rfc:throwable_string_param_max_len
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
rfc:throwable_string_param_max_len [2020/06/27 14:30] – created tandre | rfc:throwable_string_param_max_len [2020/07/25 14:00] (current) – tandre | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== PHP RFC: throwable_string_param_max_len: Configurable string length in getTraceAsString ====== | + | ====== PHP RFC: zend.exception_string_param_max_len: Configurable string length in getTraceAsString() ====== |
- | * Version: 0.1 | + | * Version: 0.5 |
* Date: 2020-06-27 | * Date: 2020-06-27 | ||
* Author: Tyson Andre, tandre@php.net | * Author: Tyson Andre, tandre@php.net | ||
- | * Status: | + | * Status: |
* First Published at: https:// | * First Published at: https:// | ||
* Implementation: | * Implementation: | ||
Line 9: | Line 9: | ||
===== Introduction ===== | ===== Introduction ===== | ||
- | Since 2003, '' | + | Since 2003, '' |
+ | |||
+ | While 15 bytes may be a reasonable default for many use cases (e.g. allowing packing more stack frames on a screen or within a byte limit), it would be useful to be able to raise that default. | ||
+ | |||
+ | This hardcoded limit affects various places where exceptions and errors are converted to strings, such as: | ||
+ | |||
+ | - '' | ||
+ | - '' | ||
+ | - Uncaught Throwables that crashed an application. | ||
+ | |||
+ | Note that PHP 7.4 introduced the setting '' | ||
+ | |||
+ | * Being able to set the minimum value to '' | ||
+ | * The name of '' | ||
===== Proposal ===== | ===== Proposal ===== | ||
- | Add a new ini setting '' | + | Add a new ini setting '' |
+ | |||
+ | A maximum value is enforced to make it harder to accidentally run out of memory or disk space (e.g. if long strings occur multiple times in a stack trace). '' | ||
===== Backward Incompatible Changes ===== | ===== Backward Incompatible Changes ===== | ||
Line 26: | Line 41: | ||
If the ini setting is not changed, there will be no impact. | If the ini setting is not changed, there will be no impact. | ||
- | If the user decides to raise the string length limit, then stack traces will contain longer representations of string params. This may result in more data being logged when '' | + | If the user decides to raise the string length limit, then stack traces will contain longer representations of string params. This may result in more data being logged when '' |
==== php.ini Defaults ==== | ==== php.ini Defaults ==== | ||
- | | + | To keep backwards compatibility for reasons such as [[throwable_string_param_max_len# |
- | * php.ini-development | + | |
- | * php.ini-production | + | |
+ | * php.ini-development | ||
+ | * php.ini-production | ||
===== Open Issues ===== | ===== Open Issues ===== | ||
Line 39: | Line 56: | ||
===== Unaffected PHP Functionality ===== | ===== Unaffected PHP Functionality ===== | ||
- | '' | + | Other ways to inspect stack traces such as '' |
===== Future Scope ===== | ===== Future Scope ===== | ||
- | |||
- | ==== Decrease the minimum value ==== | ||
- | |||
- | Future RFCs may suggest allowing '' | ||
==== Raise the default value ==== | ==== Raise the default value ==== | ||
Line 51: | Line 64: | ||
Since 2003, disk space, screen sizes, etc. have increased significantly. However, stack traces have probably also gotten longer in some frameworks, and the maximum syslog length may be limited to only a few thousand bytes on some platforms. | Since 2003, disk space, screen sizes, etc. have increased significantly. However, stack traces have probably also gotten longer in some frameworks, and the maximum syslog length may be limited to only a few thousand bytes on some platforms. | ||
- | Application may be unexpectedly relying on the hardcoded limit of 15 to avoid logging sensitive information such as full urls/full file contents. | + | Application may be unexpectedly relying on the hardcoded limit of 15 to avoid logging sensitive information such as full urls, full paths, or full file contents. |
- | ===== Proposed Voting Choices | + | ===== Vote ===== |
- | Add a new ini setting '' | + | Add a new ini setting |
+ | |||
+ | Voting opened 2020-07-11 and closes 2020-07-25. A 2/3 majority is required. | ||
+ | |||
+ | <doodle title=" | ||
+ | * Yes | ||
+ | * No | ||
+ | </ | ||
+ | |||
+ | ==== Poll ==== | ||
+ | |||
+ | <doodle title=" | ||
+ | * Yes | ||
+ | * No | ||
+ | </ | ||
+ | |||
+ | ===== Changelog ===== | ||
+ | |||
+ | 0.2: Add " | ||
+ | |||
+ | 0.3: Allow decreasing ini setting value to a minimum of 0 (previously 15). Change the recommended value in php.ini-production to 0. | ||
+ | |||
+ | 0.4: Update external links, formatting. | ||
+ | |||
+ | 0.5: Rename from '' | ||
===== References ===== | ===== References ===== | ||
- | https:// | ||
+ | https:// | ||
+ | |||
+ | https:// | ||
+ | |||
+ | ===== Appendix ===== | ||
+ | ==== Impact of raising string param length limit ==== | ||
+ | |||
+ | For example, code such as the following already had multiple issues such as exposing $appSecret and the potential for XSS from echoing $rawUserInput without html escaping (e.g. ''< | ||
+ | |||
+ | |||
+ | <code php> | ||
+ | function unsafeHTMLRenderingExample(string $rawUserInput, | ||
+ | echo "< | ||
+ | try { | ||
+ | | ||
+ | } catch (Exception $e) { | ||
+ | // The output will include both $rawUserInput and $appSecret. | ||
+ | // Previously, only 15 bytes would be displayed. | ||
+ | echo "This should not happen: $e\n"; | ||
+ | } | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | |||
+ | Static analyzers may be able to detect potentially unsafe uses of '' | ||
+ | |||
+ | * https:// | ||
+ | * https:// | ||
+ | |||
+ | Because the default remains at 15 bytes, this RFC should not make unsafe code like this worse unless the ini setting is changed deliberately. | ||
+ | |||
+ | A related ini setting is '' |
rfc/throwable_string_param_max_len.1593268212.txt.gz · Last modified: 2020/06/27 14:30 by tandre