diff options
author | Tyson Andre <tysonandre775@hotmail.com> | 2020-06-25 09:44:12 -0400 |
---|---|---|
committer | Tyson Andre <tysonandre775@hotmail.com> | 2020-07-25 09:50:57 -0400 |
commit | 07db64156e180c30daa5ab5d41ed72f9bba77e6d (patch) | |
tree | 0cf33175567420d1c58315f2a98fcd54d4346206 | |
parent | 8664ff7ae174c610769c36a712eeea80cc3ad933 (diff) | |
download | php-git-07db64156e180c30daa5ab5d41ed72f9bba77e6d.tar.gz |
[RFC] Make string length for getTraceAsString() configurable
Add a `zend.exception_string_param_max_len` ini setting.
(same suffix as `log_errors_max_len`)
Allow values between 0 and 1000000 bytes.
For example, with zend.exception_string_param_max_len=0,
"" would represent the empty string, and "..." would represent something
longer than the empty string.
Previously, this was hardcoded as exactly 15 bytes.
Discussion: https://externals.io/message/110717
Closes GH-5769
-rw-r--r-- | Zend/tests/exception_024.phpt | 19 | ||||
-rw-r--r-- | Zend/tests/exception_025.phpt | 41 | ||||
-rw-r--r-- | Zend/zend.c | 15 | ||||
-rw-r--r-- | Zend/zend_exceptions.c | 4 | ||||
-rw-r--r-- | Zend/zend_globals.h | 1 | ||||
-rw-r--r-- | main/main.c | 1 | ||||
-rw-r--r-- | php.ini-development | 13 | ||||
-rw-r--r-- | php.ini-production | 17 | ||||
-rwxr-xr-x | run-tests.php | 1 |
9 files changed, 108 insertions, 4 deletions
diff --git a/Zend/tests/exception_024.phpt b/Zend/tests/exception_024.phpt new file mode 100644 index 0000000000..67a2b87532 --- /dev/null +++ b/Zend/tests/exception_024.phpt @@ -0,0 +1,19 @@ +--TEST-- +zend.exception_string_param_max_len ini setting +--INI-- +zend.exception_string_param_max_len = 23 +--FILE-- +<?php + +function main($arg) { + throw new Exception(); +} +main('123456789012345678901234567890'); + +?> +--EXPECTF-- +Fatal error: Uncaught Exception in %s:%d +Stack trace: +#0 %s(%d): main('12345678901234567890123...') +#1 {main} + thrown in %s on line %d diff --git a/Zend/tests/exception_025.phpt b/Zend/tests/exception_025.phpt new file mode 100644 index 0000000000..b81c5406d6 --- /dev/null +++ b/Zend/tests/exception_025.phpt @@ -0,0 +1,41 @@ +--TEST-- +zend.exception_string_param_max_len ini setting +--FILE-- +<?php + +function main($arg) { + echo (new Exception()), "\n"; +} +var_dump(ini_set('zend.exception_string_param_max_len', '-1')); +var_dump(ini_set('zend.exception_string_param_max_len', '1000001')); +var_dump(ini_set('zend.exception_string_param_max_len', '1000000')); +var_dump(ini_set('zend.exception_string_param_max_len', '20')); +main('short'); +main('123456789012345678901234567890'); +var_dump(ini_set('zend.exception_string_param_max_len', '0')); +main('short'); +main(''); + +?> +--EXPECTF-- +bool(false) +bool(false) +string(2) "15" +string(7) "1000000" +Exception in %s:%d +Stack trace: +#0 %s(10): main('short') +#1 {main} +Exception in %s:%d +Stack trace: +#0 %s(11): main('12345678901234567890...') +#1 {main} +string(2) "20" +Exception in %s:%d +Stack trace: +#0 %s(13): main('...') +#1 {main} +Exception in %s:%d +Stack trace: +#0 %s(14): main('') +#1 {main} diff --git a/Zend/zend.c b/Zend/zend.c index aef5a398b1..4b001c522c 100644 --- a/Zend/zend.c +++ b/Zend/zend.c @@ -160,6 +160,20 @@ static ZEND_INI_MH(OnUpdateAssertions) /* {{{ */ } /* }}} */ +static ZEND_INI_MH(OnSetExceptionStringParamMaxLen) /* {{{ */ +{ + zend_long i; + + ZEND_ATOL(i, ZSTR_VAL(new_value)); + if (i >= 0 && i <= 1000000) { + EG(exception_string_param_max_len) = i; + return SUCCESS; + } else { + return FAILURE; + } +} +/* }}} */ + #if ZEND_DEBUG # define SIGNAL_CHECK_DEFAULT "1" #else @@ -177,6 +191,7 @@ ZEND_INI_BEGIN() STD_ZEND_INI_BOOLEAN("zend.signal_check", SIGNAL_CHECK_DEFAULT, ZEND_INI_SYSTEM, OnUpdateBool, check, zend_signal_globals_t, zend_signal_globals) #endif STD_ZEND_INI_BOOLEAN("zend.exception_ignore_args", "0", ZEND_INI_ALL, OnUpdateBool, exception_ignore_args, zend_executor_globals, executor_globals) + STD_ZEND_INI_ENTRY("zend.exception_string_param_max_len", "15", ZEND_INI_ALL, OnSetExceptionStringParamMaxLen, exception_string_param_max_len, zend_executor_globals, executor_globals) ZEND_INI_END() ZEND_API size_t zend_vspprintf(char **pbuf, size_t max_len, const char *format, va_list ap) /* {{{ */ diff --git a/Zend/zend_exceptions.c b/Zend/zend_exceptions.c index be0eb1c33e..8c96bb6098 100644 --- a/Zend/zend_exceptions.c +++ b/Zend/zend_exceptions.c @@ -482,8 +482,8 @@ static void _build_trace_args(zval *arg, smart_str *str) /* {{{ */ break; case IS_STRING: smart_str_appendc(str, '\''); - smart_str_append_escaped(str, Z_STRVAL_P(arg), MIN(Z_STRLEN_P(arg), 15)); - if (Z_STRLEN_P(arg) > 15) { + smart_str_append_escaped(str, Z_STRVAL_P(arg), MIN(Z_STRLEN_P(arg), EG(exception_string_param_max_len))); + if (Z_STRLEN_P(arg) > EG(exception_string_param_max_len)) { smart_str_appends(str, "...', "); } else { smart_str_appends(str, "', "); diff --git a/Zend/zend_globals.h b/Zend/zend_globals.h index be17a44654..652e0ef1e1 100644 --- a/Zend/zend_globals.h +++ b/Zend/zend_globals.h @@ -241,6 +241,7 @@ struct _zend_executor_globals { HashTable weakrefs; zend_bool exception_ignore_args; + zend_long exception_string_param_max_len; zend_get_gc_buffer get_gc_buffer; diff --git a/main/main.c b/main/main.c index cc0e764561..4e7a4f4441 100644 --- a/main/main.c +++ b/main/main.c @@ -260,7 +260,6 @@ static PHP_INI_MH(OnSetSerializePrecision) } /* }}} */ - /* {{{ PHP_INI_MH */ static PHP_INI_MH(OnChangeMemoryLimit) { diff --git a/php.ini-development b/php.ini-development index 490b214d29..ba30258fd0 100644 --- a/php.ini-development +++ b/php.ini-development @@ -159,6 +159,11 @@ ; Development Value: Off ; Production Value: On +; zend.exception_string_param_max_len +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 + ;;;;;;;;;;;;;;;;;;;; ; php.ini Options ; ;;;;;;;;;;;;;;;;;;;; @@ -371,6 +376,14 @@ zend.enable_gc = On ; Production Value: On zend.exception_ignore_args = Off +; Allows setting the maximum string length in an argument of a stringified stack trace +; to a value between 0 and 1000000. +; This has no effect when zend.exception_ignore_args is enabled. +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 +zend.exception_string_param_max_len = 15 + ;;;;;;;;;;;;;;;;; ; Miscellaneous ; ;;;;;;;;;;;;;;;;; diff --git a/php.ini-production b/php.ini-production index c6e83d5f09..a2a22506a4 100644 --- a/php.ini-production +++ b/php.ini-production @@ -159,6 +159,11 @@ ; Development Value: Off ; Production Value: On +; zend.exception_string_param_max_len +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 + ;;;;;;;;;;;;;;;;;;;; ; php.ini Options ; ;;;;;;;;;;;;;;;;;;;; @@ -366,13 +371,23 @@ zend.enable_gc = On ;zend.script_encoding = ; Allows to include or exclude arguments from stack traces generated for exceptions -; In production, it is recommended to turn this setting on to prohibit the output +; In production, it is recommended to turn this setting on to prohibit the output ; of sensitive information in stack traces ; Default Value: Off ; Development Value: Off ; Production Value: On zend.exception_ignore_args = On +; Allows setting the maximum string length in an argument of a stringified stack trace +; to a value between 0 and 1000000. +; This has no effect when zend.exception_ignore_args is enabled. +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 +; In production, it is recommended to set this to 0 to reduce the output +; of sensitive information in stack traces. +zend.exception_string_param_max_len = 0 + ;;;;;;;;;;;;;;;;; ; Miscellaneous ; ;;;;;;;;;;;;;;;;; diff --git a/run-tests.php b/run-tests.php index 696e949974..092009b500 100755 --- a/run-tests.php +++ b/run-tests.php @@ -343,6 +343,7 @@ function main() 'opcache.jit_hot_side_exit=1', 'zend.assertions=1', 'zend.exception_ignore_args=0', + 'zend.exception_string_param_max_len=15', 'short_open_tag=0', ); |