Merge pull request #17147 from chrisnovakovic/php_upload_limit-hardening

Docker: harden updating of `php.ini` in entrypoint

docker/startup.sh

@@ -100,13 +100,13 @@ chown -R docker:root /var/www/html/storage/framework/cache
 # Fix php settings
 if [ -v "PHP_UPLOAD_LIMIT" ]
 then
-  PHP_INI_FILE=$(find /etc/php/*/apache2/php.ini)
-  if [ -e $PHP_INI_FILE ]
-  then
-    echo "Changing upload limit to ${PHP_UPLOAD_LIMIT}M in ${PHP_INI_FILE}"
-    sed -i "s/^upload_max_filesize.*/upload_max_filesize = ${PHP_UPLOAD_LIMIT}M/" $PHP_INI_FILE
-    sed -i "s/^post_max_size.*/post_max_size = ${PHP_UPLOAD_LIMIT}M/" $PHP_INI_FILE
-  fi
+    find /etc/php -type f -name php.ini | while IFS= read -r ini; do
+        echo "Changing upload limit to ${PHP_UPLOAD_LIMIT}M in $ini"
+        sed -i \
+            -e "s/^;\? *upload_max_filesize *=.*/upload_max_filesize = ${PHP_UPLOAD_LIMIT}M/" \
+            -e "s/^;\? *post_max_size *=.*/post_max_size = ${PHP_UPLOAD_LIMIT}M/" \
+            "$ini"
+    done
 fi
 
 # If the Oauth DB files are not present copy the vendor files over to the db migrations

docker/startup_alpine.sh

@@ -84,9 +84,13 @@ chown -R apache:root /var/www/html/storage/framework/cache
 # Fix php settings
 if [ ! -z "${PHP_UPLOAD_LIMIT}" ]
 then
-    echo "Changing upload limit to ${PHP_UPLOAD_LIMIT}"
-    sed -i "s/^upload_max_filesize.*/upload_max_filesize = ${PHP_UPLOAD_LIMIT}M/" /etc/php*/php.ini
-    sed -i "s/^post_max_size.*/post_max_size = ${PHP_UPLOAD_LIMIT}M/" /etc/php*/php.ini
+    find /etc -type f -name php.ini | while IFS= read -r ini; do
+        echo "Changing upload limit to ${PHP_UPLOAD_LIMIT}M in $ini"
+        sed -i \
+            -e "s/^;\? *upload_max_filesize *=.*/upload_max_filesize = ${PHP_UPLOAD_LIMIT}M/" \
+            -e "s/^;\? *post_max_size *=.*/post_max_size = ${PHP_UPLOAD_LIMIT}M/" \
+            "$ini"
+    done
 fi
 
 # If the Oauth DB files are not present copy the vendor files over to the db migrations