simple ignore arguments in exceptions implementation

author Joe Watkins <krakjoe@php.net>

Mon, 17 Jun 2019 18:51:52 +0000 (20:51 +0200)

committer Joe Watkins <krakjoe@php.net>

Tue, 2 Jul 2019 11:18:39 +0000 (13:18 +0200)
author Joe Watkins <krakjoe@php.net>
Mon, 17 Jun 2019 18:51:52 +0000 (20:51 +0200)
committer Joe Watkins <krakjoe@php.net>
Tue, 2 Jul 2019 11:18:39 +0000 (13:18 +0200)
diff --git a/UPGRADING b/UPGRADING

index 3fd2caa0f67500cf95914f6cfdcbe96f317420bf..900c0694ec31ebb7cf16690986d5df59175ac3c3 100644 (file)
--- a/UPGRADING
+++ b/UPGRADING
@@ -661,6 +661,10 @@ The following extensions and SAPIs are affected:
  14. Other Changes
  ========================================
  
+- Core:
+  . Add zend.exception_ignore_args to force the omission of arguments from
+    stack traces collected for exceptions.
+
  ========================================
  15. Performance Improvements
  ========================================
diff --git a/Zend/tests/exception_ignore_args.phpt b/Zend/tests/exception_ignore_args.phpt

new file mode 100644 (file)

index 0000000..6dcb872
--- /dev/null
+++ b/Zend/tests/exception_ignore_args.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Exceptions ignoring arguments
+--FILE--
+<?php
+$function = function(string $user, string $pass) {
+    throw new Exception();
+};
+
+ini_set("zend.exception_ignore_args", 1);
+
+$function("secrets", "arewrong");
+?>
+--EXPECTF--
+Fatal error: Uncaught Exception in %sexception_ignore_args.php:3
+Stack trace:
+#0 %sexception_ignore_args.php(8): {closure}()
+#1 {main}
+  thrown in %sexception_ignore_args.php on line 3
diff --git a/Zend/zend.c b/Zend/zend.c

index 080a75a3c419b905c91ac128359890ac3198d12e..c3a99d2df87842f9b604063b5c34d295cc74804a 100644 (file)
--- a/Zend/zend.c
+++ b/Zend/zend.c
@@ -174,6 +174,7 @@ ZEND_INI_BEGIN()
  #ifdef ZEND_SIGNALS
         STD_ZEND_INI_BOOLEAN("zend.signal_check", "0", ZEND_INI_SYSTEM, OnUpdateBool, check, zend_signal_globals_t, zend_signal_globals)
  #endif
+       STD_ZEND_INI_BOOLEAN("zend.exception_ignore_args",      "0",    ZEND_INI_ALL,           OnUpdateBool, exception_ignore_args, zend_executor_globals, executor_globals)
  ZEND_INI_END()
  
  ZEND_API size_t zend_vspprintf(char **pbuf, size_t max_len, const char *format, va_list ap) /* {{{ */
diff --git a/Zend/zend_exceptions.c b/Zend/zend_exceptions.c

index e53ea1f1c7632d48dc9ec0eee1dbff355d346527..ecd946a06ec0549086001ddf22b595bd7e3a83ab 100644 (file)
--- a/Zend/zend_exceptions.c
+++ b/Zend/zend_exceptions.c
@@ -212,7 +212,9 @@ static zend_object *zend_default_exception_new_ex(zend_class_entry *class_type,
         object_properties_init(object, class_type);
  
         if (EG(current_execute_data)) {
-               zend_fetch_debug_backtrace(&trace, skip_top_traces, 0, 0);
+               zend_fetch_debug_backtrace(&trace,
+                       skip_top_traces,
+                       EG(exception_ignore_args) ? DEBUG_BACKTRACE_IGNORE_ARGS : 0, 0);
         } else {
                 array_init(&trace);
         }
diff --git a/Zend/zend_globals.h b/Zend/zend_globals.h

index a64e4beac2a70a7a5a938e127f93400650265584..1d427fe4788426cceed4d2dbdce16adba92dc02c 100644 (file)
--- a/Zend/zend_globals.h
+++ b/Zend/zend_globals.h
@@ -236,6 +236,8 @@ struct _zend_executor_globals {
  
         HashTable weakrefs;
  
+       zend_bool exception_ignore_args;
+
         void *reserved[ZEND_MAX_RESERVED_RESOURCES];
  };
  
diff --git a/php.ini-development b/php.ini-development

index c78921980ea23b67e12e3428558e533ce0bbfab8..eb30bd389eb8c6ef51261ecdcc404c1dc2306947 100644 (file)
--- a/php.ini-development
+++ b/php.ini-development
@@ -354,6 +354,10 @@ zend.enable_gc = On
  ; Default: ""
  ;zend.script_encoding =
  
+; Allows to include or exclude arguments from stack traces generated for exceptions
+; Default: Off
+zend.exception_ignore_args = Off
+
  ;;;;;;;;;;;;;;;;;
  ; Miscellaneous ;
  ;;;;;;;;;;;;;;;;;
@@ -1579,6 +1583,8 @@ zend.assertions = 1
  ; http://php.net/assert.quiet-eval
  ;assert.quiet_eval = 0
  
+
+
  [COM]
  ; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs
  ; http://php.net/com.typelib-file
diff --git a/php.ini-production b/php.ini-production

index e3f061e3fbae69b52d3008102290a9b8f62687f4..229846698d3c82b9e0d381601e03c44327530e1f 100644 (file)
--- a/php.ini-production
+++ b/php.ini-production
@@ -359,6 +359,12 @@ zend.enable_gc = On
  ; Default: ""
  ;zend.script_encoding =
  
+; Allows to include or exclude arguments from stack traces generated for exceptions
+; Default: Off
+; In production, it is recommended to turn this setting on to prohibit the output 
+; of sensitive information in stack traces
+zend.exception_ignore_args = On
+
  ;;;;;;;;;;;;;;;;;
  ; Miscellaneous ;
  ;;;;;;;;;;;;;;;;;
author	Joe Watkins <krakjoe@php.net>
	Mon, 17 Jun 2019 18:51:52 +0000 (20:51 +0200)
committer	Joe Watkins <krakjoe@php.net>
	Tue, 2 Jul 2019 11:18:39 +0000 (13:18 +0200)
UPGRADING		patch \| blob \| history
Zend/tests/exception_ignore_args.phpt	[new file with mode: 0644]	patch \| blob
Zend/zend.c		patch \| blob \| history
Zend/zend_exceptions.c		patch \| blob \| history
Zend/zend_globals.h		patch \| blob \| history
php.ini-development		patch \| blob \| history
php.ini-production		patch \| blob \| history