Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:127094 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by qa.php.net (Postfix) with ESMTPS id 1DC0B1A00C1 for ; Fri, 11 Apr 2025 03:16:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1744341231; bh=GxHThBBejpSJP6QzsBQkN7v7wYf9dlnNbyN4EoyJpw0=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=PwrfjfQBeGT6lIi/5sVTjtJEZzbHIqMmj+RM3MPFuPXgl6gAxBVBLFFtS78LZwcSx qUU4hXjUjiFrmPg7M2h2eReqgyizrSLrWUJQ3rYLxfsdSL+9ECtQzdeIUqeY8Ri+cd pv3U7hT/zOhplQCacNUJ2xMML915CNfVutCIsgi+LbBzr70zSXN6+J1gW7MLp74ncR UBKprQmy1HV83gg5klw0aj1+cL1UHpmm1pLD77rlPbGnzCJZmkX6E2FZtOFcWq3YAy rvWPtIzzRi25w1n4lkxImPANmzpGZ/B76nmSCRFEEFHo4uEvncC6VOZRjxrDyD04Cg SWIUR+SGckEnw== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id BF3271801E8 for ; Fri, 11 Apr 2025 03:13:48 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.7 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_INVALID,DKIM_SIGNED,DMARC_MISSING,SPF_HELO_NONE,SPF_NONE autolearn=no autolearn_force=no version=4.0.0 X-Spam-Virus: No X-Envelope-From: Received: from sender-of-o51.zoho.com.au (sender-of-o51.zoho.com.au [103.138.129.13]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Fri, 11 Apr 2025 03:13:36 +0000 (UTC) ARC-Seal: i=1; a=rsa-sha256; t=1744341356; cv=none; d=zohomail.com.au; s=zohoarc; b=g92w6S8h8JtZdehbrm7VDveS7GQtRhMlyqeXEGA4FYyW6fuUALobTIcagjsnetQgK6KB1wlMlMDmQ9QbVF1j1v42/XMsbJNeXBp4PmjoplhatZCyIg5NETB0dDXQwI+Yw1nc8kwMK7EO2ZtAVaFkhgLCz3lrElR2BjFUZ/6d5F4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com.au; s=zohoarc; t=1744341356; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=GxHThBBejpSJP6QzsBQkN7v7wYf9dlnNbyN4EoyJpw0=; b=BLaIMHvv/ZWuDWawJc0iHDfBh9Y/V7UXrPP+T0FxVA2yD6oDVk0shkV4wdgO1/6oKC7rp9YtKN+sHbfJh+34KQFRp2huu3WAMRah1B+Jjwl7jCUma0MrArh5RL1RmjrmPvs985p6zzof535ifHclNdFOqTsTA09wNzS5rtrBKPM= ARC-Authentication-Results: i=1; mx.zohomail.com.au; dkim=pass header.i=nicols.co.uk; spf=pass smtp.mailfrom=andrew@nicols.co.uk; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1744341356; s=zmail; d=nicols.co.uk; i=andrew@nicols.co.uk; h=MIME-Version:References:In-Reply-To:From:From:Date:Date:Message-ID:Subject:Subject:To:To:Cc:Cc:Content-Type:Content-Transfer-Encoding:Message-Id:Reply-To; bh=GxHThBBejpSJP6QzsBQkN7v7wYf9dlnNbyN4EoyJpw0=; b=HLTpLVd7bopc94247BURTKZCLfVHsQpAh9lg51O2he774Nbtw+Nisbj6J5hz3xvx 3cqH9i6ETDPe52Jlbhsb8sp8CvbfMtCNgjwSBaXYRbWVv1aOKMlnZ8D18sODWkCkaDZ pu1w33WjMU76C5LocgcvBuwQiDc33D6GNhExfbkU= Received: by mx.zoho.com.au with SMTPS id 1744341353550708.3821424064209; Fri, 11 Apr 2025 13:15:53 +1000 (AEST) Received: by mail-ej1-f54.google.com with SMTP id a640c23a62f3a-aaee2c5ee6eso238065866b.1 for ; Thu, 10 Apr 2025 20:15:52 -0700 (PDT) X-Gm-Message-State: AOJu0YyazGLN2tQBhW0C+jLzhy6fB3y+NVG/PgzbdtMw9t5fWalbPHto 3c/JZdIh/g5u78/0+OH8VmXAracnYYSKYfdBMFOgH9e+Fr0zTfhqz1Pihfg0acwJsq+uRBKHGpL n15l9/n8h8+bBdTtzGPQz78fx+Eg= X-Google-Smtp-Source: AGHT+IESWSOFN2S4EcJN6P4yoXnkurF0R34EBpJlzoH1ByIdxdJJXrnmQIbrZmRwmBWSdhapLmRIBlNJzHGWxhGvkuw= X-Received: by 2002:a17:907:3f11:b0:ac2:7a6d:c927 with SMTP id a640c23a62f3a-acad36c7212mr61639566b.50.1744341350742; Thu, 10 Apr 2025 20:15:50 -0700 (PDT) Precedence: bulk list-help: list-post: List-Id: internals.lists.php.net x-ms-reactions: disallow MIME-Version: 1.0 References: <2e02e8bd16ccd8f326a014fa3812da43@bastelstu.be> In-Reply-To: Date: Fri, 11 Apr 2025 11:15:39 +0800 X-Gmail-Original-Message-ID: X-Gm-Features: ATxdqUGBrInuEoIYoi5fE_QKr_nH6d5WLzpueLDPlTZOrle8AHWkpv_up4ZHSLE Message-ID: Subject: Re: [PHP-DEV] [RFC] [Discussion] Change default for zend.exception_ignore_args INI setting To: Kamil Tekiela Cc: php internals Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External From: andrew@nicols.co.uk (Andrew Lyons) > I can't find any information on why this setting was introduced. No, I couldn't find anything either. I did try to investigate and all I could find was that it was introduced by Joe Watkins in 0819e6dc9b4788e5d44b64f8e606a56c969a1588 in 2019 but I haven't been able to find any history of RFC or discussion about it. > I guess that it was either to protect sensitive information or to reduce > verbosity in the logs, but either one seems like a poor reason for > this setting to exist. The INI comment seems to suggest that it was > introduced to protect sensitive information, but that doesn't make > sense to me since exceptions aren't revealed to the end user. In an ideal world they are never revealed to the end user, but real-world solutions fall short. It's not uncommon for people to have display_errors enabled for some reason or another. It is also possible for sites to be misconfigured, or for applications to make mistakes and accidentally dump stack traces without realising that they may contain arguments. Not all applications make use of an error handling framework, and people may enable display_errors without understanding the ramifications. Ultimately developers and administrators are all human (for now). We can, and do, make mistakes. PHP is already capable of preventing information leakage from such mistakes, but it is currently not the default configuration. Let's make it the default. This does not stop people who have actively configured stack trace arguments from having access to those args. > And while verbose, arguments in stack traces are useful. On top of that, > it seems to me like this is already covered by > exception_string_param_max_len. If you set the length to 0, isn't it > the same as setting exception_ignore_args to On? Or does that mean > that no truncation is applied? Completely off the top of my head, it is probably still worth having both. A configurable max length isn=E2=80=99t the same as a simple on/off toggle that can be flipped directly in code. The max length was actually introduced later by Tyson Andre in 07db64156e180c30daa5ab5d41ed72f9bba77e6d in 2020 and discussed here: https://externals.io/message/110717 From the look of the commit it _only_ applies to the `getTraceAsString()` method, and not `getTrace()`. It was intended to allow more information to be dumped than the previously hard-coded 15 bytes. Even setting it to 0 doesn=E2=80=99t consistently remove args =E2=80=94 e.g= ., getTrace() still includes them, so merging these two is not really a clear or easy solution. > I suppose if this INI setting must exist, then it should be set to Off in= both development and production environments. Can you elaborate? Setting it Off by default increases the risk of accidental information leakage when apps aren=E2=80=99t correctly configure= d. That's great for developers, but for production sites that's not a good idea. There is no way to guarantee that every PHP application is a perfect, well-configured, system which uses the latest frameworks. Many of us are dealing with massive legacy codebases. Where a framework correctly configures error handling, and determines that it needs the arguments as part of that, it is surely able to also call `ini_set('zend.exception_ignore_args', 0)` at the same time as it configures that error handler. > The max length should probably be increased, too. I would also appreciate= it if it gets > clarified in the documentation why the two settings exist and what the > difference between them is. And I wouldn't object to removing > exception_ignore_args if it's a redundant setting. I agree it would be good to clarify this, but I don't think that either should be removed. Reading the Internals discussion for the length makes it a little clearer as to why it exists and why they're separate. I'd suggest that this can be done via PR process without need for an RFC. In any case, I would strongly object to removing `exception_ignore_args`. It is not a redundant setting and it is critical to many in production. > P.S. The RFC mentions execution_ignore_args too, but I assume that's a ty= po. Thanks - I'll fix that. On Fri, 11 Apr 2025 at 04:04, Kamil Tekiela wrote: > > I can't find any information on why this setting was introduced. I > guess that it was either to protect sensitive information or to reduce > verbosity in the logs, but either one seems like a poor reason for > this setting to exist. The INI comment seems to suggest that it was > introduced to protect sensitive information, but that doesn't make > sense to me since exceptions aren't revealed to the end user. And > while verbose, arguments in stack traces are useful. On top of that, > it seems to me like this is already covered by > exception_string_param_max_len. If you set the length to 0, isn't it > the same as setting exception_ignore_args to On? Or does that mean > that no truncation is applied? > > I suppose if this INI setting must exist, then it should be set to Off > in both development and production environments. The max length should > probably be increased, too. I would also appreciate it if it gets > clarified in the documentation why the two settings exist and what the > difference between them is. And I wouldn't object to removing > exception_ignore_args if it's a redundant setting. > > P.S. The RFC mentions execution_ignore_args too, but I assume that's a ty= po.