Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:110749
Return-Path: <tysonandre775@hotmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 80233 invoked from network); 27 Jun 2020 20:04:05 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 27 Jun 2020 20:04:05 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 20D9D1804C8
	for <internals@lists.php.net>; Sat, 27 Jun 2020 11:52:20 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,
	FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS8075 40.80.0.0/12
X-Spam-Virus: No
X-Envelope-From: <tysonandre775@hotmail.com>
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-oln040092005085.outbound.protection.outlook.com [40.92.5.85])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sat, 27 Jun 2020 11:52:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=bIRA1MKT4XxwMUrFXFrOIyCkO3KEC5gwheaKE2MSmsDgATcQLhI+WM+0UoH3FAd4h9+Ax5OWAT9K8+VwOgTLKRRRwdJkuhN4r40HR67zJxM24niqGvzZNRNgXV5a/WMy9yXSrEsvyxpAC6CuzzoF0YuyoYivkA9ER95oVjR52+SdCHOyYeLINe02RlHAu+J15l7JxB+8a5YrKJff+i3Eod04hY2X+qzwFzyeqbWbdMX3n7x1AlNSHQEJCBqhmUDa2JWsXP2UkqUDaGCxX3jfa/a7l5QVEDzvlJ3jqKA7quMRcdiobcJpE1ASeqvHSwoSgkj0EC9kYrKvaTlOZQ/N+g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Qm7+3/U7qw1LNAx6SSwMeVHrMJ8/ru1UgpQVcrZz7+c=;
 b=ls06HsVLHYrPiA/LSGSZ9rLJjplWScb0OF+F4vx9CpJkvFRKLH0fRvehAFk4DOwe+8Cz+GcVZIElGMHbGnXmHjrjESgjM1Zl7G5Q8GVcqKHKI6OAzGYEfEWYAOcb7DlT0hxchyYPz2fnkMREDaxdou1gRS83vm/wY+WXlOhbxbcEpIZaIly9Wikka5ZB5AnY3O7J0r74eOZMhxWWs1ZMXh6IbWXtF7cf4Y9Yag4JOaD06U8Ra9ZyKW8U3bc/zV6aXnAPt+LiVp/GrCIW/usuzDvYJghkNegWSgkInVSRdhuXzZ3P3BATarGijWfc0/MEkR6ht7ggXVXRq4CfZDXWQA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Qm7+3/U7qw1LNAx6SSwMeVHrMJ8/ru1UgpQVcrZz7+c=;
 b=qzCzX/GfG1DWZcSRMJT0DlO18k4YS/OReuUsnc+Qzktiz635DZdFX30RHlaoDIcg38ye+tm4JHd4ulQTfPT6YnHZxUnmr/2OxCCPLcfjxgUy6LlPRmJTdiiRH3gKQ42kNo1p3XlKFpragP2cvmWdlMhVu17vom8iegU1OP6Wp+fY/pg0+T40hcoNTEmUfqkEEQp0SA7jVEt5kPSxrGxNOtwm7r8URX2/a5M93WsWExVGJ8jPJ2+ElyAUxdhj98SDNd6hTnzvX+mEJIDa09oBrHDZz4EevM9lyc0lXq0m5TVXTDKpprYnaUs2BiektrupW811W5Lnik13mh2eo0IhSg==
Received: from BL2NAM02FT032.eop-nam02.prod.protection.outlook.com
 (10.152.76.57) by BL2NAM02HT060.eop-nam02.prod.protection.outlook.com
 (10.152.76.207) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.20; Sat, 27 Jun
 2020 18:52:17 +0000
Received: from DM6PR07MB6618.namprd07.prod.outlook.com
 (2a01:111:e400:7e46::4d) by BL2NAM02FT032.mail.protection.outlook.com
 (2a01:111:e400:7e46::425) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.20 via Frontend
 Transport; Sat, 27 Jun 2020 18:52:17 +0000
Received: from DM6PR07MB6618.namprd07.prod.outlook.com
 ([fe80::f0c8:f413:c7c1:e934]) by DM6PR07MB6618.namprd07.prod.outlook.com
 ([fe80::f0c8:f413:c7c1:e934%4]) with mapi id 15.20.3131.026; Sat, 27 Jun 2020
 18:52:17 +0000
To: Dan Ackroyd <Danack@basereality.com>
CC: Internals <internals@lists.php.net>
Thread-Topic: [PHP-DEV] [RFC] throwable_string_param_max_len: Configurable
 string length in getTraceAsString()
Thread-Index: AQHWTJP20y5MXeHBqkCn3pDlPjOL5qjsoo0AgAAp0hM=
Date: Sat, 27 Jun 2020 18:52:17 +0000
Message-ID:
 <DM6PR07MB6618EF7CA0C4BB13E0193F63F9900@DM6PR07MB6618.namprd07.prod.outlook.com>
References:
 <DM6PR07MB66184FC97EA43BFA561A4313F9900@DM6PR07MB6618.namprd07.prod.outlook.com>,<CA+kxMuTo0ixQ20DCwhadznPFVMWncEV1oDEfmTqyAR7v9z1urg@mail.gmail.com>
In-Reply-To:
 <CA+kxMuTo0ixQ20DCwhadznPFVMWncEV1oDEfmTqyAR7v9z1urg@mail.gmail.com>
Accept-Language: en-CA, en-US
Content-Language: en-CA
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker:
 OriginalChecksum:1F1BBD0E3F83DAC83A684BA883FB0568E64EBF2AA70EE9A8B28369C3115C7A68;UpperCasedChecksum:C6DEE6ED49D5F92A284A741D76A63A31F65C8A133CD636E361369945D587722C;SizeAsReceived:7253;Count:45
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [j0I1ATCIQmqKZXPaKPcu4Ve+Gp0IOebSvH0mwsHov/xsVChoXqdGtZL4RlOVIXJ3]
x-ms-publictraffictype: Email
x-incomingheadercount: 45
x-eopattributedmessage: 0
x-ms-office365-filtering-correlation-id: 8d2c9446-1ee9-4a7c-ce48-08d81acb36bb
x-ms-traffictypediagnostic: BL2NAM02HT060:
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info:
 PZKk45WAp4kLOOHZ2+v74wyR47mNBoM6vp2s0UBr9mF341k1v+RuhPmB0JRH2Dn9pGsPxTyNPwKDQ5tmNiUbl5HoWDPD0xPvgA9+vkaSOAB9tDqT87AZSo4gkLEmW3rZ89sI0ArcWYCjuDOtLJ5HDtrI7/Da9sPgYTGoXo+gNupzrMGOvB4VZbPypsKOzW0i2+UAb3Uxr1xAAiG4KDWGhxIzykOZ8CSS3g8dqoF4QIRUJgVaRNK3ZEGYoQQHDu9k
x-forefront-antispam-report:
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:0;SRV:;IPV:NLI;SFV:NSPM;H:DM6PR07MB6618.namprd07.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:;DIR:OUT;SFP:1901;
x-ms-exchange-antispam-messagedata:
 8pk9//eeMPGWSutvfEBr7InfMo8l76bLz5qWOAVSb+4JAIrXnotv/WdEbGvPpQ+OfSB2WhbC9EwLQVnGH01kl682Lyr7qYLXLISJ8gVtQxby1J/RtNA24HIcYv+CrBt0FhNRc499Wbb3Ae2UNhQKY2pvBEA+pfLdfj0kj6SnduUQoDOmKnhCnsYwCZdp5RDmrKx4MLcflH3nGfiR36wGnw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: hotmail.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-AuthSource: BL2NAM02FT032.eop-nam02.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 8d2c9446-1ee9-4a7c-ce48-08d81acb36bb
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Jun 2020 18:52:17.1486
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL2NAM02HT060
Subject: Re: [PHP-DEV] [RFC] throwable_string_param_max_len: Configurable
 string length in getTraceAsString()
From: tysonandre775@hotmail.com (tyson andre)

Hi Dan Ack,=0A=
=0A=
> Also, I didn't understand why there was a problem with formatting=0A=
> traces in userland. I saw a link to some code, but no clear=0A=
> description of what the problem was.=0A=
=0A=
I expanded the description of how `getTraceAsString()` might be improperly =
used in existing code and moved it to=0A=
https://wiki.php.net/rfc/throwable_string_param_max_len#impact_of_raising_s=
tring_param_length_limit=0A=
(and how the code would already be unsafe, but raising the limit may make t=
he impact of unsafe code like that worse)=0A=
=0A=
(e.g. if the code or dependency may `echo $exception` if it was written by =
an author unaware of potential https://en.wikipedia.org/wiki/Cross-site_scr=
ipting or sensitive data exposure)=0A=
=0A=
This is mostly included to explain why I don't propose raising the defaults=
 in the RFC=0A=
=0A=
- Tyson=