From 20a54a3006de7b2e845a6f653c74b9206de24754 Mon Sep 17 00:00:00 2001 From: epriestley Date: Thu, 18 Feb 2021 11:18:10 -0800 Subject: [PATCH] Apply "pcre.*_limit" ini options in web environments Summary: Ref T13100. Ref T13586. See D21566, which applied these changes to CLI environments. Also apply them to web environments. Test Plan: Loaded Phabricator. Maniphest Tasks: T13586, T13100 Differential Revision: https://secure.phabricator.com/D21567 --- support/startup/PhabricatorStartup.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/support/startup/PhabricatorStartup.php b/support/startup/PhabricatorStartup.php index 2ef257091f..bf66f8839b 100644 --- a/support/startup/PhabricatorStartup.php +++ b/support/startup/PhabricatorStartup.php @@ -400,6 +400,24 @@ final class PhabricatorStartup { // a UTF-8 locale we can encounter problems when launching subprocesses // which receive UTF-8 parameters in their command line argument list. @setlocale(LC_ALL, 'en_US.UTF-8'); + + $config_map = array( + // See PHI1894. Keep "args" in exception backtraces. + 'zend.exception_ignore_args' => 0, + + // See T13100. We'd like the regex engine to fail, rather than segfault, + // if handed a pathological regular expression. + 'pcre.backtrack_limit' => 10000, + 'pcre.recusion_limit' => 10000, + + // NOTE: Arcanist applies a similar set of startup options for CLI + // environments in "init-script.php". Changes here may also be + // appropriate to apply there. + ); + + foreach ($config_map as $config_key => $config_value) { + ini_set($config_key, $config_value); + } }