simple ignore arguments in exceptions implementation

krakjoe · krakjoe · commit 8ba1caebaee8 · 2019-06-18T09:46:47.000+02:00
diff --git a/Zend/tests/exception_ignore_args.phpt b/Zend/tests/exception_ignore_args.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Exceptions ignoring arguments
+--FILE--
+<?php
+$function = function(string $user, string $pass) {
+    throw new Exception();
+};
+
+ini_set("zend.exception_ignore_args", 1);
+
+$function("secrets", "arewrong");
+?>
+--EXPECTF--
+Fatal error: Uncaught Exception in %sexception_ignore_args.php:3
+Stack trace:
+#0 %sexception_ignore_args.php(8): {closure}()
+#1 {main}
+  thrown in %sexception_ignore_args.php on line 3
diff --git a/Zend/zend.c b/Zend/zend.c
@@ -174,6 +174,7 @@ ZEND_INI_BEGIN()
 #ifdef ZEND_SIGNALS
 	STD_ZEND_INI_BOOLEAN("zend.signal_check", "0", ZEND_INI_SYSTEM, OnUpdateBool, check, zend_signal_globals_t, zend_signal_globals)
 #endif
+	STD_ZEND_INI_BOOLEAN("zend.exception_ignore_args",	"0",	ZEND_INI_ALL,		OnUpdateBool, exception_ignore_args, zend_executor_globals, executor_globals)
 ZEND_INI_END()
 
 ZEND_API size_t zend_vspprintf(char **pbuf, size_t max_len, const char *format, va_list ap) /* {{{ */
diff --git a/Zend/zend_exceptions.c b/Zend/zend_exceptions.c
@@ -212,7 +212,9 @@ static zend_object *zend_default_exception_new_ex(zend_class_entry *class_type,
 	object_properties_init(object, class_type);
 
 	if (EG(current_execute_data)) {
-		zend_fetch_debug_backtrace(&trace, skip_top_traces, 0, 0);
+		zend_fetch_debug_backtrace(&trace,
+			skip_top_traces,
+			EG(exception_ignore_args) ? DEBUG_BACKTRACE_IGNORE_ARGS : 0, 0);
 	} else {
 		array_init(&trace);
 	}
diff --git a/Zend/zend_globals.h b/Zend/zend_globals.h
@@ -234,6 +234,8 @@ struct _zend_executor_globals {
 
 	HashTable weakrefs;
 
+	zend_bool exception_ignore_args;
+
 	void *reserved[ZEND_MAX_RESERVED_RESOURCES];
 };
 
diff --git a/php.ini-development b/php.ini-development
@@ -354,6 +354,10 @@ zend.enable_gc = On
 ; Default: ""
 ;zend.script_encoding =
 
+; Allows to include or exclude arguments from stack traces generated for exceptions
+; Default: Off
+zend.exception_ignore_args = Off
+
 ;;;;;;;;;;;;;;;;;
 ; Miscellaneous ;
 ;;;;;;;;;;;;;;;;;
@@ -1579,6 +1583,8 @@ zend.assertions = 1
 ; http://php.net/assert.quiet-eval
 ;assert.quiet_eval = 0
 
+
+
 [COM]
 ; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs
 ; http://php.net/com.typelib-file
diff --git a/php.ini-production b/php.ini-production
@@ -359,6 +359,12 @@ zend.enable_gc = On
 ; Default: ""
 ;zend.script_encoding =
 
+; Allows to include or exclude arguments from stack traces generated for exceptions
+; Default: Off
+; In production, it is recommended to turn this setting on to prohibit the output 
+; of sensitive information in stack traces
+zend.exception_ignore_args = On
+
 ;;;;;;;;;;;;;;;;;
 ; Miscellaneous ;
 ;;;;;;;;;;;;;;;;;
