View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000644 | Xdebug | Profiling | public | 2010-12-03 16:29 | 2020-03-12 17:38 |
| Reporter | troelskn | Assigned To | derick | ||
| Priority | normal | Severity | feature | Reproducibility | N/A |
| Status | closed | Resolution | fixed | ||
| Platform | all | OS | all | OS Version | all |
| Product Version | 2.1.0 | ||||
| Fixed in Version | 2.3.0 | ||||
| Summary | 0000644: Shared secret for profiler_enable_trigger | ||||
| Description | When the profiler_enable_trigger setting is enabled, any visitor to a server can initiate xdebug. Since this is rather heavyweight, it is a potential security risk. It would be nice to have the option to specify a secret key, that the client has to provide to trigger the profiler. | ||||
| Tags | No tags attached. | ||||
| Attached Files | xdebug-2.0.5-trace_trigger_secret.patch (6,057 bytes)
diff -ru xdebug-2.0.5/php_xdebug.h xdebug-2.0.5-modified/php_xdebug.h
--- xdebug-2.0.5/php_xdebug.h 1970-01-01 20:13:08.000000000 +1100
+++ xdebug-2.0.5-modified/php_xdebug.h 2011-03-30 16:05:11.442678999 +1100
@@ -141,6 +141,8 @@
FILE *trace_file;
zend_bool do_trace;
zend_bool auto_trace;
+ zend_bool trace_enable_trigger;
+ char *trace_enable_trigger_value;
char *trace_output_dir;
char *trace_output_name;
long trace_options;
@@ -199,6 +201,7 @@
char *profiler_output_dir;
char *profiler_output_name; /* "pid" or "crc32" */
zend_bool profiler_enable_trigger;
+ char *profiler_enable_trigger_value;
zend_bool profiler_append;
/* profiler globals */
diff -ru xdebug-2.0.5/xdebug.c xdebug-2.0.5-modified/xdebug.c
--- xdebug-2.0.5/xdebug.c 1970-01-01 20:13:08.000000000 +1100
+++ xdebug-2.0.5-modified/xdebug.c 2011-03-31 17:01:14.885110998 +1100
@@ -253,6 +253,8 @@
PHP_INI_BEGIN()
/* Debugger settings */
STD_PHP_INI_BOOLEAN("xdebug.auto_trace", "0", PHP_INI_ALL, OnUpdateBool, auto_trace, zend_xdebug_globals, xdebug_globals)
+ STD_PHP_INI_BOOLEAN("xdebug.trace_enable_trigger", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, trace_enable_trigger, zend_xdebug_globals, xdebug_globals)
+ STD_PHP_INI_ENTRY("xdebug.trace_enable_trigger_value", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, trace_enable_trigger_value, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_ENTRY("xdebug.trace_output_dir", "/tmp", PHP_INI_ALL, OnUpdateString, trace_output_dir, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_ENTRY("xdebug.trace_output_name", "trace.%c", PHP_INI_ALL, OnUpdateString, trace_output_name, zend_xdebug_globals, xdebug_globals)
#if ZEND_EXTENSION_API_NO < 90000000
@@ -300,11 +302,12 @@
STD_PHP_INI_ENTRY("xdebug.profiler_output_dir", "/tmp", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, profiler_output_dir, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_ENTRY("xdebug.profiler_output_name", "cachegrind.out.%p", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, profiler_output_name, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_BOOLEAN("xdebug.profiler_enable_trigger", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, profiler_enable_trigger, zend_xdebug_globals, xdebug_globals)
+ STD_PHP_INI_ENTRY("xdebug.profiler_enable_trigger_value", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, profiler_enable_trigger_value, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_BOOLEAN("xdebug.profiler_append", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, profiler_append, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_BOOLEAN("xdebug.profiler_aggregate", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, profiler_aggregate, zend_xdebug_globals, xdebug_globals)
/* Remote debugger settings */
- STD_PHP_INI_BOOLEAN("xdebug.remote_enable", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, remote_enable, zend_xdebug_globals, xdebug_globals)
+ STD_PHP_INI_BOOLEAN("xdebug.remote_enable", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, remote_enable, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_ENTRY("xdebug.remote_handler", "dbgp", PHP_INI_ALL, OnUpdateString, remote_handler, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_ENTRY("xdebug.remote_host", "localhost", PHP_INI_ALL, OnUpdateString, remote_host, zend_xdebug_globals, xdebug_globals)
PHP_INI_ENTRY("xdebug.remote_mode", "req", PHP_INI_ALL, OnUpdateDebugMode)
@@ -437,6 +440,9 @@
if (strcasecmp(envvar, "profiler_enable_trigger") == 0) {
name = "xdebug.profiler_enable_trigger";
} else
+ if (strcasecmp(envvar, "trace_enable") == 0) {
+ name = "xdebug.trace_enable";
+ } else
if (strcasecmp(envvar, "remote_log") == 0) {
name = "xdebug.remote_log";
}
@@ -785,11 +791,40 @@
XG(remote_enabled) = 0;
XG(profiler_enabled) = 0;
XG(breakpoints_allowed) = 1;
- if (XG(auto_trace) && XG(trace_output_dir) && strlen(XG(trace_output_dir))) {
+ if (
+ (
+ XG(auto_trace)
+ ||
+ (
+ /* Check for special GET/POST parameter to start the trace */
+ XG(trace_enable_trigger) &&
+ (
+ (
+ PG(http_globals)[TRACK_VARS_GET] &&
+ zend_hash_find(PG(http_globals)[TRACK_VARS_GET]->value.ht, "XDEBUG_TRACE", sizeof("XDEBUG_TRACE"), (void **) &dummy) == SUCCESS
+ ) || (
+ PG(http_globals)[TRACK_VARS_POST] &&
+ zend_hash_find(PG(http_globals)[TRACK_VARS_POST]->value.ht, "XDEBUG_TRACE", sizeof("XDEBUG_TRACE"), (void **) &dummy) == SUCCESS
+ ) || (
+ PG(http_globals)[TRACK_VARS_COOKIE] &&
+ zend_hash_find(PG(http_globals)[TRACK_VARS_COOKIE]->value.ht, "XDEBUG_TRACE", sizeof("XDEBUG_TRACE"), (void **) &dummy) == SUCCESS
+ )
+ ) && (
+ (strlen(XG(trace_enable_trigger_value)) == 0) ||
+ (strcmp(XG(trace_enable_trigger_value), Z_STRVAL_PP(dummy)) == 0)
+ )
+
+ )
+ ) && XG(trace_output_dir) && strlen(XG(trace_output_dir))) {
+
/* In case we do an auto-trace we are not interested in the return
* value, but we still have to free it. */
xdfree(xdebug_start_trace(NULL, XG(trace_options) TSRMLS_CC));
}
+ php_syslog(LOG_NOTICE, "trace_enable_trigger_value: '%s'", XG(trace_enable_trigger_value));
+ php_syslog(LOG_NOTICE, "dummy: '%s'", Z_STRVAL_PP(dummy));
+
+
/* Initialize some debugger context properties */
XG(context).program_name = NULL;
@@ -1494,6 +1529,9 @@
PG(http_globals)[TRACK_VARS_COOKIE] &&
zend_hash_find(PG(http_globals)[TRACK_VARS_COOKIE]->value.ht, "XDEBUG_PROFILE", sizeof("XDEBUG_PROFILE"), (void **) &dummy) == SUCCESS
)
+ ) && (
+ (strlen(XG(profiler_enable_trigger_value)) == 0) ||
+ (strcmp(XG(profiler_enable_trigger_value), Z_STRVAL_PP(dummy)) == 0)
)
)
)
xdebug-2.0.5-trace_trigger_secret-v2.patch (6,035 bytes)
diff -ru xdebug-2.0.5/php_xdebug.h xdebug-2.0.5-modified/php_xdebug.h
--- xdebug-2.0.5/php_xdebug.h 1970-01-01 20:13:08.000000000 +1100
+++ xdebug-2.0.5-modified/php_xdebug.h 2011-03-30 16:05:11.442678999 +1100
@@ -141,6 +141,8 @@
FILE *trace_file;
zend_bool do_trace;
zend_bool auto_trace;
+ zend_bool trace_enable_trigger;
+ char *trace_enable_trigger_value;
char *trace_output_dir;
char *trace_output_name;
long trace_options;
@@ -199,6 +201,7 @@
char *profiler_output_dir;
char *profiler_output_name; /* "pid" or "crc32" */
zend_bool profiler_enable_trigger;
+ char *profiler_enable_trigger_value;
zend_bool profiler_append;
/* profiler globals */
diff -ru xdebug-2.0.5/xdebug.c xdebug-2.0.5-modified/xdebug.c
--- xdebug-2.0.5/xdebug.c 1970-01-01 20:13:08.000000000 +1100
+++ xdebug-2.0.5-modified/xdebug.c 2011-03-31 18:00:57.665110993 +1100
@@ -253,6 +253,8 @@
PHP_INI_BEGIN()
/* Debugger settings */
STD_PHP_INI_BOOLEAN("xdebug.auto_trace", "0", PHP_INI_ALL, OnUpdateBool, auto_trace, zend_xdebug_globals, xdebug_globals)
+ STD_PHP_INI_BOOLEAN("xdebug.trace_enable_trigger", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, trace_enable_trigger, zend_xdebug_globals, xdebug_globals)
+ STD_PHP_INI_ENTRY("xdebug.trace_enable_trigger_value", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, trace_enable_trigger_value, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_ENTRY("xdebug.trace_output_dir", "/tmp", PHP_INI_ALL, OnUpdateString, trace_output_dir, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_ENTRY("xdebug.trace_output_name", "trace.%c", PHP_INI_ALL, OnUpdateString, trace_output_name, zend_xdebug_globals, xdebug_globals)
#if ZEND_EXTENSION_API_NO < 90000000
@@ -300,11 +302,12 @@
STD_PHP_INI_ENTRY("xdebug.profiler_output_dir", "/tmp", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, profiler_output_dir, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_ENTRY("xdebug.profiler_output_name", "cachegrind.out.%p", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, profiler_output_name, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_BOOLEAN("xdebug.profiler_enable_trigger", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, profiler_enable_trigger, zend_xdebug_globals, xdebug_globals)
+ STD_PHP_INI_ENTRY("xdebug.profiler_enable_trigger_value", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, profiler_enable_trigger_value, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_BOOLEAN("xdebug.profiler_append", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, profiler_append, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_BOOLEAN("xdebug.profiler_aggregate", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, profiler_aggregate, zend_xdebug_globals, xdebug_globals)
/* Remote debugger settings */
- STD_PHP_INI_BOOLEAN("xdebug.remote_enable", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, remote_enable, zend_xdebug_globals, xdebug_globals)
+ STD_PHP_INI_BOOLEAN("xdebug.remote_enable", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, remote_enable, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_ENTRY("xdebug.remote_handler", "dbgp", PHP_INI_ALL, OnUpdateString, remote_handler, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_ENTRY("xdebug.remote_host", "localhost", PHP_INI_ALL, OnUpdateString, remote_host, zend_xdebug_globals, xdebug_globals)
PHP_INI_ENTRY("xdebug.remote_mode", "req", PHP_INI_ALL, OnUpdateDebugMode)
@@ -437,6 +440,9 @@
if (strcasecmp(envvar, "profiler_enable_trigger") == 0) {
name = "xdebug.profiler_enable_trigger";
} else
+ if (strcasecmp(envvar, "auto_trace") == 0) {
+ name = "xdebug.auto_trace";
+ } else
if (strcasecmp(envvar, "remote_log") == 0) {
name = "xdebug.remote_log";
}
@@ -785,12 +791,40 @@
XG(remote_enabled) = 0;
XG(profiler_enabled) = 0;
XG(breakpoints_allowed) = 1;
- if (XG(auto_trace) && XG(trace_output_dir) && strlen(XG(trace_output_dir))) {
+ if (
+ (
+ XG(auto_trace)
+ ||
+ (
+ /* Check for special GET/POST parameter to start the trace */
+ XG(trace_enable_trigger) &&
+ (
+ (
+ PG(http_globals)[TRACK_VARS_GET] &&
+ zend_hash_find(PG(http_globals)[TRACK_VARS_GET]->value.ht, "XDEBUG_TRACE", sizeof("XDEBUG_TRACE"), (void **) &dummy) == SUCCESS
+ ) || (
+ PG(http_globals)[TRACK_VARS_POST] &&
+ zend_hash_find(PG(http_globals)[TRACK_VARS_POST]->value.ht, "XDEBUG_TRACE", sizeof("XDEBUG_TRACE"), (void **) &dummy) == SUCCESS
+ ) || (
+ PG(http_globals)[TRACK_VARS_COOKIE] &&
+ zend_hash_find(PG(http_globals)[TRACK_VARS_COOKIE]->value.ht, "XDEBUG_TRACE", sizeof("XDEBUG_TRACE"), (void **) &dummy) == SUCCESS
+ )
+ ) && (
+ (XG(trace_enable_trigger_value) == 0) ||
+ (strlen(XG(trace_enable_trigger_value)) == 0) ||
+ (strcmp(XG(trace_enable_trigger_value), Z_STRVAL_PP(dummy)) == 0)
+ )
+
+ )
+ ) && XG(trace_output_dir) && strlen(XG(trace_output_dir))) {
+
/* In case we do an auto-trace we are not interested in the return
* value, but we still have to free it. */
xdfree(xdebug_start_trace(NULL, XG(trace_options) TSRMLS_CC));
}
+
+
/* Initialize some debugger context properties */
XG(context).program_name = NULL;
XG(context).list.last_file = NULL;
@@ -1494,6 +1528,10 @@
PG(http_globals)[TRACK_VARS_COOKIE] &&
zend_hash_find(PG(http_globals)[TRACK_VARS_COOKIE]->value.ht, "XDEBUG_PROFILE", sizeof("XDEBUG_PROFILE"), (void **) &dummy) == SUCCESS
)
+ ) && (
+ (XG(profiler_enable_trigger_value) == 0) ||
+ (strlen(XG(profiler_enable_trigger_value)) == 0) ||
+ (strcmp(XG(profiler_enable_trigger_value), Z_STRVAL_PP(dummy)) == 0)
)
)
)
svn-3438.patch (6,395 bytes)
Index: xdebug.c
===================================================================
--- xdebug.c (revision 3438)
+++ xdebug.c (working copy)
@@ -85,7 +85,7 @@
int (*xdebug_orig_header_handler)(sapi_header_struct *h XG_SAPI_HEADER_OP_DC, sapi_headers_struct *s TSRMLS_DC);
-static int xdebug_trigger_enabled(int setting, char *var_name);
+static int xdebug_trigger_enabled(int setting, char *var_name, char *var_value);
zend_function_entry xdebug_functions[] = {
PHP_FE(xdebug_get_stack_depth, NULL)
@@ -239,6 +239,7 @@
/* Debugger settings */
STD_PHP_INI_BOOLEAN("xdebug.auto_trace", "0", PHP_INI_ALL, OnUpdateBool, auto_trace, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_BOOLEAN("xdebug.trace_enable_trigger", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, trace_enable_trigger, zend_xdebug_globals, xdebug_globals)
+ STD_PHP_INI_ENTRY("xdebug.trace_enable_trigger_value", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, trace_enable_trigger_value, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_ENTRY("xdebug.trace_output_dir", XDEBUG_TEMP_DIR, PHP_INI_ALL, OnUpdateString, trace_output_dir, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_ENTRY("xdebug.trace_output_name", "trace.%c", PHP_INI_ALL, OnUpdateString, trace_output_name, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_ENTRY("xdebug.trace_format", "0", PHP_INI_ALL, OnUpdateLong, trace_format, zend_xdebug_globals, xdebug_globals)
@@ -276,7 +277,8 @@
STD_PHP_INI_BOOLEAN("xdebug.profiler_enable", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, profiler_enable, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_ENTRY("xdebug.profiler_output_dir", XDEBUG_TEMP_DIR, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, profiler_output_dir, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_ENTRY("xdebug.profiler_output_name", "cachegrind.out.%p", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, profiler_output_name, zend_xdebug_globals, xdebug_globals)
- STD_PHP_INI_BOOLEAN("xdebug.profiler_enable_trigger", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, profiler_enable_trigger, zend_xdebug_globals, xdebug_globals)
+ STD_PHP_INI_BOOLEAN("xdebug.profiler_enable_trigger", "1", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, profiler_enable_trigger, zend_xdebug_globals, xdebug_globals)
+ STD_PHP_INI_ENTRY("xdebug.profiler_enable_trigger_value", "", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateString, profiler_enable_trigger_value, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_BOOLEAN("xdebug.profiler_append", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, profiler_append, zend_xdebug_globals, xdebug_globals)
STD_PHP_INI_BOOLEAN("xdebug.profiler_aggregate", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateBool, profiler_aggregate, zend_xdebug_globals, xdebug_globals)
@@ -428,6 +430,9 @@
if (strcasecmp(envvar, "profiler_enable_trigger") == 0) {
name = "xdebug.profiler_enable_trigger";
} else
+ if (strcasecmp(envvar, "trace_enable") == 0) {
+ name = "xdebug.trace_enable";
+ } else
if (strcasecmp(envvar, "remote_log") == 0) {
name = "xdebug.remote_log";
} else
@@ -813,7 +818,7 @@
XG(profiler_enabled) = 0;
XG(breakpoints_allowed) = 1;
if (
- (XG(auto_trace) || xdebug_trigger_enabled(XG(trace_enable_trigger), "XDEBUG_TRACE"))
+ (XG(auto_trace) || xdebug_trigger_enabled(XG(trace_enable_trigger), "XDEBUG_TRACE", XG(trace_enable_trigger_value)))
&& XG(trace_output_dir) && strlen(XG(trace_output_dir))
) {
/* In case we do an auto-trace we are not interested in the return
@@ -953,9 +958,9 @@
DISPLAY_INI_ENTRIES();
}
-static int xdebug_trigger_enabled(int setting, char *var_name)
+static int xdebug_trigger_enabled(int setting, char *var_name, char *var_value)
{
- zval **dummy;
+ zval **trigger_val;
if (!setting) {
return 0;
@@ -963,14 +968,19 @@
if (
(
- PG(http_globals)[TRACK_VARS_GET] &&
- zend_hash_find(PG(http_globals)[TRACK_VARS_GET]->value.ht, var_name, strlen(var_name) + 1, (void **) &dummy) == SUCCESS
- ) || (
- PG(http_globals)[TRACK_VARS_POST] &&
- zend_hash_find(PG(http_globals)[TRACK_VARS_POST]->value.ht, var_name, strlen(var_name) + 1, (void **) &dummy) == SUCCESS
- ) || (
- PG(http_globals)[TRACK_VARS_COOKIE] &&
- zend_hash_find(PG(http_globals)[TRACK_VARS_COOKIE]->value.ht, var_name, strlen(var_name) + 1, (void **) &dummy) == SUCCESS
+ (
+ PG(http_globals)[TRACK_VARS_GET] &&
+ zend_hash_find(PG(http_globals)[TRACK_VARS_GET]->value.ht, var_name, strlen(var_name) + 1, (void **) &trigger_val) == SUCCESS
+ ) || (
+ PG(http_globals)[TRACK_VARS_POST] &&
+ zend_hash_find(PG(http_globals)[TRACK_VARS_POST]->value.ht, var_name, strlen(var_name) + 1, (void **) &trigger_val) == SUCCESS
+ ) || (
+ PG(http_globals)[TRACK_VARS_COOKIE] &&
+ zend_hash_find(PG(http_globals)[TRACK_VARS_COOKIE]->value.ht, var_name, strlen(var_name) + 1, (void **) &trigger_val) == SUCCESS
+ )
+ ) && (
+ (var_value == 0) ||
+ (strcmp(var_value, Z_STRVAL_PP(trigger_val)) == 0)
)
) {
return 1;
@@ -1236,7 +1246,7 @@
/* Check for special GET/POST parameter to start profiling */
if (
!XG(profiler_enabled) &&
- (XG(profiler_enable) || xdebug_trigger_enabled(XG(profiler_enable_trigger), "XDEBUG_PROFILE"))
+ (XG(profiler_enable) || xdebug_trigger_enabled(XG(profiler_enable_trigger), "XDEBUG_PROFILE", XG(profiler_enable_trigger_value)))
) {
if (xdebug_profiler_init(op_array->filename TSRMLS_CC) == SUCCESS) {
XG(profiler_enabled) = 1;
Index: php_xdebug.h
===================================================================
--- php_xdebug.h (revision 3438)
+++ php_xdebug.h (working copy)
@@ -181,6 +181,7 @@
zend_bool do_trace;
zend_bool auto_trace;
zend_bool trace_enable_trigger;
+ char *trace_enable_trigger_value;
char *trace_output_dir;
char *trace_output_name;
long trace_options;
@@ -255,6 +256,7 @@
char *profiler_output_dir;
char *profiler_output_name; /* "pid" or "crc32" */
zend_bool profiler_enable_trigger;
+ char *profiler_enable_trigger_value;
zend_bool profiler_append;
/* profiler globals */
| ||||
| Operating System | |||||
| PHP Version | 5.3.3 | ||||
|
|
It's currently possible to turn XDebug off when not in use by changing the value of {trace,profile}_enable_trigger and doing an apache reload. So long as the module is still loaded, you won't need an apache restart. It would be much better though to have a shared secret cookie value, making it reasonably safe to leave XDebug turned on all the time. So can I add my voice to this one. I know in the company I work in, the list of people who could be given access to the shared secret value for producing trace files is not the same as the list of people who could be given root access to enable and disable XDebug in the ini file. In some cases we are working on client systems where noone in our company has root access, and to get xdebug's ini file changed requires going through a documented change management process, and considerable delay. I've had a go at producing a patch, but my C skills are pretty rusty, so nothing working yet. I've done a bit of thinking about the spec in the process though. I've so far been working on having extra configuration values ( {trace,profile}_enable_trigger_value ), but I do wonder if it would be better to change the semantics of {trace,profile}_enable_trigger so these are string values and for the sake of backward compatibility "0" is treated the same as no configured value or an empty string, meaning trigger is disabled, while any other value is treated as the required cookie value to activate the trigger. Also, I've been considering that perhaps the ini file should contain only a file path, not the secret value, so that access to the secret can be more restricted. |
|
|
I've attached a patch file for xdebug 2.0.5 which attempts to address this issue, along with adding trace triggers and access to trace_enable from the command line via the environment variable. This works in some cases, but can produce a segfault. Currently I can run it ok within apache (as configured), but I get a segfault when running php from the command line. |
|
|
Also, I'm unhappy with my current version in that the secret is stored in my xdebug.ini file, and viewable in a phpinfo() listing. |
|
|
xdebug-2.0.5-trace_trigger_secret-v2.patch deals with the segfault issue. It was caused by some debug lines I'd left in. This patch addresses this feature request (0000644), and also 0000517 and 0000675 in a single patch. |
|
|
I've uploaded a new svn-3438.patch which can be applied to svn as it stands at present. Lightly tested, but seems to work OK. storage of the secret is still not ideal. |
|
|
Hello Troels, I am not sure if you're still interested, but it would be great if you could create a pull request against https://github.com/xdebug/xdebug There is information at http://xdebug.org/contributing.php to provide some help with GIT. cheers, |
|
|
Fixed for 2.3dev. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2010-12-03 16:29 | troelskn | New Issue | |
| 2011-03-31 01:01 | ngaur | Note Added: 0001708 | |
| 2011-03-31 06:05 | ngaur | File Added: xdebug-2.0.5-trace_trigger_secret.patch | |
| 2011-03-31 06:13 | ngaur | Note Added: 0001709 | |
| 2011-03-31 06:14 | ngaur | Note Added: 0001710 | |
| 2011-03-31 07:03 | ngaur | File Added: xdebug-2.0.5-trace_trigger_secret-v2.patch | |
| 2011-03-31 07:08 | ngaur | Note Added: 0001711 | |
| 2011-04-12 05:27 | ngaur | File Added: svn-3438.patch | |
| 2011-04-12 05:29 | ngaur | Note Added: 0001721 | |
| 2014-02-27 20:05 | derick | Note Added: 0002724 | |
| 2014-02-27 20:05 | derick | Assigned To | => derick |
| 2014-02-27 20:05 | derick | Status | new => feedback |
| 2014-11-17 09:54 | derick | Note Added: 0002913 | |
| 2014-11-17 09:54 | derick | Status | feedback => closed |
| 2014-11-17 09:54 | derick | Resolution | open => fixed |
| 2014-11-17 09:54 | derick | Fixed in Version | => 2.3dev |
| 2015-02-22 14:30 | derick | Fixed in Version | 2.3dev => 2.3.0 |
| 2020-03-12 16:55 | derick | Severity | minor => feature |
| 2020-03-12 17:38 | derick | Category | Feature/Change request => Profiling |
