[RFC] Make string length for getTraceAsString() configurable

Add a `zend.exception_string_param_max_len` ini setting.
(same suffix as `log_errors_max_len`)

Allow values between 0 and 1000000 bytes.
For example, with zend.exception_string_param_max_len=0,
"" would represent the empty string, and "..." would represent something
longer than the empty string.
Previously, this was hardcoded as exactly 15 bytes.

Discussion: https://externals.io/message/110717

Closes GH-5769

diff --git a/Zend/tests/exception_024.phpt b/Zend/tests/exception_024.phpt
new file mode 100644 (file)
index 0000000..67a2b87
--- /dev/null
+++ b/Zend/tests/exception_024.phpt
@@ -0,0 +1,19 @@
+--TEST--
+zend.exception_string_param_max_len ini setting
+--INI--
+zend.exception_string_param_max_len = 23
+--FILE--
+<?php
+
+function main($arg) {
+    throw new Exception();
+}
+main('123456789012345678901234567890');
+
+?>
+--EXPECTF--
+Fatal error: Uncaught Exception in %s:%d
+Stack trace:
+#0 %s(%d): main('12345678901234567890123...')
+#1 {main}
+  thrown in %s on line %d

diff --git a/Zend/tests/exception_025.phpt b/Zend/tests/exception_025.phpt
new file mode 100644 (file)
index 0000000..b81c540
--- /dev/null
+++ b/Zend/tests/exception_025.phpt
@@ -0,0 +1,41 @@
+--TEST--
+zend.exception_string_param_max_len ini setting
+--FILE--
+<?php
+
+function main($arg) {
+    echo (new Exception()), "\n";
+}
+var_dump(ini_set('zend.exception_string_param_max_len', '-1'));
+var_dump(ini_set('zend.exception_string_param_max_len', '1000001'));
+var_dump(ini_set('zend.exception_string_param_max_len', '1000000'));
+var_dump(ini_set('zend.exception_string_param_max_len', '20'));
+main('short');
+main('123456789012345678901234567890');
+var_dump(ini_set('zend.exception_string_param_max_len', '0'));
+main('short');
+main('');
+
+?>
+--EXPECTF--
+bool(false)
+bool(false)
+string(2) "15"
+string(7) "1000000"
+Exception in %s:%d
+Stack trace:
+#0 %s(10): main('short')
+#1 {main}
+Exception in %s:%d
+Stack trace:
+#0 %s(11): main('12345678901234567890...')
+#1 {main}
+string(2) "20"
+Exception in %s:%d
+Stack trace:
+#0 %s(13): main('...')
+#1 {main}
+Exception in %s:%d
+Stack trace:
+#0 %s(14): main('')
+#1 {main}

diff --git a/Zend/zend.c b/Zend/zend.c
index aef5a398b1b6e04b60efb00e7ad9bf7fcab3b133..4b001c522cca826a75a42cf9df4a716ebf15c9c6 100644 (file)
--- a/Zend/zend.c
+++ b/Zend/zend.c
@@ -160,6 +160,20 @@ static ZEND_INI_MH(OnUpdateAssertions) /* {{{ */
 }
 /* }}} */
 
+static ZEND_INI_MH(OnSetExceptionStringParamMaxLen) /* {{{ */
+{
+       zend_long i;
+
+       ZEND_ATOL(i, ZSTR_VAL(new_value));
+       if (i >= 0 && i <= 1000000) {
+               EG(exception_string_param_max_len) = i;
+               return SUCCESS;
+       } else {
+               return FAILURE;
+       }
+}
+/* }}} */
+
 #if ZEND_DEBUG
 # define SIGNAL_CHECK_DEFAULT "1"
 #else
@@ -177,6 +191,7 @@ ZEND_INI_BEGIN()
        STD_ZEND_INI_BOOLEAN("zend.signal_check", SIGNAL_CHECK_DEFAULT, ZEND_INI_SYSTEM, OnUpdateBool, check, zend_signal_globals_t, zend_signal_globals)
 #endif
        STD_ZEND_INI_BOOLEAN("zend.exception_ignore_args",      "0",    ZEND_INI_ALL,           OnUpdateBool, exception_ignore_args, zend_executor_globals, executor_globals)
+       STD_ZEND_INI_ENTRY("zend.exception_string_param_max_len",       "15",   ZEND_INI_ALL,   OnSetExceptionStringParamMaxLen,        exception_string_param_max_len,         zend_executor_globals,  executor_globals)
 ZEND_INI_END()
 
 ZEND_API size_t zend_vspprintf(char **pbuf, size_t max_len, const char *format, va_list ap) /* {{{ */

diff --git a/Zend/zend_exceptions.c b/Zend/zend_exceptions.c
index be0eb1c33eb8fe91210969377414e6ba17d852cd..8c96bb60981a30d5f696621840f5fcc692795094 100644 (file)
--- a/Zend/zend_exceptions.c
+++ b/Zend/zend_exceptions.c
@@ -482,8 +482,8 @@ static void _build_trace_args(zval *arg, smart_str *str) /* {{{ */
                        break;
                case IS_STRING:
                        smart_str_appendc(str, '\'');
-                       smart_str_append_escaped(str, Z_STRVAL_P(arg), MIN(Z_STRLEN_P(arg), 15));
-                       if (Z_STRLEN_P(arg) > 15) {
+                       smart_str_append_escaped(str, Z_STRVAL_P(arg), MIN(Z_STRLEN_P(arg), EG(exception_string_param_max_len)));
+                       if (Z_STRLEN_P(arg) > EG(exception_string_param_max_len)) {
                                smart_str_appends(str, "...', ");
                        } else {
                                smart_str_appends(str, "', ");

diff --git a/Zend/zend_globals.h b/Zend/zend_globals.h
index be17a446545ae15fa70a29bcbd97d0d1ba858d9d..652e0ef1e132973d61f47521e896f8c67cafbe38 100644 (file)
--- a/Zend/zend_globals.h
+++ b/Zend/zend_globals.h
@@ -241,6 +241,7 @@ struct _zend_executor_globals {
        HashTable weakrefs;
 
        zend_bool exception_ignore_args;
+       zend_long exception_string_param_max_len;
 
        zend_get_gc_buffer get_gc_buffer;
 

diff --git a/main/main.c b/main/main.c
index cc0e76456187107d2ecef94e6532a0cf4dca5d11..4e7a4f44414c111e2ae5289fe59743c309ba608d 100644 (file)
--- a/main/main.c
+++ b/main/main.c
@@ -260,7 +260,6 @@ static PHP_INI_MH(OnSetSerializePrecision)
 }
 /* }}} */
 
-
 /* {{{ PHP_INI_MH */
 static PHP_INI_MH(OnChangeMemoryLimit)
 {

diff --git a/php.ini-development b/php.ini-development
index 490b214d29de07c45a402ba4327853ae4b92c877..ba30258fd0e6adbf91642c3b5a3a44c97c874c34 100644 (file)
--- a/php.ini-development
+++ b/php.ini-development
@@ -159,6 +159,11 @@
 ;   Development Value: Off
 ;   Production Value: On
 
+; zend.exception_string_param_max_len
+;   Default Value: 15
+;   Development Value: 15
+;   Production Value: 0
+
 ;;;;;;;;;;;;;;;;;;;;
 ; php.ini Options  ;
 ;;;;;;;;;;;;;;;;;;;;
@@ -371,6 +376,14 @@ zend.enable_gc = On
 ; Production Value: On
 zend.exception_ignore_args = Off
 
+; Allows setting the maximum string length in an argument of a stringified stack trace
+; to a value between 0 and 1000000.
+; This has no effect when zend.exception_ignore_args is enabled.
+; Default Value: 15
+; Development Value: 15
+; Production Value: 0
+zend.exception_string_param_max_len = 15
+
 ;;;;;;;;;;;;;;;;;
 ; Miscellaneous ;
 ;;;;;;;;;;;;;;;;;

diff --git a/php.ini-production b/php.ini-production
index c6e83d5f09841388337119341d1e552383cedad8..a2a22506a404a91e29ccf7745e5878f8c0176a19 100644 (file)
--- a/php.ini-production
+++ b/php.ini-production
@@ -159,6 +159,11 @@
 ;   Development Value: Off
 ;   Production Value: On
 
+; zend.exception_string_param_max_len
+;   Default Value: 15
+;   Development Value: 15
+;   Production Value: 0
+
 ;;;;;;;;;;;;;;;;;;;;
 ; php.ini Options  ;
 ;;;;;;;;;;;;;;;;;;;;
@@ -366,13 +371,23 @@ zend.enable_gc = On
 ;zend.script_encoding =
 
 ; Allows to include or exclude arguments from stack traces generated for exceptions
-; In production, it is recommended to turn this setting on to prohibit the output 
+; In production, it is recommended to turn this setting on to prohibit the output
 ; of sensitive information in stack traces
 ; Default Value: Off
 ; Development Value: Off
 ; Production Value: On
 zend.exception_ignore_args = On
 
+; Allows setting the maximum string length in an argument of a stringified stack trace
+; to a value between 0 and 1000000.
+; This has no effect when zend.exception_ignore_args is enabled.
+; Default Value: 15
+; Development Value: 15
+; Production Value: 0
+; In production, it is recommended to set this to 0 to reduce the output
+; of sensitive information in stack traces.
+zend.exception_string_param_max_len = 0
+
 ;;;;;;;;;;;;;;;;;
 ; Miscellaneous ;
 ;;;;;;;;;;;;;;;;;

diff --git a/run-tests.php b/run-tests.php
index 696e949974e3e3863dc9d87349d0826764ec7325..092009b50011c5b44e04936352fda9db8e87a95e 100755 (executable)
--- a/run-tests.php
+++ b/run-tests.php
@@ -343,6 +343,7 @@ function main()
         'opcache.jit_hot_side_exit=1',
         'zend.assertions=1',
         'zend.exception_ignore_args=0',
+        'zend.exception_string_param_max_len=15',
         'short_open_tag=0',
     );