Upgrading to LTS Version 3.22.26+200714

Update README.md

3.0/apache/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-apache
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.22.23+200626'
-ARG sha256_checksum='4aa296ebb0ab56d2232a6d8bb2148ac1c4589cf59acd9a2b1824891456095be2'
+ARG version='3.22.26+200714'
+ARG sha256_checksum='a24958c4ad6ea4548b963b812901a1b749d4f74de30b80c7aca354aeacd1cc6d'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -31,6 +31,7 @@ RUN set -ex; \
         docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
         docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
         docker-php-ext-install -j5 \
+        exif \
         gd \
         imap \
         ldap \
@@ -57,13 +58,13 @@ RUN a2enmod headers rewrite remoteip; \
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
 # Download, unzip and chmod LimeSurvey from official GitHub repository
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
-        rm -f "/tmp/${version}.tar.gz" && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        rm -f "/tmp/limesurvey.tar.gz" && \
         chown -R www-data:www-data /var/www/html
 
 COPY entrypoint.sh entrypoint.sh

3.0/apache/entrypoint.sh

@@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
-# Check if already provisioned
+# Check if config already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,60 +54,83 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
-    fi
     fi
 
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
+fi
+
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

3.0/fpm-alpine/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-fpm-alpine
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.22.23+200626'
-ARG sha256_checksum='4aa296ebb0ab56d2232a6d8bb2148ac1c4589cf59acd9a2b1824891456095be2'
+ARG version='3.22.26+200714'
+ARG sha256_checksum='a24958c4ad6ea4548b963b812901a1b749d4f74de30b80c7aca354aeacd1cc6d'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -30,14 +30,14 @@ RUN set -ex; \
         zip
 
 # Download, unzip and chmod of LimeSurvey
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
         \
-        rm -rf "/tmp/${version}.tar.gz" \
+        rm -rf "/tmp/limesurvey.tar.gz" \
         /var/www/html/docs \
         /var/www/html/tests \
         /var/www/html/*.md && \

3.0/fpm-alpine/entrypoint.sh

@@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
-# Check if already provisioned
+# Check if config already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,60 +54,83 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
-    fi
     fi
 
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
+fi
+
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

3.0/fpm/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-fpm
 LABEL maintainer="markus@martialblog.de"
-ARG version='3.22.23+200626'
-ARG sha256_checksum='4aa296ebb0ab56d2232a6d8bb2148ac1c4589cf59acd9a2b1824891456095be2'
+ARG version='3.22.26+200714'
+ARG sha256_checksum='a24958c4ad6ea4548b963b812901a1b749d4f74de30b80c7aca354aeacd1cc6d'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -31,6 +31,7 @@ RUN set -ex; \
         docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
         docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
         docker-php-ext-install -j5 \
+        exif \
         gd \
         imap \
         ldap \
@@ -44,13 +45,13 @@ RUN set -ex; \
 ENV LIMESURVEY_VERSION=$version
 
 # Download, unzip and chmod LimeSurvey from official GitHub repository
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
-        rm -f "/tmp/${version}.tar.gz" && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        rm -f "/tmp/limesurvey.tar.gz" && \
         chown -R www-data:www-data /var/www/html
 
 EXPOSE 9000

3.0/fpm/entrypoint.sh

@@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
-# Check if already provisioned
+# Check if config already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,60 +54,83 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
-    fi
     fi
 
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
+fi
+
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

4.0/apache/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-apache
 LABEL maintainer="markus@martialblog.de"
-ARG version='4.3.0+200616'
-ARG sha256_checksum='d254918f43cdc10ee97b3f587b2c0bc0be381ef83cb588a3f8fae84f8a1b1e36'
+ARG version='4.3.3+200707'
+ARG sha256_checksum='8f0429c99c5090ded08403fa2cf5ce196f9feaba7b8cb31b47de6f96dbd5bc27'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -18,6 +18,7 @@ RUN set -ex; \
         libpng-dev \
         libpq-dev \
         netcat \
+        curl \
         \
         && apt-get -y autoclean; apt-get -y autoremove; \
         rm -rf /var/lib/apt/lists/*
@@ -31,6 +32,7 @@ RUN set -ex; \
         docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
         docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
         docker-php-ext-install -j5 \
+        exif \
         gd \
         imap \
         ldap \
@@ -57,13 +59,13 @@ RUN a2enmod headers rewrite remoteip; \
 RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
 
 # Download, unzip and chmod LimeSurvey from official GitHub repository
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
-        rm -f "/tmp/${version}.tar.gz" && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        rm -f "/tmp/limesurvey.tar.gz" && \
         chown -R www-data:www-data /var/www/html
 
 COPY entrypoint.sh entrypoint.sh

4.0/apache/entrypoint.sh

@@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
-# Check if already provisioned
+# Check if config already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,60 +54,83 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
-    fi
     fi
 
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
+fi
+
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

4.0/fpm-alpine/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-fpm-alpine
 LABEL maintainer="markus@martialblog.de"
-ARG version='4.3.0+200616'
-ARG sha256_checksum='d254918f43cdc10ee97b3f587b2c0bc0be381ef83cb588a3f8fae84f8a1b1e36'
+ARG version='4.3.3+200707'
+ARG sha256_checksum='8f0429c99c5090ded08403fa2cf5ce196f9feaba7b8cb31b47de6f96dbd5bc27'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -19,6 +19,7 @@ RUN set -ex; \
         docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr ; \
         docker-php-ext-configure imap --with-imap-ssl && \
         docker-php-ext-install \
+        exif \
         gd \
         imap \
         ldap \
@@ -30,14 +31,14 @@ RUN set -ex; \
         zip
 
 # Download, unzip and chmod of LimeSurvey
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
         \
-        rm -rf "/tmp/${version}.tar.gz" \
+        rm -rf "/tmp/limesurvey.tar.gz" \
         /var/www/html/docs \
         /var/www/html/tests \
         /var/www/html/*.md && \

4.0/fpm-alpine/entrypoint.sh

@@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
-# Check if already provisioned
+# Check if config already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,60 +54,83 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
-    fi
     fi
 
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
+fi
+
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

4.0/fpm/Dockerfile

@@ -1,7 +1,7 @@
 FROM php:7.2-fpm
 LABEL maintainer="markus@martialblog.de"
-ARG version='4.3.0+200616'
-ARG sha256_checksum='d254918f43cdc10ee97b3f587b2c0bc0be381ef83cb588a3f8fae84f8a1b1e36'
+ARG version='4.3.3+200707'
+ARG sha256_checksum='8f0429c99c5090ded08403fa2cf5ce196f9feaba7b8cb31b47de6f96dbd5bc27'
 
 # Install OS dependencies
 RUN set -ex; \
@@ -31,6 +31,7 @@ RUN set -ex; \
         docker-php-ext-configure gd --with-freetype-dir=/usr --with-png-dir=/usr --with-jpeg-dir=/usr; \
         docker-php-ext-configure imap --with-kerberos --with-imap-ssl && \
         docker-php-ext-install -j5 \
+        exif \
         gd \
         imap \
         ldap \
@@ -44,13 +45,13 @@ RUN set -ex; \
 ENV LIMESURVEY_VERSION=$version
 
 # Download, unzip and chmod LimeSurvey from official GitHub repository
-ADD "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" /tmp
+RUN curl -sSL "https://github.com/LimeSurvey/LimeSurvey/archive/${version}.tar.gz" --output /tmp/limesurvey.tar.gz
 
 RUN set -ex; \
-        echo "${sha256_checksum}  /tmp/${version}.tar.gz" | sha256sum -c - && \
+        echo "${sha256_checksum}  /tmp/limesurvey.tar.gz" | sha256sum -c - && \
         \
-        tar xzvf "/tmp/${version}.tar.gz" --strip-components=1 -C /var/www/html/ && \
-        rm -f "/tmp/${version}.tar.gz" && \
+        tar xzvf "/tmp/limesurvey.tar.gz" --strip-components=1 -C /var/www/html/ && \
+        rm -f "/tmp/limesurvey.tar.gz" && \
         chown -R www-data:www-data /var/www/html
 
 EXPOSE 9000

4.0/fpm/entrypoint.sh

@@ -11,14 +11,30 @@ DB_TABLE_PREFIX=${DB_TABLE_PREFIX:-'lime_'}
 DB_USERNAME=${DB_USERNAME:-'limesurvey'}
 DB_PASSWORD=${DB_PASSWORD:-}
 
+ENCRYPT_KEYPAIR=${ENCRYPT_KEYPAIR:-}
+ENCRYPT_PUBLIC_KEY=${ENCRYPT_PUBLIC_KEY:-}
+ENCRYPT_SECRET_KEY=${ENCRYPT_SECRET_KEY:-}
+
 ADMIN_USER=${ADMIN_USER:-'admin'}
 ADMIN_NAME=${ADMIN_NAME:-'admin'}
 ADMIN_EMAIL=${ADMIN_EMAIL:-'foobar@example.com'}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-'-'}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-}
 
 PUBLIC_URL=${PUBLIC_URL:-}
 URL_FORMAT=${URL_FORMAT:-'path'}
 
+DEBUG=${DEBUG:-0}
+DEBUG_SQL=${DEBUG_SQL:-0}
+
+if [ -z "$DB_PASSWORD" ]; then
+    echo >&2 'Error: Missing DB_PASSWORD'
+    exit 1
+fi
+
+if [ -z "$ADMIN_PASSWORD" ]; then
+    echo >&2 'Error: Missing ADMIN_PASSWORD'
+    exit 1
+fi
 
 # Check if database is available
 if [ -z "$DB_SOCK" ]; then
@@ -29,8 +45,7 @@ if [ -z "$DB_SOCK" ]; then
     done
 fi
 
-
-# Check if already provisioned
+# Check if config already provisioned
 if [ -f application/config/config.php ]; then
     echo 'Info: config.php already provisioned'
 else
@@ -39,60 +54,83 @@ else
     if [ "$DB_TYPE" = 'mysql' ]; then
         echo 'Info: Using MySQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8mb4'}
-        cp application/config/config-sample-mysql.php application/config/config.php
     fi
 
     if [ "$DB_TYPE" = 'pgsql' ]; then
         echo 'Info: Using PostgreSQL configuration'
         DB_CHARSET=${DB_CHARSET:-'utf8'}
-        cp application/config/config-sample-pgsql.php application/config/config.php
     fi
 
-    # Set Database config
     if [ ! -z "$DB_SOCK" ]; then
         echo 'Info: Using unix socket'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:unix_socket=${DB_SOCK};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='unix_socket'
     else
         echo 'Info: Using TCP connection'
-        sed -i "s#\('connectionString' => \).*,\$#\\1'${DB_TYPE}:host=${DB_HOST};port=${DB_PORT};dbname=${DB_NAME};',#g" application/config/config.php
+        DB_CONNECT='host'
     fi
 
-    sed -i "s#\('username' => \).*,\$#\\1'${DB_USERNAME}',#g" application/config/config.php
-    sed -i "s#\('password' => \).*,\$#\\1'${DB_PASSWORD}',#g" application/config/config.php
-    sed -i "s#\('charset' => \).*,\$#\\1'${DB_CHARSET}',#g" application/config/config.php
-    sed -i "s#\('tablePrefix' => \).*,\$#\\1'${DB_TABLE_PREFIX}',#g" application/config/config.php
-
-    # Set URL config
-    sed -i "s#\('urlFormat' => \).*,\$#\\1'${URL_FORMAT}',#g" application/config/config.php
-
-    # Set Public URL
     if [ -z "$PUBLIC_URL" ]; then
         echo 'Info: Setting PublicURL'
-        sed -i "s#\('debug'=>0,\)\$#'publicurl'=>'${PUBLIC_URL}',\n\t\t\\1 #g" application/config/config.php
-    fi
     fi
 
+    cat <<EOF > application/config/config.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+return array(
+  'components' => array(
+    'db' => array(
+      'connectionString' => '$DB_TYPE:$DB_CONNECT=$DB_HOST;port=$DB_PORT;dbname=$DB_NAME;',
+      'emulatePrepare' => true,
+      'username' => '$DB_USERNAME',
+      'password' => '$DB_PASSWORD',
+      'charset' => '$DB_CHARSET',
+      'tablePrefix' => '$DB_TABLE_PREFIX',
+    ),
+    'urlManager' => array(
+      'urlFormat' => '$URL_FORMAT',
+      'rules' => array(),
+      'showScriptName' => true,
+    ),
+  ),
+  'config'=>array(
+    'publicurl'=>'$PUBLIC_URL',
+    'debug'=>$DEBUG,
+    'debugsql'=>$DEBUG_SQL,
+  )
+);
+
+EOF
+
+fi
+
+# Check if security config already provisioned
+if [ -f application/config/security.php ]; then
+    echo 'Info: security.php already provisioned'
+else
+    echo 'Info: Creating security.php'
+    if [ ! -z "$ENCRYPT_KEYPAIR" ]; then
+
+        cat <<EOF > application/config/security.php
+<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
+\$config = array();
+\$config['encryptionkeypair'] = '$ENCRYPT_KEYPAIR';
+\$config['encryptionpublickey'] = '$ENCRYPT_PUBLIC_KEY';
+\$config['encryptionsecretkey'] = '$ENCRYPT_SECRET_KEY';
+return \$config;
+EOF
+    else
+        echo >&2 'Warning: No encryption keys were provided'
+        echo >&2 'Warning: A security.php config will be created by the application'
+        echo >&2 'Warning: THIS FILE NEEDS TO BE PERSISTENT'
+    fi
+fi
 
 # Check if LimeSurvey database is provisioned
 echo 'Info: Check if database already provisioned. Nevermind the Stack trace.'
 php application/commands/console.php updatedb
 
-
 if [ $? -eq 0 ]; then
     echo 'Info: Database already provisioned'
 else
-    # Check if DB_PASSWORD is set
-    if [ -z "$DB_PASSWORD" ]; then
-        echo >&2 'Error: Missing DB_PASSWORD'
-        exit 1
-    fi
-
-    # Check if DB_PASSWORD is set
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        echo >&2 'Error: Missing ADMIN_PASSWORD'
-        exit 1
-    fi
-
     echo ''
     echo 'Running console.php install'
     php application/commands/console.php install $ADMIN_USER $ADMIN_PASSWORD $ADMIN_NAME $ADMIN_EMAIL

README.md

@@ -52,6 +52,16 @@ To change to LimeSurvey configuration, you can mount a Volume into the Container
 
 **Hint**: If this configuration is present before the installation, the LimeSurvey Web Installer will not run automatically.
 
+## Data Encryption
+
+LimeSurvey 4 supports data encryption, this image give you these options:
+
+* Provide a security.php file directly (volume)
+* Provide encryption keys for the security.php file (environment variables)
+* Provide nothing and get a non-persistent security.php file
+
+For further details on the settings see: https://manual.limesurvey.org/Data_encryption
+
 # Environment Variables
 
 | Parameter       | Description                               |
@@ -70,12 +80,17 @@ To change to LimeSurvey configuration, you can mount a Volume into the Container
 | ADMIN_PASSWORD  | Initial LimeSurvey Admin Password         |
 | PUBLIC_URL      | Public URL for public scripts             |
 | URL_FORMAT      | URL Format. path or get                   |
+| DEBUG           | Debug level (0, 1, 2). Default: 0         |
+| DEBUG_SQL       | SQL Debug level (0, 1, 2). Default 0      |
+| ENCRYPT_KEYPAIR  | Data encryption keypair                  |
+| ENCRYPT_PUBLIC_KEY | Data encryption public key             |
+| ENCRYPY_SECRET_KEY | Data encryption secret key             |
 
 For further details on the settings see: https://manual.limesurvey.org/Optional_settings#Advanced_Path_Settings
 
 # Running this image with docker-compose
 
-The easiest way to get a fully featured and functional setup is using a docker-compose file. Several examples are provided in the repository.
+The easiest way to get a fully featured and functional setup is using a docker-compose file. Several examples are provided in the [repository](https://github.com/martialblog/docker-limesurvey).
 
 ```
 docker-compose up