[RFC] Make string length for getTraceAsString() configurable

Add a `zend.exception_string_param_max_len` ini setting.
(same suffix as `log_errors_max_len`)

Allow values between 0 and 1000000 bytes.
For example, with zend.exception_string_param_max_len=0,
"" would represent the empty string, and "..." would represent something
longer than the empty string.
Previously, this was hardcoded as exactly 15 bytes.

Discussion: https://externals.io/message/110717

Closes GH-5769

Zend/tests/exception_024.phpt

@@ -0,0 +1,19 @@
+--TEST--
+zend.exception_string_param_max_len ini setting
+--INI--
+zend.exception_string_param_max_len = 23
+--FILE--
+<?php
+
+function main($arg) {
+    throw new Exception();
+}
+main('123456789012345678901234567890');
+
+?>
+--EXPECTF--
+Fatal error: Uncaught Exception in %s:%d
+Stack trace:
+#0 %s(%d): main('12345678901234567890123...')
+#1 {main}
+  thrown in %s on line %d

Zend/tests/exception_025.phpt

@@ -0,0 +1,41 @@
+--TEST--
+zend.exception_string_param_max_len ini setting
+--FILE--
+<?php
+
+function main($arg) {
+    echo (new Exception()), "\n";
+}
+var_dump(ini_set('zend.exception_string_param_max_len', '-1'));
+var_dump(ini_set('zend.exception_string_param_max_len', '1000001'));
+var_dump(ini_set('zend.exception_string_param_max_len', '1000000'));
+var_dump(ini_set('zend.exception_string_param_max_len', '20'));
+main('short');
+main('123456789012345678901234567890');
+var_dump(ini_set('zend.exception_string_param_max_len', '0'));
+main('short');
+main('');
+
+?>
+--EXPECTF--
+bool(false)
+bool(false)
+string(2) "15"
+string(7) "1000000"
+Exception in %s:%d
+Stack trace:
+#0 %s(10): main('short')
+#1 {main}
+Exception in %s:%d
+Stack trace:
+#0 %s(11): main('12345678901234567890...')
+#1 {main}
+string(2) "20"
+Exception in %s:%d
+Stack trace:
+#0 %s(13): main('...')
+#1 {main}
+Exception in %s:%d
+Stack trace:
+#0 %s(14): main('')
+#1 {main}

Zend/zend.c

@@ -160,6 +160,20 @@ static ZEND_INI_MH(OnUpdateAssertions) /* {{{ */
 }
 /* }}} */
 
+static ZEND_INI_MH(OnSetExceptionStringParamMaxLen) /* {{{ */
+{
+	zend_long i;
+
+	ZEND_ATOL(i, ZSTR_VAL(new_value));
+	if (i >= 0 && i <= 1000000) {
+		EG(exception_string_param_max_len) = i;
+		return SUCCESS;
+	} else {
+		return FAILURE;
+	}
+}
+/* }}} */
+
 #if ZEND_DEBUG
 # define SIGNAL_CHECK_DEFAULT "1"
 #else
@@ -177,6 +191,7 @@ ZEND_INI_BEGIN()
 	STD_ZEND_INI_BOOLEAN("zend.signal_check", SIGNAL_CHECK_DEFAULT, ZEND_INI_SYSTEM, OnUpdateBool, check, zend_signal_globals_t, zend_signal_globals)
 #endif
 	STD_ZEND_INI_BOOLEAN("zend.exception_ignore_args",	"0",	ZEND_INI_ALL,		OnUpdateBool, exception_ignore_args, zend_executor_globals, executor_globals)
+	STD_ZEND_INI_ENTRY("zend.exception_string_param_max_len",	"15",	ZEND_INI_ALL,	OnSetExceptionStringParamMaxLen,	exception_string_param_max_len,		zend_executor_globals,	executor_globals)
 ZEND_INI_END()
 
 ZEND_API size_t zend_vspprintf(char **pbuf, size_t max_len, const char *format, va_list ap) /* {{{ */

Zend/zend_exceptions.c

@@ -482,8 +482,8 @@ static void _build_trace_args(zval *arg, smart_str *str) /* {{{ */
 			break;
 		case IS_STRING:
 			smart_str_appendc(str, '\'');
-			smart_str_append_escaped(str, Z_STRVAL_P(arg), MIN(Z_STRLEN_P(arg), 15));
-			if (Z_STRLEN_P(arg) > 15) {
+			smart_str_append_escaped(str, Z_STRVAL_P(arg), MIN(Z_STRLEN_P(arg), EG(exception_string_param_max_len)));
+			if (Z_STRLEN_P(arg) > EG(exception_string_param_max_len)) {
 				smart_str_appends(str, "...', ");
 			} else {
 				smart_str_appends(str, "', ");

Zend/zend_globals.h

@@ -241,6 +241,7 @@ struct _zend_executor_globals {
 	HashTable weakrefs;
 
 	zend_bool exception_ignore_args;
+	zend_long exception_string_param_max_len;
 
 	zend_get_gc_buffer get_gc_buffer;
 

main/main.c

@@ -260,7 +260,6 @@ static PHP_INI_MH(OnSetSerializePrecision)
 }
 /* }}} */
 
-
 /* {{{ PHP_INI_MH */
 static PHP_INI_MH(OnChangeMemoryLimit)
 {

php.ini-development

@@ -159,6 +159,11 @@
 ;   Development Value: Off
 ;   Production Value: On
 
+; zend.exception_string_param_max_len
+;   Default Value: 15
+;   Development Value: 15
+;   Production Value: 0
+
 ;;;;;;;;;;;;;;;;;;;;
 ; php.ini Options  ;
 ;;;;;;;;;;;;;;;;;;;;
@@ -371,6 +376,14 @@ zend.enable_gc = On
 ; Production Value: On
 zend.exception_ignore_args = Off
 
+; Allows setting the maximum string length in an argument of a stringified stack trace
+; to a value between 0 and 1000000.
+; This has no effect when zend.exception_ignore_args is enabled.
+; Default Value: 15
+; Development Value: 15
+; Production Value: 0
+zend.exception_string_param_max_len = 15
+
 ;;;;;;;;;;;;;;;;;
 ; Miscellaneous ;
 ;;;;;;;;;;;;;;;;;

php.ini-production

@@ -159,6 +159,11 @@
 ;   Development Value: Off
 ;   Production Value: On
 
+; zend.exception_string_param_max_len
+;   Default Value: 15
+;   Development Value: 15
+;   Production Value: 0
+
 ;;;;;;;;;;;;;;;;;;;;
 ; php.ini Options  ;
 ;;;;;;;;;;;;;;;;;;;;
@@ -366,13 +371,23 @@ zend.enable_gc = On
 ;zend.script_encoding =
 
 ; Allows to include or exclude arguments from stack traces generated for exceptions
-; In production, it is recommended to turn this setting on to prohibit the output 
+; In production, it is recommended to turn this setting on to prohibit the output
 ; of sensitive information in stack traces
 ; Default Value: Off
 ; Development Value: Off
 ; Production Value: On
 zend.exception_ignore_args = On
 
+; Allows setting the maximum string length in an argument of a stringified stack trace
+; to a value between 0 and 1000000.
+; This has no effect when zend.exception_ignore_args is enabled.
+; Default Value: 15
+; Development Value: 15
+; Production Value: 0
+; In production, it is recommended to set this to 0 to reduce the output
+; of sensitive information in stack traces.
+zend.exception_string_param_max_len = 0
+
 ;;;;;;;;;;;;;;;;;
 ; Miscellaneous ;
 ;;;;;;;;;;;;;;;;;

run-tests.php

@@ -343,6 +343,7 @@ function main()
         'opcache.jit_hot_side_exit=1',
         'zend.assertions=1',
         'zend.exception_ignore_args=0',
+        'zend.exception_string_param_max_len=15',
         'short_open_tag=0',
     );