[PHP-DEV] RFC: PHP 6 include E_NOTICE in default php.ini
As promised in another thread, I have created a formal RFC on the topic of including E_NOTICE in the default php.ini.* files. Please note that I am specifically not proposing E_STRICT nor E_DEPRECATED in this RFC, as I believe the each need to be considered on their own merits, and not lumped into one decision nor even conversation. https://wiki.php.net/rfc/error_reporting_e_notice My first formal RFC, so please be gentle :-) -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=FS9NLTNEEKWBE -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RFC: PHP 6 include E_NOTICE in default php.ini
I think it's a good idea, though I'm not sure it should be done in the production one as well. I'm not sure, but I think these errors are generally suppressed in production because of potential security concerns involved in making those errors public. I would suggest amending the RFC so that it only applies to php.ini-development. Other than that, I like it. --Kris On Mon, Feb 27, 2012 at 8:01 AM, Richard Lynch c...@l-i-e.com wrote: As promised in another thread, I have created a formal RFC on the topic of including E_NOTICE in the default php.ini.* files. Please note that I am specifically not proposing E_STRICT nor E_DEPRECATED in this RFC, as I believe the each need to be considered on their own merits, and not lumped into one decision nor even conversation. https://wiki.php.net/rfc/error_reporting_e_notice My first formal RFC, so please be gentle :-) -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=FS9NLTNEEKWBE -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RFC: PHP 6 include E_NOTICE in default php.ini
On Mon, February 27, 2012 1:33 pm, Kris Craig wrote: I think it's a good idea, though I'm not sure it should be done in the production one as well. I'm not sure, but I think these errors are generally suppressed in production because of potential security concerns involved in making those errors public. I would contend that if you have any errors at any level of E_* going out over HTTP, you have done it wrong. It is true that in the days of register_globals, the E_NOTICE going to the HTML was a gold-mine for abusers of potential security threats. But all of E_* messages are also goldmines of the same ilk. That said, I would suggest amending the RFC so that it only applies to php.ini-development. Other than that, I like it. If most cheap webhosts chose php.ini-development, I'd be okay with this, as it probably is not suitable for PRODUCTION environments for the experts. Unfortunately, most cheap webhosts go with php.ini-production, as they are production environments, and the unwashed masses of users of said cheap webhosts are the target audience of the proposal. As stated in the RFC, the experts can and will change their php.ini to their taste in each environment: It's the masses of users who don't even know there is a choice that are being hurt by the current default setting, writing bad code, asking questions of obvious typos that E_NOTICE would catch, and remaining un-educated for too long that they develop bad habits. Not that I think this will eliminate newbie postings. There will always be those who don't even read or comprehend the most clear error messages. But I think it will reduce the number of postings by newbies who are tripped up by the typical mistakes E_NOTICE exposes. PS I want to thank you for your reasoned response, especially given the other thread we are involved in! -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=FS9NLTNEEKWBE -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RFC: PHP 6 include E_NOTICE in default php.ini
Hi Richard, I'm a little confused. Showing E_NOTICE errors is already the default with both php.ini-* files. What does this RFC change? Are you proposing that the PHP default value (without a php.ini) be modified? ; error_reporting ; Default Value: E_ALL ~E_NOTICE ~E_STRICT ~E_DEPRECATED ; Development Value: E_ALL ; Production Value: E_ALL ~E_DEPRECATED ~E_STRICT Regards, Philip Ref: http://svn.php.net/viewvc/php/php-src/branches/PHP_5_4/php.ini-production?view=markup -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] RFC: PHP 6 include E_NOTICE in default php.ini
Hei, Richard I've looked into the php.ini.* files of PHP 5.4 for windows and saw the following line in *production*: error_reporting = E_ALL ~E_DEPRECATED ~E_STRICT display_errors = On log_errors = On and the following line in *development*: error_reporting = E_ALL display_errors = Off log_errors = On I also looked up the function error_reporting and came around that: http://no.php.net/manual/en/errorfunc.configuration.php#ini.error-reporting http://php.net/manual/en/function.error-reporting.php#refsect1-function.error-reporting-changelog The first link seems to contain some out-dated information ... That was the reason why you raised the RFC, right? Here's how I understood the second link and the settings I found in the windows version: You'll get every message reported by the php-parser in your log by default if you're working using the development version and won't get any deprecated and strict messages in *production*. If this messages are written into a log-file or passed to the output is up to the rest of the settings where in both environments both they're written into the error-log-file but only *development *it is additionally visible to the user. So for the windows environment (if you'd ask me) this seems solved. I have not looked into the other environments yet. If they are not the same we should work to keep the default-configuration in one way, whatever OS you're working on. Bye Simon 2012/2/27 Richard Lynch c...@l-i-e.com On Mon, February 27, 2012 1:33 pm, Kris Craig wrote: I think it's a good idea, though I'm not sure it should be done in the production one as well. I'm not sure, but I think these errors are generally suppressed in production because of potential security concerns involved in making those errors public. I would contend that if you have any errors at any level of E_* going out over HTTP, you have done it wrong. It is true that in the days of register_globals, the E_NOTICE going to the HTML was a gold-mine for abusers of potential security threats. But all of E_* messages are also goldmines of the same ilk. That said, I would suggest amending the RFC so that it only applies to php.ini-development. Other than that, I like it. If most cheap webhosts chose php.ini-development, I'd be okay with this, as it probably is not suitable for PRODUCTION environments for the experts. Unfortunately, most cheap webhosts go with php.ini-production, as they are production environments, and the unwashed masses of users of said cheap webhosts are the target audience of the proposal. As stated in the RFC, the experts can and will change their php.ini to their taste in each environment: It's the masses of users who don't even know there is a choice that are being hurt by the current default setting, writing bad code, asking questions of obvious typos that E_NOTICE would catch, and remaining un-educated for too long that they develop bad habits. Not that I think this will eliminate newbie postings. There will always be those who don't even read or comprehend the most clear error messages. But I think it will reduce the number of postings by newbies who are tripped up by the typical mistakes E_NOTICE exposes. PS I want to thank you for your reasoned response, especially given the other thread we are involved in! -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclickhosted_button_id=FS9NLTNEEKWBE -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php