--- a/main/php_ini.c	2024-04-10 16:21:20.000000000 +0200
+++ b/main/php_ini.c	2024-04-16 13:13:29.340237188 +0200
@@ -796,6 +796,56 @@
 }
 /* }}} */
 
+
+/* {{{  php_parse_extra_ini
+ */
+PHPAPI int php_parse_extra_ini(const char *ini_file)
+{
+	int ret = FAILURE;
+	if (!sapi_module.php_ini_ignore && ini_file) {
+		zend_stat_t sb;
+
+		if (VCWD_STAT(ini_file, &sb) == 0) {
+			if (S_ISREG(sb.st_mode)) {
+				zend_file_handle fh;
+				zend_stream_init_fp(&fh, VCWD_FOPEN(ini_file, "r"), ini_file);
+				if (fh.handle.fp) {
+					/* Reset active ini section */
+					RESET_ACTIVE_INI_HASH();
+
+					/* add a fake-host section so our settings will be changed to PHP_INI_SYSTEM during merge */
+					zval fakehost;
+					ZVAL_NEW_STR(&fakehost, zend_string_init(ZEND_STRL("HOST=\%fake\%"), 0));
+					php_ini_parser_cb(&fakehost, NULL, NULL, ZEND_INI_PARSER_SECTION, &configuration_hash);
+
+					if (zend_parse_ini_file(&fh, 1, ZEND_INI_SCANNER_NORMAL, (zend_ini_parser_cb_t) php_ini_parser_cb, &configuration_hash) == SUCCESS) {
+						/* add the file to the list of ini files read */
+						int add_len = (int)strlen(ini_file) + 2;
+
+						int php_ini_scanned_files_len = (php_ini_scanned_files) ? (int)strlen(php_ini_scanned_files) + 1 : 0;
+						php_ini_scanned_files = (char *) realloc(php_ini_scanned_files, php_ini_scanned_files_len + add_len + 1);
+						if (!php_ini_scanned_files_len) {
+							*php_ini_scanned_files = '\0';
+						}
+						add_len += php_ini_scanned_files_len;
+						if (php_ini_scanned_files_len) {
+							php_ini_scanned_files[php_ini_scanned_files_len - 2] = '\0';
+							strlcat(php_ini_scanned_files, ",\n", add_len);
+						}
+						strlcat(php_ini_scanned_files, ini_file, add_len);
+						strlcat(php_ini_scanned_files, "\n", add_len);
+						ret = SUCCESS;
+					}
+				}
+				zend_destroy_file_handle(&fh);
+			}
+		}
+	}
+	return ret;
+}
+/* }}} */
+
+
 /* {{{ php_ini_activate_config */
 PHPAPI void php_ini_activate_config(HashTable *source_hash, int modify_type, int stage)
 {
--- a/main/php_ini.h	2024-04-10 16:21:20.000000000 +0200
+++ b/main/php_ini.h	2024-04-16 13:01:12.479770244 +0200
@@ -30,6 +30,7 @@
 PHPAPI int cfg_get_double(const char *varname, double *result);
 PHPAPI int cfg_get_string(const char *varname, char **result);
 PHPAPI int php_parse_user_ini_file(const char *dirname, const char *ini_filename, HashTable *target_hash);
+PHPAPI int php_parse_extra_ini(const char *ini_file);
 PHPAPI void php_ini_activate_config(HashTable *source_hash, int modify_type, int stage);
 PHPAPI int php_ini_has_per_dir_config(void);
 PHPAPI int php_ini_has_per_host_config(void);
--- a/sapi/cgi/cgi_main.c	2024-04-16 12:59:15.785646874 +0200
+++ b/sapi/cgi/cgi_main.c	2024-04-16 13:07:02.987137690 +0200
@@ -867,6 +867,9 @@
 	if (php_ini_has_per_host_config()) {
 		char *server_name;
 
+		/* activate our fake host entries. lowercase string required! */
+		php_ini_activate_per_host_config(ZEND_STRL("\%fake\%"));
+
 		/* Activate per-host-system-configuration defined in php.ini and stored into configuration_hash during startup */
 		if (fcgi_is_fastcgi()) {
 			fcgi_request *request = (fcgi_request*) SG(server_context);
@@ -967,7 +970,11 @@
 
 static int php_cgi_startup(sapi_module_struct *sapi_module)
 {
-	return php_module_startup(sapi_module, &cgi_module_entry);
+	int ret = php_module_startup(sapi_module, &cgi_module_entry);
+	if (ret == SUCCESS) {
+		php_parse_extra_ini(getenv("PHP_INI_EXTRA"));
+	}
+	return ret;
 }
 
 /* {{{ sapi_module_struct cgi_sapi_module */
--- a/sapi/cli/php_cli.c	2024-04-16 12:59:15.827646559 +0200
+++ b/sapi/cli/php_cli.c	2024-04-16 13:04:20.047361198 +0200
@@ -411,7 +411,11 @@
 
 static int php_cli_startup(sapi_module_struct *sapi_module) /* {{{ */
 {
-	return php_module_startup(sapi_module, NULL);
+	int ret = php_module_startup(sapi_module, NULL);
+	if (ret == SUCCESS) {
+		php_parse_extra_ini(getenv("PHP_INI_EXTRA"));
+	}
+	return ret;
 }
 /* }}} */
 
@@ -1365,6 +1369,12 @@
 		CG(compiler_options) |= ZEND_COMPILE_EXTENDED_INFO;
 	}
 
+	if (php_ini_has_per_host_config()) {
+		/* activate our fake host entries. lowercase string required! */
+		php_ini_activate_per_host_config(ZEND_STRL("\%fake\%"));
+		php_ini_activate_per_host_config(ZEND_STRL("\%cli\%"));
+	}
+
 	zend_first_try {
 #ifndef PHP_CLI_WIN32_NO_CONSOLE
 		if (sapi_module == &cli_sapi_module) {
--- a/sapi/fpm/fpm/fpm_conf.c	2024-04-16 12:59:15.861646303 +0200
+++ b/sapi/fpm/fpm/fpm_conf.c	2024-04-16 13:01:12.481770229 +0200
@@ -157,6 +157,7 @@
 	{ "decorate_workers_output",   &fpm_conf_set_boolean,     WPO(decorate_workers_output) },
 	{ "clear_env",                 &fpm_conf_set_boolean,     WPO(clear_env) },
 	{ "security.limit_extensions", &fpm_conf_set_string,      WPO(security_limit_extensions) },
+	{ "extra_ini",                 &fpm_conf_set_string,      WPO(extra_ini) },
 #ifdef HAVE_APPARMOR
 	{ "apparmor_hat",              &fpm_conf_set_string,      WPO(apparmor_hat) },
 #endif
@@ -676,6 +677,7 @@
 	free(wpc->chroot);
 	free(wpc->chdir);
 	free(wpc->security_limit_extensions);
+	free(wpc->extra_ini);
 #ifdef HAVE_APPARMOR
 	free(wpc->apparmor_hat);
 #endif
@@ -1094,6 +1096,11 @@
 			wp->config->request_slowlog_trace_depth = 20;
 		}
 
+		/* extra_ini */
+		if (wp->config->extra_ini && *wp->config->extra_ini) {
+			fpm_evaluate_full_path(&wp->config->extra_ini, wp, NULL, 0);
+		}
+
 		/* chroot */
 		if (wp->config->chroot && *wp->config->chroot) {
 
@@ -1795,6 +1802,7 @@
 		zlog(ZLOG_NOTICE, "\tdecorate_workers_output = %s",    BOOL2STR(wp->config->decorate_workers_output));
 		zlog(ZLOG_NOTICE, "\tclear_env = %s",                  BOOL2STR(wp->config->clear_env));
 		zlog(ZLOG_NOTICE, "\tsecurity.limit_extensions = %s",  wp->config->security_limit_extensions);
+		zlog(ZLOG_NOTICE, "\textra_ini = %s",                  STR2STR(wp->config->extra_ini));
 
 		for (kv = wp->config->env; kv; kv = kv->next) {
 			zlog(ZLOG_NOTICE, "\tenv[%s] = %s", kv->key, kv->value);
--- a/sapi/fpm/fpm/fpm_conf.h	2024-04-16 12:59:15.852646371 +0200
+++ b/sapi/fpm/fpm/fpm_conf.h	2024-04-16 13:01:12.481770229 +0200
@@ -94,6 +94,7 @@
 	int decorate_workers_output;
 	int clear_env;
 	char *security_limit_extensions;
+	char *extra_ini;
 	struct key_value_s *env;
 	struct key_value_s *php_admin_values;
 	struct key_value_s *php_values;
--- a/sapi/fpm/fpm/fpm_main.c	2024-04-16 12:59:15.802646746 +0200
+++ b/sapi/fpm/fpm/fpm_main.c	2024-04-16 13:01:12.481770229 +0200
@@ -715,6 +715,9 @@
 	}
 
 	if (php_ini_has_per_host_config()) {
+		/* activate our fake host entries. lowercase string required! */
+		php_ini_activate_per_host_config(ZEND_STRL("\%fake\%"));
+
 		/* Activate per-host-system-configuration defined in php.ini and stored into configuration_hash during startup */
 		server_name = FCGI_GETENV(request, "SERVER_NAME");
 		/* SERVER_NAME should also be defined at this stage..but better check it anyway */
--- a/sapi/fpm/fpm/fpm_php.c	2024-04-16 12:59:15.853646363 +0200
+++ b/sapi/fpm/fpm/fpm_php.c	2024-04-16 13:01:12.482770222 +0200
@@ -245,6 +245,8 @@
 
 int fpm_php_init_child(struct fpm_worker_pool_s *wp) /* {{{ */
 {
+	php_parse_extra_ini(wp->config->extra_ini);
+
 	if (0 > fpm_php_apply_defines(wp) ||
 		0 > fpm_php_set_allowed_clients(wp)) {
 		return -1;