PHP Default

PDowney · web-flow · commit aa5e499b4e22 · 2026-02-17T14:59:46.000-05:00
Switched the default PHP version to 8.5. Added a version override for PHP 8.4 to ensure compatibility with older projects. 

New menu option added to allow users to easily switch between PHP versions.
diff --git a/.github/ci-config/enginescript-variables-ci.txt b/.github/ci-config/enginescript-variables-ci.txt
@@ -14,7 +14,7 @@ NGINX_PURGE_VER="2.5.5"
 NGINX_VER="1.29.5"
 OPENSSL_VER="3.5.5"
 PCRE2_VER="10.47"
-PHP_VER="8.4"
+PHP_VER="8.5"
 PHPMYADMIN_VER="5.2.3"
 PNGOUT_VER="20200115"
 ZLIB_VER="1.3.1.2"
diff --git a/config/etc/php/php.ini b/config/etc/php/php.ini
@@ -39,11 +39,6 @@
 ;   Development Value: 4096
 ;   Production Value: 4096
 
-; register_argc_argv
-;   Default Value: On
-;   Development Value: Off
-;   Production Value: Off
-
 ; request_order
 ;   Default Value: None
 ;   Development Value: "GP"
@@ -109,7 +104,6 @@ unserialize_callback_func =
 serialize_precision = -1
 ;open_basedir =
 disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
-disable_classes =
 ;highlight.string  = #DD0000
 ;highlight.comment = #FF9900
 ;highlight.keyword = #007700
@@ -154,7 +148,6 @@ log_errors = On
 log_errors_max_len = 1024
 ignore_repeated_errors = Off
 ignore_repeated_source = Off
-report_memleaks = On
 ;report_zend_debug = 0
 xmlrpc_errors = 0
 ;xmlrpc_error_number = 0
@@ -178,7 +171,6 @@ html_errors = Off
 ;arg_separator.input = ";&"
 variables_order = "GPCS"
 request_order = "GP"
-register_argc_argv = Off
 auto_globals_jit = On
 ;enable_post_data_reading = Off
 post_max_size = 128M
@@ -397,17 +389,17 @@ bcmath.scale = 0
 [Session]
 session.save_handler = files
 session.save_path = "/var/cache/php-sessions"
-session.use_strict_mode = 0
+session.use_strict_mode = 1
 session.use_cookies = 1
-;session.cookie_secure =
+session.cookie_secure = 1
 session.use_only_cookies = 1
 session.name = PHPSESSID
 session.auto_start = 0
 session.cookie_lifetime = 0
 session.cookie_path = /
 session.cookie_domain =
 session.cookie_httponly = 1
-session.cookie_samesite =
+session.cookie_samesite = Lax
 session.serialize_handler = php
 session.gc_probability = 1
 session.gc_divisor = 1000
@@ -416,10 +408,8 @@ session.referer_check =
 session.cache_limiter = nocache
 session.cache_expire = 180
 session.use_trans_sid = 0
-session.sid_length = 26
 session.trans_sid_tags = "a=href,area=href,frame=src,form="
 ;session.trans_sid_hosts=""
-session.sid_bits_per_character = 5
 ;session.upload_progress.enabled = On
 ;session.upload_progress.cleanup = On
 ;session.upload_progress.prefix = "upload_progress_"
@@ -545,3 +535,10 @@ opcache.validate_timestamps=1
 [ffi]
 ;ffi.enable=preload
 ;ffi.preload=
+
+; References:
+; WordPress does not use PHP native sessions. It uses authentication cookies and
+; database-backed session tokens (WP_Session_Tokens). However, some plugins and
+; admin tools (e.g., phpMyAdmin) may use PHP sessions, so these settings are
+; configured securely as defense-in-depth.
+; https://www.iflair.com/how-wordpress-handles-sessions-and-user-data-in-the-database/
diff --git a/config/home/enginescript-install-options.txt b/config/home/enginescript-install-options.txt
@@ -54,10 +54,12 @@ INSTALL_HTTP3=0
 # SOAP, SQLite3
 INSTALL_EXPANDED_PHP=0
 
-## Keep PHP 8.3 Installation ##
-# Set to 1 to keep PHP 8.3 alongside PHP 8.4 during upgrade
-# Set to 0 to remove PHP 8.3 after upgrading to PHP 8.4 (recommended)
-INSTALL_PHP83=0
+## PHP Version Override ##
+# Leave empty to use the default PHP version (currently 8.5)
+# Set to "8.4" or "8.3" to install an older version instead
+# This affects all PHP installation, configuration, and service management
+# You can also switch versions at any time via: es.menu > Update Software > Switch PHP Version
+PHP_VERSION_OVERRIDE=""
 
 ## Automatic Lossless Image Optimization ##
 # Automatically perform lossless compression on all images on each domain.
diff --git a/enginescript-variables.txt b/enginescript-variables.txt
@@ -14,7 +14,7 @@ NGINX_PURGE_VER="2.5.5"
 NGINX_VER="1.29.5"
 OPENSSL_VER="3.5.5"
 PCRE2_VER="10.47"
-PHP_VER="8.4"
+PHP_VER="8.5"
 PHPMYADMIN_VER="5.2.3"
 PNGOUT_VER="20200115"
 ZLIB_VER="1.3.1.2"
diff --git a/scripts/functions/alias/alias-debug.sh b/scripts/functions/alias/alias-debug.sh
@@ -320,7 +320,7 @@ debug_print "Redis: $(redis-server --version)" "Redis: \`$(redis-server --versio
 debug_print "\n## Service Status\n" "\n## Service Status\n"
 debug_print "| Service | Status |" "| Service | Status |"
 debug_print "|---------|---------|" "|---------|---------|"
-services=("nginx" "php8.3-fpm" "mariadb" "redis-server")
+services=("nginx" "php${PHP_VER}-fpm" "mariadb" "redis-server")
 for service in "${services[@]}"; do
     status=$(systemctl is-active "$service")
     if [[ "$status" == "active" ]]; then
diff --git a/scripts/functions/shared/enginescript-common.sh b/scripts/functions/shared/enginescript-common.sh
@@ -241,6 +241,36 @@ function clear_all_system_caches() {
 }
 
 
+# ----------------------------------------------------------------
+# Resolve PHP version from override or default
+# If PHP_VERSION_OVERRIDE is set in install options, use it instead of the default PHP_VER
+# Validates that the override is a supported version (8.3, 8.4, 8.5)
+function resolve_php_version() {
+    local supported_versions=("8.3" "8.4" "8.5")
+
+    if [[ -n "${PHP_VERSION_OVERRIDE}" ]]; then
+        local valid=false
+        for ver in "${supported_versions[@]}"; do
+            if [[ "${PHP_VERSION_OVERRIDE}" == "${ver}" ]]; then
+                valid=true
+                break
+            fi
+        done
+
+        if [[ "${valid}" == true ]]; then
+            PHP_VER="${PHP_VERSION_OVERRIDE}"
+            echo "PHP version override active: using PHP ${PHP_VER}"
+        else
+            echo "Warning: Invalid PHP_VERSION_OVERRIDE '${PHP_VERSION_OVERRIDE}'. Supported: ${supported_versions[*]}"
+            echo "Falling back to default PHP ${PHP_VER}"
+        fi
+    fi
+}
+
+# Apply PHP version override if set
+resolve_php_version
+
+
 # ----------------------------------------------------------------
 # Function to restart a service
 function restart_service() {
@@ -255,7 +285,7 @@ function restart_service() {
 # ----------------------------------------------------------------
 # Function to restart PHP-FPM service
 function restart_php_fpm() {
-    local php_versions=("8.1" "8.2" "8.3" "8.4")
+    local php_versions=("8.3" "8.4" "8.5")
     for version in "${php_versions[@]}"; do
         if systemctl is-active --quiet "php${version}-fpm"; then
             restart_service "php${version}-fpm"
diff --git a/scripts/install/block/package-block.sh b/scripts/install/block/package-block.sh
@@ -30,26 +30,15 @@ echo -e "Package: nginx*\nPin: release *\nPin-Priority: -1" > nginx-block
 echo -e "Package: openlitespeed*\nPin: release *\nPin-Priority: -1" > litespeed-block
 echo -e "Package: lighttpd*\nPin: release *\nPin-Priority: -1" > litespeed-block2
 
-# Block PHP 5.x from APT
-echo -e "Package: php5*\nPin: release *\nPin-Priority: -1" > php5-block
-
-# Block PHP 7.0 from APT
-echo -e "Package: php7.0*\nPin: release *\nPin-Priority: -1" > php70-block
-
-# Block PHP 7.1 from APT
-echo -e "Package: php7.1*\nPin: release *\nPin-Priority: -1" > php71-block
-
-# Block PHP 7.2 from APT
-echo -e "Package: php7.2*\nPin: release *\nPin-Priority: -1" > php72-block
-
-# Block PHP 7.3 from APT
-echo -e "Package: php7.3*\nPin: release *\nPin-Priority: -1" > php73-block
-
-# Block PHP 7.4 from APT
-echo -e "Package: php7.4*\nPin: release *\nPin-Priority: -1" > php74-block
-
-# Block PHP 8.0 from APT
-echo -e "Package: php8.0*\nPin: release *\nPin-Priority: -1" > php80-block
-
-# Block PHP 8.1 from APT
-echo -e "Package: php8.1*\nPin: release *\nPin-Priority: -1" > php81-block
+# Block all PHP versions except the selected one
+# Always block legacy versions
+block_versions=("5" "7.0" "7.1" "7.2" "7.3" "7.4" "8.0" "8.1" "8.2" "8.3" "8.4" "8.5")
+
+for ver in "${block_versions[@]}"; do
+    # Skip the selected PHP version
+    if [[ "${ver}" == "${PHP_VER}" ]]; then
+        continue
+    fi
+    sanitized="${ver//.}"
+    echo -e "Package: php${ver}*\nPin: release *\nPin-Priority: -1" > "php${sanitized}-block"
+done
diff --git a/scripts/install/php/php-install.sh b/scripts/install/php/php-install.sh
@@ -33,12 +33,17 @@ php${PHP_VER}-imagick
 php${PHP_VER}-intl
 php${PHP_VER}-mbstring
 php${PHP_VER}-mysql
-php${PHP_VER}-opcache
 php${PHP_VER}-redis
 php${PHP_VER}-ssh2
 php${PHP_VER}-xml
 php${PHP_VER}-zip"
 
+# PHP 8.5+ has opcache built-in; older versions need the separate package
+if [[ "$(echo "${PHP_VER} < 8.5" | bc -l)" -eq 1 ]]; then
+    php_packages="${php_packages}
+php${PHP_VER}-opcache"
+fi
+
 # Install the packages with error checking
 # Unquoted expansion relies on word splitting (spaces and newlines)
 apt install -qy $php_packages || {
diff --git a/scripts/menu/update-menu.sh b/scripts/menu/update-menu.sh
@@ -27,7 +27,7 @@ while true
     echo ""
 
     PS3='Please enter your choice: '
-    options=("Update EngineScript" "Update Kernel (experimental)" "Update MariaDB" "Update Nginx" "Update OpenSSL" "Update PHP" "Update Server Tools" "Update Ubuntu Distribution (apt full-upgrade)" "Update Ubuntu Software (apt upgrade)" "Exit Update Software Menu")
+    options=("Update EngineScript" "Update Kernel (experimental)" "Update MariaDB" "Update Nginx" "Update OpenSSL" "Update PHP" "Switch PHP Version" "Update Server Tools" "Update Ubuntu Distribution (apt full-upgrade)" "Update Ubuntu Software (apt upgrade)" "Exit Update Software Menu")
     select opt in "${options[@]}"
     do
       case $opt in
@@ -57,6 +57,58 @@ while true
           /usr/local/bin/enginescript/scripts/update/php-update.sh
           break
           ;;
+        "Switch PHP Version")
+          echo ""
+          echo "Switch PHP Version"
+          echo "=================="
+          echo ""
+          # Detect currently installed PHP-FPM version
+          CURRENT_PHP=""
+          for ver in 8.3 8.4 8.5; do
+              if dpkg -l 2>/dev/null | grep -q "php${ver}-fpm"; then
+                  CURRENT_PHP="${ver}"
+              fi
+          done
+          if [[ -n "${CURRENT_PHP}" ]]; then
+              echo "Currently installed: PHP ${CURRENT_PHP}"
+          else
+              echo "No PHP-FPM installation detected."
+          fi
+          echo ""
+          echo "Select the PHP version to switch to:"
+          PS3='Choose a version: '
+          select php_choice in "PHP 8.5" "PHP 8.4" "PHP 8.3" "Cancel"; do
+              case $php_choice in
+                  "PHP 8.5")
+                      TARGET_VER="8.5"
+                      break
+                      ;;
+                  "PHP 8.4")
+                      TARGET_VER="8.4"
+                      break
+                      ;;
+                  "PHP 8.3")
+                      TARGET_VER="8.3"
+                      break
+                      ;;
+                  "Cancel")
+                      TARGET_VER=""
+                      break
+                      ;;
+                  *) echo "Invalid option";;
+              esac
+          done
+          if [[ -n "${TARGET_VER}" ]]; then
+              if [[ "${TARGET_VER}" == "${CURRENT_PHP}" ]]; then
+                  echo ""
+                  echo "PHP ${TARGET_VER} is already installed. No changes needed."
+                  sleep 3
+              else
+                  /usr/local/bin/enginescript/scripts/update/php-update.sh "${TARGET_VER}"
+              fi
+          fi
+          break
+          ;;
         "Update Server Tools")
           /usr/local/bin/enginescript/scripts/update/software-update.sh
           break
diff --git a/scripts/update/php-update.sh b/scripts/update/php-update.sh
