Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94369 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 16410 invoked from network); 4 Jul 2016 09:30:18 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 4 Jul 2016 09:30:18 -0000 Authentication-Results: pb1.pair.com smtp.mail=rowan.collins@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=rowan.collins@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.50 as permitted sender) X-PHP-List-Original-Sender: rowan.collins@gmail.com X-Host-Fingerprint: 74.125.82.50 mail-wm0-f50.google.com Received: from [74.125.82.50] ([74.125.82.50:36212] helo=mail-wm0-f50.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 2A/60-10431-8AC2A775 for ; Mon, 04 Jul 2016 05:30:17 -0400 Received: by mail-wm0-f50.google.com with SMTP id f126so96006482wma.1 for ; Mon, 04 Jul 2016 02:30:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=+/cN8dVUgg+k1JVoblyaiuQVyjq/yX6oFblDH1hVHOc=; b=SVuRVdQP6CBcUWozAqb0TLrGcH2THe6RVl8v1mTf5eykkYPVtm+KYoFWRnJA+GUdg4 QM+J5Uanb1y8gmfL3x0v1pB5JxTZL1Vpnu69JTkAgFxnAYjQG1tnIAHLgKiokq3RoLVO nZA3DxtUveIjSn2X/9bb2v7MyZAV3YqbIrHiE+wJJ7oI5PeT7Yogo8aRNNXYIOb35IE7 hD0DmQE/To6VB8tPOgtFJEjYCdCNgsbtV0RjcmAPYYU20RHbXwXPK7V5+4cxcSfeh6oU UuVxa17iAgi6EnvGsyEYusYPtPaDAS9+4G+vHjQlDsWurxAeTKoWub3iehJlT/jn6VNn w1hg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=+/cN8dVUgg+k1JVoblyaiuQVyjq/yX6oFblDH1hVHOc=; b=BjVwqeb+CnRodXCRaupRt801MR+oQtNCPvobX205cWbgqgNUQ3lzAfh0Os5KKmfroz F2TGLE6pIOMpQESdzEYqwsbvn7HAz756Neli1gXT4jBXBa6ZU4XBRBvDcwd7mhPId1Cs 5eU0s0IyiXfmJXj9rUk2gGVVDRdilvcI5Kqqxb2UXTDx5xR97QTpstHLadx5heoSxJBT dk4GvFNAUcbMx6WNG5Iso6+52DUf1g70SVlp9lCfDS3Q6x+NcotED5+6mAu7z4xD8xHs li0aJxemkGNjqIsehIcoUttQGYUQLiOAMEFnuXI1ef0eOny7teaPn7/CkjXCoKlb487a uOTw== X-Gm-Message-State: ALyK8tKVBrVQQgnyUDcP7xuEUKywIGatJ/pufWjWHPK9M1yQAhtBHwcdprjCoKa9LgxmBg== X-Received: by 10.28.46.22 with SMTP id u22mr9253627wmu.85.1467624614229; Mon, 04 Jul 2016 02:30:14 -0700 (PDT) Received: from [192.168.0.98] ([93.188.182.58]) by smtp.gmail.com with ESMTPSA id t3sm720977wmf.6.2016.07.04.02.30.13 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 04 Jul 2016 02:30:13 -0700 (PDT) To: internals@lists.php.net References: <9f8e01d1d2ea$e728dc50$b57a94f0$@vaultwiki.org> Message-ID: <777adc23-e376-fd5f-b7de-935fc5670756@gmail.com> Date: Mon, 4 Jul 2016 10:28:08 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.1 MIME-Version: 1.0 In-Reply-To: <9f8e01d1d2ea$e728dc50$b57a94f0$@vaultwiki.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Request: Prevention of FPD in Fatal/Parse/Other Errors From: rowan.collins@gmail.com (Rowan Collins) Hi Ted, On 30/06/2016 17:17, Ted Phillips wrote: > - Include a new ini directive for fpd_prevention, defaulting to On or a string for replacement, like the ever-popular [path] [...] > - Automatically register the containing path of PHP_SELF at initialization. This will deal will fatal errors occurring before the application can specify its paths, such as when max_input_vars is exceeded by a crafted request. Could you give some concrete examples of what an error message would look like before and after this change? I'm trying to understand what the tradeoff might be for users trying to track down where an error has occurred. Regards, -- Rowan Collins [IMSoP]