Good morning Tim,
On Mon, Jan 10, 2022 at 9:06 PM Tim Düsterhus, WoltLab GmbH
<duester...@woltlab.com> wrote:
I am not sure it makes sense to make the code so verbose to prevent
users from showing sensitive data as it never stops (next
print_r/var_dump and userland version of them?).
Also sensitive data goes way beyond arguments, GDPR brings a lot of
issues here too. Userland packages like monolog provide filters or
custom output, I think that is where it should be handled.
As a side note, the RFC mentions that zend.exception_ignore_args may
not be configurable on some shared hosters, it is INI_ALL, so even in
the code could change it, any time, back and forth:
<?php
function foo($a) {
var_dump($a);
throw new Exception('Thrown');
}
foo('adas');
ini_set('zend.exception_ignore_args', true);
foo('adas');
$ php t.php
string(4) "adas"
PHP Fatal error: Uncaught Exception: Thrown in /home/pierre/t.php:4
Stack trace:
#0 /home/pierre/t.php(6): foo()
#1 {main}
thrown in /home/pierre/t.php on line 4
best,
--
Pierre
@pierrejoye | http://www.libgd.org
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: https://www.php.net/unsub.php
