Allowing that to be changed would open a can of worms.

Can we at least get the documentation changed? Currently it says PHP_INI_ALL which would include htaccess and ini_set.

This bug has been fixed in the documentation's XML sources. Since the
online and downloadable versions of the documentation need some time
to get updated, we would like to ask you to be a bit patient.

Thank you for the report, and for helping us make our documentation better.

Define "can of worms" with regard to this setting.

I'm sorry, but... umm... doesn't allowing sites to override *any* setting 
(including memory_limit) have the possibility of bad things happening? And, yet, 
we allow that.

It is strange to me how for some reason this one setting that so many people are 
now having trouble with is not allowed to be overridden at the reasonable level 
of per-site, or per-folder. If people are really concerned about locking-down 
the setting on their server, they can use php_admin_value in the INI.

As for me, like the rest of the developers who've encountered this botched 
feature, it's getting disabled until it's fixed. I have a rash of users upset 
that they can't upload more than 20 pictures per post, and I don't see how 
raising that limit to 300 server-wide would be any better.

How do you close this bug without adding the posibility of changing the
parameter value through ini_set and .htaccess? This has to be the most retarded
idea a PHP dev has had since the "magic quotes" epic fiasco, breaking lots of
flawlessly and security-proof code working after a PHP version update, without
any warning (not even a Notice).

Also jani@php.net I've seen you answer in 3 different bugs in a way that makes
it seem like this won't be ever addressed. I can understand it was your
"brilliant" idea to implement this, but a bit of humility and acceptance of
errors would be really appreciated.

And sorry if someone is offended by the 'tone' of this message but when you have
to spend 3 days reviewing _ALL_ the projectes using the CMS you developed, in a
lot of different servers because, you know they'll stop working when PHP version
is updated, due to a "great idea" (not really), well your mood goes down real
quick.

ini_set would never work because file uploads happen before the PHP script is 
executed, so by the time you call ini_set() it would be too late.

But you are right about .htaccess, I think. We probably should allow this setting 
to be changed there. It is always a tricky balance when it comes to security-
related settings. In some environments you want to lock down the security-related 
settings in a single place and not allow individual users/apps to override these, 
and in other environments you want to let users/apps have more rope.

> But you are right about .htaccess, I think. We probably should allow this 
> setting to be changed there

So why the f*** was and still is this closed??

This is already supposed to be resolved[1] as of PHP 5.4.0.  The
docs need to be updated, though.

[1] <https://github.com/php/php-src/commit/8bc24c004605d5dcf41652033f9be25038f1156e>

The fix for this bug has been committed.
If you are still experiencing this bug, try to check out latest source from https://github.com/php/php-src and re-test.
Thank you for the report, and for helping us make PHP better.

Closed with https://github.com/php/doc-en/commit/8a04690ab3ca341df750d00b32f27df5debbc307