Table of Contents
PHP Configuration for DokuWiki
DokuWiki will run out of the box on nearly every PHP installation and the installer will check that the minimum of needed PHP functionality is available.
This page gives hints on how to tune PHP settings to influence the functionality, performance, security and portability of DokuWiki.
Please consult the online PHP manual for more details.
The basic means of configuring PHP is via a configuration file (
For the server module versions of PHP, this file is loaded only once when the web server is started. For the CGI and CLI version, it happens on every invocation.
This file contains a list of directives that control the way that PHP functions. You can see the online php.ini directives page for a detailed reference of those directives.
While in most cases, DokuWiki will operate “out-of-the-box” with typical distribution PHP settings, a number of configuration options has particular importance to DokuWiki.
On the other hand, always be warned that what may be a good or even suggested value for DokuWiki might in some cases break other PHP applications you also host. This is especially true when enabling directives that enhance PHP security while having other PHP applications that rely on insecure features of PHP like register_globals etc.
<? tag. Otherwise, only
<script> tags are recognized.
DokuWiki will run with
short_open_tag set to off.
- Suggested: short_open_tag = Off
Safe Mode attempts to solve the shared-server security problem by restricting/disabling certain PHP functions.
DokuWiki will run even with
safe_mode set to on.
However, depending on your hosters configuration you may need to use the safemodehack option.
If in doubt, or when troubleshooting, start with
safe_mode = Off.
Output buffering allows you to send header lines (including cookies) even after you send body content. DokuWiki will run with either setting.
- Suggested: output_buffering = Off
Redirect all the output of all scripts to a function. Setting
output_handler automatically turns on
This setting can be used to automatically gzip all content before sending it to the client's browser. This can create problems with images and downloads. Turn on DokuWiki's gzip_output feature instead.
- Suggested: output_handler =
Provides transparent output compression using the zlib library. In general setting
zlib.output_compression = On works quite well with DokuWiki.
However, DokuWiki supports output compression via the gzip_output option.
- Suggested: zlib.output_compression = Off
Tells PHP to tell the output layer to flush itself automatically after every output block. Turning this option on has serious performance implications and is generally recommended for debugging purposes only. DokuWiki takes care of flushing the buffer when needed.
- Suggested: implicit_flush = Off
Whether to warn when arguments are passed by reference at function call time, as this method is deprecated. Arguments that should be passed by reference should be indicated in the function declaration, not at function call time.
- Suggested: allow_call_time_pass_reference = Off
Maximum execution time of each script, in seconds.
- Suggested: max_execution_time = 30
Maximum amount of time each script may spend parsing request data.
- Suggested: max_input_time = 60
Under certain conditions (e.g.- working with large tables with the edittable plugin) the default value of 1000 is quickly met.
- Suggested: max_input_vars = 10000
Maximum amount of memory a script may consume.
- Suggested: memory_limit = 32M
Which errors to report.
- Suggested: error_reporting = E_ALL & ~E_NOTICE
Print out errors (as a part of the output). For production web sites, you're strongly encouraged to turn this feature off, and use error logging instead.
- Suggested: display_errors = Off
Print out errors that occur during PHP's startup sequence (
display_errors has no control over these).
It's strongly recommended to keep display_startup_errors off, except for when debugging.
- Suggested: display_startup_errors = Off
Log errors into a log file. Also set
- Suggested: log_errors = On
The order in which PHP registers GET, POST, Cookie, Environment and Built-in variables (G, P, C, E & S respectively).
- Suggested: variables_order = “EGPCS”
Whether to declare the
argc variables (that would contain the GET information).
- Suggested: register_argc_argv = Off
Magic Quotes is a process that automagically escapes incoming data to the PHP script. It's preferred to code with magic quotes off and to instead escape the data at runtime, as needed.
DokuWiki will detect the used settings and will handle the given values as needed. However disabling these options is recommended.
Affects HTTP Request data (GET, POST, and Cookie).
- Suggested: magic_quotes_gpc = Off
If enabled, most functions that return data from an external source, including databases and text files (SQL, from
exec(), etc), will have quotes escaped with a backslash.
- Suggested: magic_quotes_runtime = Off
Use Sybase-style magic quotes (a single-quote is escaped with a single-quote instead of a backslash).
- Suggested: magic_quotes_sybase = Off
Whether to allow HTTP file uploads.
- Suggested: file_uploads = On
Maximum allowed size for uploaded files. It should match what you expect the maximum size of uploaded mediafiles to be.
- Suggested: session.use_cookies = 1
Defines which cache control HTTP headers are sent to the client. These headers determine the rules by which the page content may be cached by the client and intermediate proxies. Acceptable values are
nocache (the default),
public.Setting the cache limiter to
nocache disallows any client/proxy caching. A value of
public permits caching by proxies and the client, whereas
private disallows caching by proxies and permits the client to cache the contents. In private mode, the Expire header sent to the client may cause confusion for some browsers, including Mozilla. You can avoid this problem by using
private_no_expire mode. The expire header is never sent to the client in this mode.
In case of caching problems (i.e. you edit a page but the changes do not appear when viewing that page) you can try setting: session.cache_limiter = nocache
SSL must be activated for update and install functionalities.
register_globals (PHP <= 5.3.0 - deleted since PHP 5.4.0)
Controls if any passed CGI parameters will be registered as global variable automatically instead of being available through $_GET, $_POST or $_REQUEST only. Enabling this often leads to security problems.
DokuWiki will run with
register_globals set to off.
- Suggested: register_globals = Off