Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:103517 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 42770 invoked from network); 27 Nov 2018 19:02:55 -0000 Received: from unknown (HELO mail-io1-f51.google.com) (209.85.166.51) by pb1.pair.com with SMTP; 27 Nov 2018 19:02:55 -0000 Received: by mail-io1-f51.google.com with SMTP id g8so17263323iop.10 for ; Tue, 27 Nov 2018 07:26:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VjqULygH8hEZlIsPefU/UmGZ10YHIqr/orLIo8pm+mI=; b=VUA9eSpmkzn7XOfK1OWwEz3ABd5vedO8xJpJvBsH+/6l4ZiEpGnltLX/TMuKWFdJBR RjDpgpURkmTuwsfeoX91RXTnm+s5Wo19F2703y9J1qUkJ035AMTDYjQm2JTUSTyfYYru UfOWbIsm0K9lJ8U8dpHS5zT+56dEH/NbbVxoBoYp3J2e/OatRda/mAf7fdIKOtF13SAQ DxZVU1AieC/jD6rddLA9eNWErI/538DHmC735hiYEKuGcvBAvz+91ImaAaAhjSfnLb2U ZR7o4MNJA4dglUaNE4EpG+AtgNCQcX0Nbd7/l+e4M5FQgXFJeKiMalvZa4IWGMfKGP4O 5iXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VjqULygH8hEZlIsPefU/UmGZ10YHIqr/orLIo8pm+mI=; b=jXhxoGL+MXetKERmNnq3If9EJOLGCT5fd1Q9HxngZ9nBXR1YClec0qgnbV05EjPwkO GgsniPDIKIFWWOS3mu+0cI7Qjg0vvuzGyt4bTzq/pzHA2bYETHlaSXZbYtxKsHOxClf+ PBpqfe75r9qLqkPxN8u1AvaJRWNPSNsA3pRR+yLqBN502UK6bIXZ+U+XvykDY2ijL+cG tDmrUb2mbj4T0Hc8dhDdx3ryxz8v4rRe5QsoNBuS7zcxjqkNpd8yeBg1tHrGVwMWAe8f pxlWPc0Asai6SW+/SZep8h2cQhEtdoghVK5bVOQfQUWhBx8wQnvrMXMtzZ6d/n01vTKZ I2xA== X-Gm-Message-State: AA+aEWYDDV6kOzsQTmPbDa7JVMIwRfxW+OeuapQD/ikhqbkbfXvX6XV1 q4DLIg/f1UxwVSot2gzGp65dcduQjUG5b22XVFpZjtFG X-Google-Smtp-Source: AFSGD/WOUHmFKMueWbh9pJ3v3Jxyy/QlDX7fop4BVV7RGN9QZ/eEKWRI9hF25deRDDmZIPVJn24bLsQIlS9CtRwAlz8= X-Received: by 2002:a5e:8d13:: with SMTP id m19mr25059526ioj.258.1543332394824; Tue, 27 Nov 2018 07:26:34 -0800 (PST) MIME-Version: 1.0 References: <097b5f2f-4222-192d-01cc-19b4073f03ea@cubiclesoft.com> In-Reply-To: <097b5f2f-4222-192d-01cc-19b4073f03ea@cubiclesoft.com> Date: Tue, 27 Nov 2018 16:26:16 +0100 Message-ID: To: Thomas Hruska Cc: PHP internals Content-Type: multipart/alternative; boundary="00000000000029f780057ba71303" Subject: Re: [PHP-DEV] Don't silence fatal errors From: nikita.ppv@gmail.com (Nikita Popov) --00000000000029f780057ba71303 Content-Type: text/plain; charset="UTF-8" On Tue, Nov 27, 2018 at 2:20 PM Thomas Hruska wrote: > On 11/26/2018 2:42 PM, Nikita Popov wrote: > > Hi internals, > > > > When the silencing operator @ is used, the intention is generally to > > silence expected warnings or notices. However, it currently also silences > > fatal errors. As fatal errors also abort request execution, the result > will > > often be a hard to debug white screen of death. > > > > The most recent occurrence which motivated me to write this mail is > > https://bugs.php.net/bug.php?id=77205, but I've seen this play out > multiple > > times already. > > > > I would like to propose to change the behavior of @ to only silence > > warnings, notices and other low-level diagnostics, but leave fatal errors > > intake. In particular, the following should not be silenced: > > > > * E_ERROR > > * E_CORE_ERROR > > * E_COMPILE_ERROR > > * E_USER_ERROR > > * E_RECOVERABLE_ERROR > > * E_PARSE > > > > This change would have two main implications for backwards compatibility: > > > > 1. Code that legitimately wants to silence fatal errors for whatever > reason > > should now use error_reporting() (or ini_set()) to do so, instead of @. > > > > 2. Error handlers that want to only handle non-silenced errors may have > to > > be adjusted. A common pattern I found in our own tests if checks for > > error_reporting() != 0 to detect silencing. This should be changed to > > error_reporting() & $err_no to detect whether the specific error type is > > silenced. > > > > A preliminary patch for this change is available at > > https://github.com/php/php-src/pull/3685. > > > > What do you think about this? > > > > Nikita > > Instead of a blank screen (or early termination if some output has been > sent), maybe emit, "[GMT date/time] A fatal error occurred. Check the > error logs." The only bug I see here is that fatal errors are being > suppressed from reaching the log files. But they should still be > suppressed from the browser/client if the INI settings are configured to > send messages to the logs. > > WSODs should have been fixed a long time ago to emit a simple, generic > message to check the logs (i.e. no more WSODs). The average WSOD is > usually accompanied with a HTTP 500 response but having to look at > network tools tab to see the 500 is an extra step. A surprising number > of developers I encounter don't know what a HTTP 500 means nor what to > do when they encounter one. Therefore, helpful but very generic > directions would be useful and save a few moments of head-scratching. I think you are mixing two orthogonal degrees of error configurability here, which are a) The error_reporting level, which determines which errors are reported in the first place, and which is what @ influences, and b) The display_error, error_log etc. directives, which control what happens when an error is reported. The proposed change does not impact b) in any way. If you have display_errors=Off and use error_log (as you should in production), you use @ and a fatal error occurs, then (with the proposed change) no error will be displayed, but it *will* be logged. If you have display_errors=On and don't use error_log (as is common in development), you use @ and a fatal error occurs, then (with the proposed change) the error will be directly displayed. Without the proposed change, in both cases, you would not get an error, either logged or displayed. Nikita --00000000000029f780057ba71303--