Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:130296 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by lists.php.net (Postfix) with ESMTPS id 9EEC81A00BC for ; Thu, 12 Mar 2026 15:59:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1773331171; bh=Yn8e1TX8pDSsRBTShycazEj2Qk3ybdI+IvYUmk4Ia1Q=; h=Subject:From:In-Reply-To:Date:Cc:References:To:From; b=ANaUCSUneyZ6vod0+1cLo3C/0+M344pfE6W+BgXm/T7PXiDjhYG7wewbQmqSwKaa1 u1uUU7BUYBM0zx5Dlb+TUHSKDfJZhz6p/x50L1tBN3ZyWWfj8/pN1gtMIWStH3QF42 V8nHYqkVLL6jP+A1gl5zFeLWlAGZ2U8/p+Bw/BZFR6kojiQ9maayq4zf2MOZD3dGVI e7tZ8qgEE5xc5B2Tbf6VM2wtm6KtKT+EWpJMU0O2LuUMPRzKvuYjUSPUwRYtbQKzxH cGFGYhwY1DceN7FGoMoug/5rXk7eczJSuctP4EwYQZiB3+/K/IMbJHia5UyjzI9IkH II+UJiCfgSQVQ== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 9994D180087 for ; Thu, 12 Mar 2026 15:59:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,DMARC_MISSING, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=4.0.1 X-Spam-Virus: No X-Envelope-From: Received: from supercat.cmpct.info (supercat.cmpct.info [71.19.146.230]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 12 Mar 2026 15:59:30 +0000 (UTC) Received: from smtpclient.apple (fctnnbsc38w-142-134-101-31.dhcp-dynamic.fibreop.nb.bellaliant.net [142.134.101.31]) by supercat.cmpct.info (Postfix) with ESMTPSA id 3AEEB42800; Thu, 12 Mar 2026 15:59:24 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Precedence: list list-help: list-unsubscribe: list-post: List-Id: x-ms-reactions: disallow Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3864.400.21\)) Subject: Re: [PHP-DEV] [RFC] Display Function Arguments in Errors In-Reply-To: Date: Thu, 12 Mar 2026 12:59:13 -0300 Cc: =?utf-8?Q?Tim_D=C3=BCsterhus?= , PHP internals Content-Transfer-Encoding: quoted-printable Message-ID: <3E4944F8-EDAF-4FBA-89DA-1B22DC39AD8F@cmpct.info> References: <939CFA28-A6FF-433F-85A0-B83345CEF4A6@cmpct.info> <6c498ed3-3cb0-47a5-a64e-4ad202eba141@bastelstu.be> To: Andrey Andreev X-Mailer: Apple Mail (2.3864.400.21) From: calvin@cmpct.info (Calvin Buckley) On Mar 11, 2026, at 7:06=E2=80=AFPM, Andrey Andreev = wrote: >=20 > Hi, >=20 > On Wed, Mar 11, 2026 at 8:38=E2=80=AFPM Tim D=C3=BCsterhus = wrote: > I believe there is almost never =E2=80=9CNo Impact=E2=80=9D to the = ecosystem. In fact=20 > the RFC partly acknowledges it in the =E2=80=9CBackward Incompatible = Changes=E2=80=9D=20 > section. Even if the corresponding sub-vote to default to 1 doesn't=20 > pass, code needs to be prepared for someone to set it to 1 themselves.=20= > This includes off-the-shelf software (such as WordPress, or Drupal, or=20= > whatever). >=20 > I have the following two suggestions (that follow pretty naturally, = but=20 > are nevertheless an impact that should be spelled out): >=20 > a) Custom error handlers (set_error_handlers()) need to be prepared = for=20 > the error message format to change. Even though we don't make any=20 > guarantees about error messages themselves, the existing format with=20= > =E2=80=9Cfunction name first=E2=80=9D is reasonably structured for = automated parsing=20 > (e.g. using a regular expression). This also includes error tracking=20= > tools that try to group error messages by function or similar. >=20 > b) System administrators have one more INI setting to deal with and = need=20 > to make a decision. Previous versions of the RFC template had an=20 > explicit =E2=80=9CINI setting=E2=80=9D section, but given it's so rare = we add new INI=20 > settings these days, it has been removed from the template. For the = few=20 > that still add one, properly discussing the consequences still is = valuable. >=20 > These are all excellent points. >=20 > I want to add one more side-effect that feels discounted: PII and = other sensitive data leaking through logs. Partly what the INI setting = is supposed to address, but IMO it only does so on paper. > I have dealt with that issue many times, and developers tend to either = not take it seriously or propose naive patchwork solutions such as = blacklisting patterns in already produced logs. Plus, there's an = inherent temptation to temporarily enable such settings for debugging = purposes, not realizing the act itself represents a data leak and it is = permanent. If this is a serious problem without args values being = present today, imagine the amplification effect from this addition. >=20 > With that being said, I also know the pain of having to deal with = borderline useless error messages. The proposal isn't without merit, but = I'd look for alternative approaches that don't create security = headaches. >=20 > Cheers, > Andrey. This is something I'm also concerned about, but I feel the cat is already out of the bag with backtraces in exceptions providing the same parameter information. PHP and the library ecosystem seem to be adopting the sensitive parameter attribute, so my hope is that applications also start adopting it.=