Note: PHP 5 has reached end of support on January 30, 2024. Your existing PHP 5 applications will continue to run and receive traffic. However, App Engine might block re-deployment of applications that use runtimes after their end of support date. We recommend that you migrate to the latest supported version of PHP.

The php.ini File

You can include a php.ini file with your App Engine application. This file lets you customize the behavior of the PHP interpreter directives.

About php.ini

The php.ini file should be placed in the base directory of an application (the same directory as the app.yaml file). It is loaded when the PHP interpreter is initialized, and before your application code is run.

The file follows the same syntax as other .ini files. A simple example might look like:

; This is a simple php.ini file on App Engine
;
; This is a directive set to "On"
widget_compression = "On"

A list of the core directives, along with their changeable mode values, is published on php.net. The php.ini directives handled by extensions are documented on the respective pages of the extensions themselves.

You may override any PHP directive that has one of the following changeable mode values:

PHP_INI_SYSTEM
PHP_INI_ALL
PHP_INI_PERDIR

Note that some functions have been disabled in the App Engine implementation of PHP. Directives that target these functions will have no effect.

A set of dynamically loadable extensions can be enabled using the extension directive.

PHP Directives for App Engine

The following directives are specific to the App Engine environment. They can be included in the php.ini file.

google_app_engine.enable_curl_lite - Enables "cURL lite", a built-in, App Engine-specific version of cURL, when set to "1". "cURL lite" can be used exactly as you would use the standard cURL functions, but it calls URL Fetch under the hood rather than sockets, thus functions with no URL Fetch equivalent, throw a CurlLiteMethodNotSupportedException.
Note: An app can't enable the "curl.so" extension and "cURL lite" at the same time, as the latter overloads the cURL functions.
google_app_engine.enable_functions - Functions that have been soft disabled in App Engine, but can be re-enabled using this directive. List the function names in a comma delimited string:
```
google_app_engine.enable_functions = "phpversion, phpinfo"
```
google_app_engine.allow_include_gs_buckets - Allows your application to use the include or require statements with files stored in Google Cloud Storage.

Note: You can use #default# for the default bucket; this value will be automatically replaced at runtime with your current default bucket name.

For example, list the default bucket, along with buckets bucket_1 and bucket_2 containing the files in a comma delimited string:
```
google_app_engine.allow_include_gs_buckets = "#default#, bucket_1, bucket_2"
```
You can also specify a bucket and path to files that can be included, for example:
```
google_app_engine.allow_include_gs_buckets = "bucket_1/path_x"
```
When the check is performed for which files may be included from Google Cloud Storage, the supplied path is treated as a prefix that must match the start of the file name in order for it to be included or required. For example using the path example above, the supplied path would allow users to include files from gs://bucket_1/path_x/... because the prefix matches but not from gs://bucket_1 or gs://bucket_1/path_y/ because the prefix doesn't match.

If an uploaded file is moved to an allowed include bucket, a warning is generated to alert the user to a potential LFI attack. If this happens, you should consider using a more restrictive path.

Note: the path is treated as a file prefix; so it could include a specific file as well, for example, google_app_engine.allow_include_gs_buckets = "bucket_1/path_x.ext", "bucket_2/path_z/some_file.ext.
google_app_engine.disable_readonly_filesystem - By default PHP applications are not allowed to write to the filesystem. Setting this directive to "1" will lift the restriction for the local development environment. However, the setting does not apply to applications running in production, which are always subjected to the sandbox restrictions.