ported disable display_errors

author: Ben Fuhrmannek 2016-02-22 18:59:55 +0100
committer: Ben Fuhrmannek 2016-02-22 18:59:55 +0100
commit: cb4150c0b3ef77631a62850e1449465f824a0f03 (patch)
tree: a1ec9b49e8c48616913cdd1466b6d88d96f1d671
parent: 1892d326b40a914538f1a87cf5ea4ca226f7c72f (diff)
5 files changed, 158 insertions, 3 deletions
diff --git a/php_suhosin7.h b/php_suhosin7.h
index 894452d..7cc2938 100644
--- a/php_suhosin7.h
+++ b/php_suhosin7.h
@@ -252,7 +252,7 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin7)
        zend_bool       server_encode;
        zend_bool       server_strip;
        // 
-        // zend_bool    disable_display_errors;
+        zend_bool       disable_display_errors;
        /* random number generator */
        // php_uint32   r_state[625];
diff --git a/suhosin7.c b/suhosin7.c
index c4a89ef..bfe349f 100644
--- a/suhosin7.c
+++ b/suhosin7.c
@@ -208,8 +208,42 @@ static ZEND_INI_MH(OnUpdateSuhosin_cookie_plainlist)
        return SUCCESS;
 }
+static ZEND_INI_MH(OnUpdate_disable_display_errors) /* {{{ */
+{
+        zend_bool *p, val;
+#ifndef ZTS
+        char *base = (char *) mh_arg2;
+#else
+        char *base;
+        base = (char *) ts_resource(*((int *) mh_arg2));
+#endif
+        p = (zend_bool *) (base+(size_t) mh_arg1);
+        if (zend_string_equals_literal_ci(new_value, "on") ||
+                zend_string_equals_literal_ci(new_value, "yes") ||
+                zend_string_equals_literal_ci(new_value, "true")) {
+                *p = (zend_bool) 1;
+        } else if (zend_string_equals_literal_ci(new_value, "fail")) {
+                *p = (zend_bool) 2;
+        }
+        else {
+                *p = (zend_bool) zend_atoi(ZSTR_VAL(new_value), ZSTR_LEN(new_value));
+        }
+        return SUCCESS;
+}
+/* }}} */
+static ZEND_INI_MH(OnUpdate_fail)
+{
+        return FAILURE;
+}
 /* ------------------------------------------------------------------------ */
 #define DEF_LOG_UPDATER(fname, varname, inistr) static ZEND_INI_MH(fname) \
 { \
        LOG_PERDIR_CHECK() \
@@ -287,7 +321,7 @@ PHP_INI_BEGIN()
        // STD_S7_INI_BOOLEAN("suhosin.coredump",                               "0",    PHP_INI_SYSTEM, OnUpdateBool, coredump)
        // STD_S7_INI_BOOLEAN("suhosin.stealth",                                "1",    PHP_INI_SYSTEM, OnUpdateBool, stealth)
        // STD_S7_INI_BOOLEAN("suhosin.apc_bug_workaround",     "0",    PHP_INI_SYSTEM, OnUpdateBool, apc_bug_workaround)
-        // STD_S7_INI_BOOLEAN("suhosin.disable.display_errors", "0",    PHP_INI_SYSTEM, OnUpdate_disable_display_errors, disable_display_errors)
+        STD_S7_INI_BOOLEAN("suhosin.disable.display_errors",    "0",    PHP_INI_SYSTEM, OnUpdate_disable_display_errors, disable_display_errors)
        
        
        // 
@@ -450,7 +484,34 @@ PHP_MINIT_FUNCTION(suhosin7)
 #endif
        // TODO: stealth loading
-        
+        /* Force display_errors=off */
+        if (SUHOSIN7_G(disable_display_errors)) {
+                zend_ini_entry *i;
+                zend_string *ini_name = zend_string_init(ZEND_STRL("display_errors"), 0);
+                zend_string *val0 = zend_string_init(ZEND_STRL("0"), 1);
+                if ((i = zend_hash_find_ptr(EG(ini_directives), ini_name))) {
+                        if (i->on_modify) {
+                                i->on_modify(i, val0, i->mh_arg1, i->mh_arg2, i->mh_arg3, ZEND_INI_STAGE_STARTUP);
+                                // i->on_modify = NULL;
+                        }
+                        
+                        SDEBUG("display_errors=%s", ZSTR_VAL(val0));
+                        if (SUHOSIN7_G(disable_display_errors) >= 2) {
+                                i->modified = 0;
+                                i->value = zend_string_copy(val0);
+                                i->on_modify = OnUpdate_fail;
+                        } else {
+                                i->on_modify = NULL;
+                        }
+                } else {
+                        // no display_errors?
+                        suhosin_log(S_INTERNAL, "suhosin cannot protect display_errors: option not found");
+                }
+                zend_string_release(ini_name);
+                zend_string_release(val0);
+        }
        // hooks
        // suhosin_hook_memory_limit();
        suhosin_hook_treat_data();
diff --git a/tests/misc/disable_display_errors_fail.phpt b/tests/misc/disable_display_errors_fail.phpt
new file mode 100644
index 0000000..56df441
--- /dev/null
+++ b/tests/misc/disable_display_errors_fail.phpt
@@ -0,0 +1,27 @@
+--TEST--
+Testing: suhosin.disable.display_errors=fail
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.log.syslog=0
+display_errors=1
+suhosin.disable.display_errors=fail
+--FILE--
+<?php
+/* Attention: suhosin.disable.display_errors=fail - will NOT silently disable unlike suhosin.disable.display_errors=On */
+var_dump(ini_get("display_errors"));
+var_dump(ini_set("display_errors", "0"));
+var_dump(ini_get("display_errors"));
+var_dump(ini_set("display_errors", "1"));
+var_dump(ini_get("display_errors"));
+foo();
+?>
+--EXPECTF--
+string(1) "0"
+bool(false)
+string(1) "0"
+bool(false)
+string(1) "0"
diff --git a/tests/misc/disable_display_errors_off.phpt b/tests/misc/disable_display_errors_off.phpt
new file mode 100644
index 0000000..3cacd96
--- /dev/null
+++ b/tests/misc/disable_display_errors_off.phpt
@@ -0,0 +1,35 @@
+--TEST--
+Testing: suhosin.disable.display_errors=Off
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.log.syslog=0
+display_errors=1
+suhosin.disable.display_errors=0
+--FILE--
+<?php
+/* Attention: suhosin.disable.display_errors - will silently disable
+   This means ini_get() will return wrong values. You have to trigger errors to see if it works */
+ini_get();
+var_dump(ini_get("display_errors"));
+var_dump(ini_set("display_errors", "0"));
+ini_get();
+var_dump(ini_get("display_errors"));
+var_dump(ini_set("display_errors", "1"));
+var_dump(ini_get("display_errors"));
+ini_get();
+?>
+--EXPECTF--
+Warning: ini_get() expects exactly 1 parameter, 0 given in %s on line 6
+string(1) "1"
+string(1) "1"
+string(1) "0"
+string(1) "0"
+string(1) "1"
+Warning: ini_get() expects exactly 1 parameter, 0 given in %s on line 13
diff --git a/tests/misc/disable_display_errors_on.phpt b/tests/misc/disable_display_errors_on.phpt
new file mode 100644
index 0000000..e409d5f
--- /dev/null
+++ b/tests/misc/disable_display_errors_on.phpt
@@ -0,0 +1,32 @@
+--TEST--
+Testing: suhosin.disable.display_errors=On
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.log.syslog=0
+display_errors=1
+suhosin.disable.display_errors=1
+--FILE--
+<?php
+/* Attention: suhosin.disable.display_errors - will silently disable
+   This means ini_get() will return wrong values. You have to trigger errors to see if it works */
+ini_get();
+var_dump(ini_get("display_errors"));
+var_dump(ini_set("display_errors", "0"));
+ini_get();
+var_dump(ini_get("display_errors"));
+var_dump(ini_set("display_errors", "1"));
+var_dump(ini_get("display_errors"));
+ini_get();
+?>
+--EXPECTF--
+string(1) "1"
+string(1) "1"
+string(1) "0"
+string(1) "0"
+string(1) "1"
author	Ben Fuhrmannek	2016-02-22 18:59:55 +0100
committer	Ben Fuhrmannek	2016-02-22 18:59:55 +0100
commit	cb4150c0b3ef77631a62850e1449465f824a0f03 (patch)
tree	a1ec9b49e8c48616913cdd1466b6d88d96f1d671
parent	1892d326b40a914538f1a87cf5ea4ca226f7c72f (diff)

diff --git a/php_suhosin7.h b/php_suhosin7.h index 894452d..7cc2938 100644 --- a/php_suhosin7.h +++ b/php_suhosin7.h
@@ -252,7 +252,7 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin7)
252	zend_bool server_encode;	252	zend_bool server_encode;
253	zend_bool server_strip;	253	zend_bool server_strip;
254	//	254	//
255	// zend_bool disable_display_errors;	255	zend_bool disable_display_errors;
256		256
257	/* random number generator */	257	/* random number generator */
258	// php_uint32 r_state[625];	258	// php_uint32 r_state[625];


diff --git a/suhosin7.c b/suhosin7.c index c4a89ef..bfe349f 100644 --- a/suhosin7.c +++ b/suhosin7.c
@@ -208,8 +208,42 @@ static ZEND_INI_MH(OnUpdateSuhosin_cookie_plainlist)
208	return SUCCESS;	208	return SUCCESS;
209	}	209	}
210		210
		211	static ZEND_INI_MH(OnUpdate_disable_display_errors) /* {{{ */
		212	{
		213	zend_bool *p, val;
		214	#ifndef ZTS
		215	char base = (char ) mh_arg2;
		216	#else
		217	char *base;
		218
		219	base = (char ) ts_resource(((int *) mh_arg2));
		220	#endif
		221
		222	p = (zend_bool *) (base+(size_t) mh_arg1);
		223
		224	if (zend_string_equals_literal_ci(new_value, "on") \|\|
		225	zend_string_equals_literal_ci(new_value, "yes") \|\|
		226	zend_string_equals_literal_ci(new_value, "true")) {
		227	*p = (zend_bool) 1;
		228	} else if (zend_string_equals_literal_ci(new_value, "fail")) {
		229	*p = (zend_bool) 2;
		230	}
		231	else {
		232	*p = (zend_bool) zend_atoi(ZSTR_VAL(new_value), ZSTR_LEN(new_value));
		233	}
		234
		235	return SUCCESS;
		236	}
		237	/* }}} */
		238
		239	static ZEND_INI_MH(OnUpdate_fail)
		240	{
		241	return FAILURE;
		242	}
		243
211	/* ------------------------------------------------------------------------ */	244	/* ------------------------------------------------------------------------ */
212		245
		246
213	#define DEF_LOG_UPDATER(fname, varname, inistr) static ZEND_INI_MH(fname) \	247	#define DEF_LOG_UPDATER(fname, varname, inistr) static ZEND_INI_MH(fname) \
214	{ \	248	{ \
215	LOG_PERDIR_CHECK() \	249	LOG_PERDIR_CHECK() \
@@ -287,7 +321,7 @@ PHP_INI_BEGIN()
287	// STD_S7_INI_BOOLEAN("suhosin.coredump", "0", PHP_INI_SYSTEM, OnUpdateBool, coredump)	321	// STD_S7_INI_BOOLEAN("suhosin.coredump", "0", PHP_INI_SYSTEM, OnUpdateBool, coredump)
288	// STD_S7_INI_BOOLEAN("suhosin.stealth", "1", PHP_INI_SYSTEM, OnUpdateBool, stealth)	322	// STD_S7_INI_BOOLEAN("suhosin.stealth", "1", PHP_INI_SYSTEM, OnUpdateBool, stealth)
289	// STD_S7_INI_BOOLEAN("suhosin.apc_bug_workaround", "0", PHP_INI_SYSTEM, OnUpdateBool, apc_bug_workaround)	323	// STD_S7_INI_BOOLEAN("suhosin.apc_bug_workaround", "0", PHP_INI_SYSTEM, OnUpdateBool, apc_bug_workaround)
290	// STD_S7_INI_BOOLEAN("suhosin.disable.display_errors", "0", PHP_INI_SYSTEM, OnUpdate_disable_display_errors, disable_display_errors)	324	STD_S7_INI_BOOLEAN("suhosin.disable.display_errors", "0", PHP_INI_SYSTEM, OnUpdate_disable_display_errors, disable_display_errors)
291		325
292		326
293	//	327	//
@@ -450,7 +484,34 @@ PHP_MINIT_FUNCTION(suhosin7)
450	#endif	484	#endif
451		485
452	// TODO: stealth loading	486	// TODO: stealth loading
453		487
		488	/* Force display_errors=off */
		489	if (SUHOSIN7_G(disable_display_errors)) {
		490	zend_ini_entry *i;
		491	zend_string *ini_name = zend_string_init(ZEND_STRL("display_errors"), 0);
		492	zend_string *val0 = zend_string_init(ZEND_STRL("0"), 1);
		493	if ((i = zend_hash_find_ptr(EG(ini_directives), ini_name))) {
		494	if (i->on_modify) {
		495	i->on_modify(i, val0, i->mh_arg1, i->mh_arg2, i->mh_arg3, ZEND_INI_STAGE_STARTUP);
		496	// i->on_modify = NULL;
		497	}
		498
		499	SDEBUG("display_errors=%s", ZSTR_VAL(val0));
		500	if (SUHOSIN7_G(disable_display_errors) >= 2) {
		501	i->modified = 0;
		502	i->value = zend_string_copy(val0);
		503	i->on_modify = OnUpdate_fail;
		504	} else {
		505	i->on_modify = NULL;
		506	}
		507	} else {
		508	// no display_errors?
		509	suhosin_log(S_INTERNAL, "suhosin cannot protect display_errors: option not found");
		510	}
		511	zend_string_release(ini_name);
		512	zend_string_release(val0);
		513	}
		514
454	// hooks	515	// hooks
455	// suhosin_hook_memory_limit();	516	// suhosin_hook_memory_limit();
456	suhosin_hook_treat_data();	517	suhosin_hook_treat_data();


diff --git a/tests/misc/disable_display_errors_fail.phpt b/tests/misc/disable_display_errors_fail.phpt new file mode 100644 index 0000000..56df441 --- /dev/null +++ b/tests/misc/disable_display_errors_fail.phpt
@@ -0,0 +1,27 @@
		1	--TEST--
		2	Testing: suhosin.disable.display_errors=fail
		3	--SKIPIF--
		4	<?php include "../skipifnotcli.inc"; ?>
		5	--INI--
		6	suhosin.log.sapi=0
		7	suhosin.log.stdout=255
		8	suhosin.log.script=0
		9	suhosin.log.syslog=0
		10	display_errors=1
		11	suhosin.disable.display_errors=fail
		12	--FILE--
		13	<?php
		14	/* Attention: suhosin.disable.display_errors=fail - will NOT silently disable unlike suhosin.disable.display_errors=On */
		15	var_dump(ini_get("display_errors"));
		16	var_dump(ini_set("display_errors", "0"));
		17	var_dump(ini_get("display_errors"));
		18	var_dump(ini_set("display_errors", "1"));
		19	var_dump(ini_get("display_errors"));
		20	foo();
		21	?>
		22	--EXPECTF--
		23	string(1) "0"
		24	bool(false)
		25	string(1) "0"
		26	bool(false)
		27	string(1) "0"


diff --git a/tests/misc/disable_display_errors_off.phpt b/tests/misc/disable_display_errors_off.phpt new file mode 100644 index 0000000..3cacd96 --- /dev/null +++ b/tests/misc/disable_display_errors_off.phpt
@@ -0,0 +1,35 @@
		1	--TEST--
		2	Testing: suhosin.disable.display_errors=Off
		3	--SKIPIF--
		4	<?php include "../skipifnotcli.inc"; ?>
		5	--INI--
		6	suhosin.log.sapi=0
		7	suhosin.log.stdout=255
		8	suhosin.log.script=0
		9	suhosin.log.syslog=0
		10	display_errors=1
		11	suhosin.disable.display_errors=0
		12	--FILE--
		13	<?php
		14	/* Attention: suhosin.disable.display_errors - will silently disable
		15
		16	This means ini_get() will return wrong values. You have to trigger errors to see if it works */
		17
		18	ini_get();
		19	var_dump(ini_get("display_errors"));
		20	var_dump(ini_set("display_errors", "0"));
		21	ini_get();
		22	var_dump(ini_get("display_errors"));
		23	var_dump(ini_set("display_errors", "1"));
		24	var_dump(ini_get("display_errors"));
		25	ini_get();
		26	?>
		27	--EXPECTF--
		28	Warning: ini_get() expects exactly 1 parameter, 0 given in %s on line 6
		29	string(1) "1"
		30	string(1) "1"
		31	string(1) "0"
		32	string(1) "0"
		33	string(1) "1"
		34
		35	Warning: ini_get() expects exactly 1 parameter, 0 given in %s on line 13


diff --git a/tests/misc/disable_display_errors_on.phpt b/tests/misc/disable_display_errors_on.phpt new file mode 100644 index 0000000..e409d5f --- /dev/null +++ b/tests/misc/disable_display_errors_on.phpt
@@ -0,0 +1,32 @@
		1	--TEST--
		2	Testing: suhosin.disable.display_errors=On
		3	--SKIPIF--
		4	<?php include "../skipifnotcli.inc"; ?>
		5	--INI--
		6	suhosin.log.sapi=0
		7	suhosin.log.stdout=255
		8	suhosin.log.script=0
		9	suhosin.log.syslog=0
		10	display_errors=1
		11	suhosin.disable.display_errors=1
		12	--FILE--
		13	<?php
		14	/* Attention: suhosin.disable.display_errors - will silently disable
		15
		16	This means ini_get() will return wrong values. You have to trigger errors to see if it works */
		17
		18	ini_get();
		19	var_dump(ini_get("display_errors"));
		20	var_dump(ini_set("display_errors", "0"));
		21	ini_get();
		22	var_dump(ini_get("display_errors"));
		23	var_dump(ini_set("display_errors", "1"));
		24	var_dump(ini_get("display_errors"));
		25	ini_get();
		26	?>
		27	--EXPECTF--
		28	string(1) "1"
		29	string(1) "1"
		30	string(1) "0"
		31	string(1) "0"
		32	string(1) "1"