tmp-dir upload_tmp_dir = "~BEARSAMPP_LIN_PATH~/tmp" ; Maximum allowed size for uploaded files. ; http://php.net/upload-max-filesize upload_max_filesize = 32M ; Maximum number of files that can be uploaded via a single request max_file_uploads = 20 ;;;;;;;;;;;;;;;;;; ; Fopen wrappers ; ;;;;;;;;;;;;;;;;;; ... (clipped 93 lines)

[github-actions]

✅ All PHP extension tests passed

• win10-amd:
• win10-intel:
• win11-amd:
• win11-intel:

[qodo-code-review]

PR Code Suggestions ✨

Latest suggestions up to eddbfcc

Category	Suggestion	Impact
Possible issue	Fix OPcache module filename Change the OPcache extension from .dll to .so to match the likely Linux target environment indicated by the path placeholder. bin/php8.3.27/php.ini [1759-1768] ; OPCache -zend_extension = "~BEARSAMPP_LIN_PATH~/bin/php/php8.3.27/ext/php_opcache.dll" +; Use platform-appropriate extension filename. For Linux/Unix use .so; for Windows use .dll. +; Example for Linux: +zend_extension = "~BEARSAMPP_LIN_PATH~/bin/php/php8.3.27/ext/php_opcache.so" [opcache] ; Determines if Zend OPCache is enabled opcache.enable=0 ; Determines if Zend OPCache is enabled for the CLI version of PHP opcache.enable_cli=0 Apply / Chat Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies a platform mismatch between the file extension (.dll for Windows) and the path placeholder (~BEARSAMPP_LIN_PATH~ for Linux), which would cause the OPcache extension to fail to load.	Medium
	Set CA bundle for TLS Set the openssl.cafile directive to point to a bundled CA certificate file to ensure TLS verification works reliably in portable environments. bin/php8.3.27/php.ini [1922-1938] [openssl] -; The location of a Certificate Authority (CA) file on the local filesystem -; to use when verifying the identity of SSL/TLS peers. Most users should -; not specify a value for this directive as PHP will attempt to use the -; OS-managed cert stores in its absence. If specified, this value may still -; be overridden on a per-stream basis via the "cafile" SSL stream context -; option. -;openssl.cafile= +; Use a bundled CA file to ensure SSL/TLS peer verification works in portable environments. +openssl.cafile="~BEARSAMPP_LIN_PATH~/certs/cacert.pem" +; Alternatively (or additionally), set a hashed CA directory if available. +;openssl.capath="~BEARSAMPP_LIN_PATH~/certs/ca" -; If openssl.cafile is not specified or if the CA file is not found, the -; directory pointed to by openssl.capath is searched for a suitable -; certificate. This value must be a correctly hashed certificate directory. -; Most users should not specify a value for this directive as PHP will -; attempt to use the OS-managed cert stores in its absence. If specified, -; this value may still be overridden on a per-stream basis via the "capath" -; SSL stream context option. -;openssl.capath= - Apply / Chat Suggestion importance[1-10]: 7 __ Why: The suggestion correctly points out a potential for TLS verification failures in portable environments by not setting openssl.cafile, which improves the robustness and security of the configuration.	Medium
Security	Disable error display output Disable display_errors and display_startup_errors to prevent sensitive information disclosure through error messages. bin/php8.4.14/php.ini [495-504] -display_errors = On -display_startup_errors = On +display_errors = Off +display_startup_errors = Off Apply / Chat Suggestion importance[1-10]: 7 __ Why: This is a valid security suggestion to prevent sensitive information leakage, which is crucial even in development environments that might be inadvertently exposed.	Medium
	Hide PHP version exposure Disable expose_php to prevent leaking the PHP version in HTTP headers for improved security. bin/php8.4.14/php.ini [392] -expose_php = On +expose_php = Off Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion provides a valid security hardening recommendation by disabling expose_php, which helps to reduce the server's attack surface by not revealing the PHP version.	Low
General	Normalize boolean directive value Change the value of output_buffering from off to the canonical Off for better consistency with PHP INI standards. bin/php8.3.27/php.ini [225] -output_buffering = off +output_buffering = Off Apply / Chat Suggestion importance[1-10]: 3 __ Why: The suggestion is correct that Off is the canonical value for boolean directives in php.ini, and using it improves consistency, though off is also a valid value and works correctly.	Low
More

---

Previous suggestions

✅ Suggestions up to commit 2bec34a

Category	Suggestion	Impact
Possible issue	✅ Correct version in extension directory Suggestion Impact: The commit updated extension_dir from php8.4.13 to php8.4.14 as suggested, and also adjusted related include_path and zend_extension paths. code diff: @@ -765,7 +765,7 @@ ;extension_dir = "./" ; On windows: ;extension_dir = "ext" -extension_dir = "~BEARSAMPP_LIN_PATH~/bin/php/php8.4.13/ext" +extension_dir = "~BEARSAMPP_LIN_PATH~/bin/php/php8.4.14/ext" Update the extension_dir in bin/php8.4.14/php.ini to point to the correct PHP version directory, php8.4.14, instead of php8.4.13. bin/php8.4.14/php.ini [768] -extension_dir = "~BEARSAMPP_LIN_PATH~/bin/php/php8.4.13/ext" +extension_dir = "~BEARSAMPP_LIN_PATH~/bin/php/php8.4.14/ext" Suggestion importance[1-10]: 10 __ Why: This is a critical configuration bug that prevents PHP from loading any extensions, breaking core functionality for the php8.4.14 installation.	High
	✅ Correct version in Zend extension Suggestion Impact: The commit updated the zend_extension path to point to php8.4.14 instead of php8.4.13, matching the suggestion. code diff: @@ -1724,7 +1724,7 @@ ; OPCache -zend_extension = "~BEARSAMPP_LIN_PATH~/bin/php/php8.4.13/ext/php_opcache.dll" +zend_extension = "~BEARSAMPP_LIN_PATH~/bin/php/php8.4.14/ext/php_opcache.dll" Update the zend_extension path for OPcache in bin/php8.4.14/php.ini to point to the correct PHP version directory, php8.4.14, instead of php8.4.13. bin/php8.4.14/php.ini [1727] -zend_extension = "~BEARSAMPP_LIN_PATH~/bin/php/php8.4.13/ext/php_opcache.dll" +zend_extension = "~BEARSAMPP_LIN_PATH~/bin/php/php8.4.14/ext/php_opcache.dll" Suggestion importance[1-10]: 10 __ Why: This is a critical configuration error that will prevent the OPcache extension from loading, as it points to an incompatible version and breaks a key performance feature.	High
	✅ Correct version in include path Suggestion Impact: The include_path was updated from php8.4.13 to php8.4.14 as suggested; additional related paths (extension_dir and zend_extension) were also updated. code diff: -include_path=".;~BEARSAMPP_LIN_PATH~/bin/php/php8.4.13/pear/pear" +include_path=".;~BEARSAMPP_LIN_PATH~/bin/php/php8.4.14/pear/pear" Update the include_path in bin/php8.4.14/php.ini to point to the correct PHP version directory, php8.4.14, instead of php8.4.13. bin/php8.4.14/php.ini [744] -include_path=".;~BEARSAMPP_LIN_PATH~/bin/php/php8.4.13/pear/pear" +include_path=".;~BEARSAMPP_LIN_PATH~/bin/php/php8.4.14/pear/pear" Suggestion importance[1-10]: 9 __ Why: This is a critical configuration error that points to the wrong PHP version's PEAR directory, which will break PEAR functionality for this PHP instance.	High
	✅ Correct PHP version in include path Suggestion Impact: The commit updated the include_path from php8.3.26 to php8.3.27 exactly as suggested, and also updated related paths (extension_dir and zend_extension) to 8.3.27. code diff: -include_path=".;~BEARSAMPP_LIN_PATH~/bin/php/php8.3.26/pear/pear" +include_path=".;~BEARSAMPP_LIN_PATH~/bin/php/php8.3.27/pear/pear" Update the include_path to point to the correct PHP version directory for this configuration file. bin/php8.3.27/php.ini [749] -include_path=".;~BEARSAMPP_LIN_PATH~/bin/php/php8.3.26/pear/pear" +include_path=".;~BEARSAMPP_LIN_PATH~/bin/php/php8.3.27/pear/pear" Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies a path misconfiguration for include_path which points to an older PHP version, likely causing runtime errors when loading PEAR packages.	Medium
	✅ Correct PHP version in extension directory Suggestion Impact: The commit updated extension_dir from php8.3.26 to php8.3.27 as suggested, and also adjusted related include_path and zend_extension paths. code diff: @@ -770,7 +770,7 @@ ;extension_dir = "./" ; On windows: ;extension_dir = "ext" -extension_dir = "~BEARSAMPP_LIN_PATH~/bin/php/php8.3.26/ext" +extension_dir = "~BEARSAMPP_LIN_PATH~/bin/php/php8.3.27/ext" Update the extension_dir path to point to the correct PHP version directory for this configuration file. bin/php8.3.27/php.ini [773] -extension_dir = "~BEARSAMPP_LIN_PATH~/bin/php/php8.3.26/ext" +extension_dir = "~BEARSAMPP_LIN_PATH~/bin/php/php8.3.27/ext" Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies a path misconfiguration for extension_dir which points to an older PHP version, which would prevent PHP extensions from being loaded.	Medium
	✅ Correct PHP version in Zend extension path Suggestion Impact: The commit updated the OPCache zend_extension path from php8.3.26 to php8.3.27 as suggested (and also updated related include_path and extension_dir). code diff: ; OPCache -zend_extension = "~BEARSAMPP_LIN_PATH~/bin/php/php8.3.26/ext/php_opcache.dll" +zend_extension = "~BEARSAMPP_LIN_PATH~/bin/php/php8.3.27/ext/php_opcache.dll" Update the zend_extension path for OPCache to point to the correct PHP version directory. bin/php8.3.27/php.ini [1761] -zend_extension = "~BEARSAMPP_LIN_PATH~/bin/php/php8.3.26/ext/php_opcache.dll" +zend_extension = "~BEARSAMPP_LIN_PATH~/bin/php/php8.3.27/ext/php_opcache.dll" Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies that the zend_extension path for OPCache points to an incorrect PHP version directory, which would prevent this critical performance extension from loading.	Medium
High-level	Use templates for configuration files The two new php.ini files are nearly identical and contain copy-paste errors in version paths. To fix this and improve maintainability, use a templating system to generate these configuration files from a single, shared template. Examples: bin/php8.3.27/php.ini [749-773] include_path=".;~BEARSAMPP_LIN_PATH~/bin/php/php8.3.26/pear/pear" ;***** ; ; PHP's default setting for include_path is ".;/path/to/php/pear" ; http://php.net/include-path ; The root of the PHP pages, used only if nonempty. ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root ; if you are running php as a CGI under any web server (other than IIS) ; see documentation for security issues. The alternate is to use the ... (clipped 15 lines) bin/php8.4.14/php.ini [744-768] include_path=".;~BEARSAMPP_LIN_PATH~/bin/php/php8.4.13/pear/pear" ;***** ; ; PHP's default setting for include_path is ".;/path/to/php/pear" ; http://php.net/include-path ; The root of the PHP pages, used only if nonempty. ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root ; if you are running php as a CGI under any web server (other than IIS) ; see documentation for security issues. The alternate is to use the ... (clipped 15 lines) Solution Walkthrough: Before: # File: bin/php8.3.27/php.ini ... # Incorrect version in path include_path=".;~BEARSAMPP_LIN_PATH~/bin/php/php8.3.26/pear/pear" ... # Incorrect version in path extension_dir = "~BEARSAMPP_LIN_PATH~/bin/php/php8.3.26/ext" ... # File: bin/php8.4.14/php.ini ... # Incorrect version in path include_path=".;~BEARSAMPP_LIN_PATH~/bin/php/php8.4.13/pear/pear" ... # Incorrect version in path extension_dir = "~BEARSAMPP_LIN_PATH~/bin/php/php8.4.13/ext" ... After: # File: templates/php.ini.tpl ... include_path=".;~BEARSAMPP_LIN_PATH~/bin/php/{{PHP_VERSION}}/pear/pear" ... extension_dir = "~BEARSAMPP_LIN_PATH~/bin/php/{{PHP_VERSION}}/ext" ... # Build script logic: # for each version in [8.3.27, 8.4.14, ...]: # template = read('templates/php.ini.tpl') # content = template.replace('{{PHP_VERSION}}', version) # write(f'bin/php{version}/php.ini', content) Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies critical copy-paste errors in the new php.ini files where paths point to incorrect PHP versions, and it proposes a valid architectural improvement to prevent such errors and reduce maintenance.	High

[qodo-code-review]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 No relevant tests

🔒 Security concerns Sensitive configuration exposure: The php.ini defaults enable displaying errors and startup errors, which can leak sensitive info in production. Additionally, expose_php=On reveals PHP presence/version. Consider setting display_errors=Off, display_startup_errors=Off, and expose_php=Off for production presets.

⚡ Recommended focus areas for review Security Defaults Error display is enabled (display_errors=On, display_startup_errors=On) and expose_php=On in a config that may be used beyond dev; confirm these are gated per environment or set to Off for production builds. display_errors = On ; The display of errors which occur during PHP's startup sequence are handled ; separately from display_errors. We strongly recommend you set this to 'off' ; for production servers to avoid leaking configuration details. ; Default Value: On ; Development Value: On ; Production Value: Off ; http://php.net/display-startup-errors display_startup_errors = On Placeholder Expansion Ensure placeholders like @PHP_EXTENSIONS@ and BEARSAMPP_LIN_PATH are reliably substituted at build/runtime; otherwise extensions and paths (ext, tmp, pear) may fail to resolve. @PHP_EXTENSIONS@ ;zend_extension=opcache Pre-release Xdebug Using xdebug 3.5.0alpha2 for PHP 8.3/8.4; validate stability and compatibility or pin to a stable build before production release. imagick = https://github.com/Bearsampp/modules-untouched/releases/download/php-2025.9.24/php_imagick-3.7.0-8.3-ts-vs16-x64.zip memcache = https://github.com/Bearsampp/modules-untouched/releases/download/php-2025.9.24/php-8.3.x_memcache.dll xdebug = https://github.com/Bearsampp/modules-untouched/releases/download/php-2025.10.31/php_xdebug-3.5.0alpha2-8.3-ts-vs16-x86_64.dll

[github-actions]

✅ All PHP extension tests passed

• win10-amd:
• win10-intel:
• win11-amd:
• win11-intel: