Here's a short explanation of
the configuration directives.
phar.readonlyboolean
This option disables creation or modification of Phar archives
using the phar stream or Phar
object's write support. This setting should always be enabled on
production machines, as the phar extension's convenient write support
could allow straightforward creation of a php-based virus when coupled
with other common security vulnerabilities.
Note:
This setting can only be unset in php.ini due to security reasons.
If phar.readonly is disabled in php.ini, the
user may enable phar.readonly in a script
or disable it later. If phar.readonly is
enabled in php.ini, a script may harmlessly "re-enable"
the INI variable, but may not disable it.
phar.require_hashboolean
This option will force all opened Phar archives to contain some
kind of signature (currently MD5, SHA1, SHA256 and SHA512 are supported), and will
refuse to process any Phar archive that does not contain a signature.
Note:
This setting can only be unset in php.ini due to security reasons.
If phar.require_hash is disabled in php.ini, the
user may enable phar.require_hash in a script
or disable it later. If phar.require_hash is
enabled in php.ini, a script may harmlessly "re-enable"
the INI variable, but may not disable it.
This setting does not affect reading plain tar files with the
PharData class.
phar.extract_liststring
This INI setting has been removed as of phar 2.0.0
Allows mappings from a full path to a phar archive or its alias to
the location of its extracted files.
The format of the parameter is name=archive,name2=archive2.
This allows extraction of phar files to disk, and allows phar to act as a
kind of mapper to extracted disk files. This is often done for performance
reasons, or to assist with debugging a phar.
Example #1 phar.extract_list usage example
in php.ini: phar.extract_list = archive=/full/path/to/archive/,arch2=/full/path/to/arch2 <?php include "phar://archive/content.php"; include "phar://arch2/foo.php"; ?>
phar.cache_liststring
This INI setting was added in phar 2.0.0
Allows mapping phar archives to be pre-parsed at web server startup,
providing a performance improvement that brings running files out of a
phar archive very close to the speed of running those files from a
traditional disk-based installation.
Example #2 phar.cache_list usage example
in php.ini (windows):
phar.cache_list =C:\path\to\phar1.phar;C:\path\to\phar2.phar
in php.ini (unix):
phar.cache_list =/path/to/phar1.phar:/path/to/phar2.phar