Issue #3358514 by poker10, mcdruid, smustgrave: Make phpinfo on the admin status report configurable

core/assets/scaffold/files/default.settings.php

@@ -560,6 +560,23 @@ $settings['update_free_access'] = FALSE;
  */
 # $settings['file_sa_core_2023_005_schemes'] = ['porcelain'];
 
+/**
+ * Configuration for phpinfo() admin status report.
+ *
+ * Drupal's admin UI includes a report at admin/reports/status/php which shows
+ * the output of phpinfo(). The full output can contain sensitive information
+ * so by default Drupal removes some sections.
+ *
+ * This behaviour can be configured by setting this variable to a different
+ * value corresponding to the flags parameter of phpinfo().
+ *
+ * If you need to expose more information in the report - for example to debug a
+ * problem - consider doing so temporarily.
+ *
+ * @see https://www.php.net/manual/function.phpinfo.php
+ */
+# $settings['sa_core_2023_004_phpinfo_flags'] = ~ (INFO_VARIABLES | INFO_ENVIRONMENT);
+
 /**
  * Private file path:
  *

core/modules/system/src/Controller/SystemInfoController.php

@@ -2,6 +2,7 @@
 
 namespace Drupal\system\Controller;
 
+use Drupal\Core\Site\Settings;
 use Symfony\Component\DependencyInjection\ContainerInterface;
 use Symfony\Component\HttpFoundation\Response;
 use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
@@ -62,7 +63,8 @@ class SystemInfoController implements ContainerInjectionInterface {
   public function php() {
     if (function_exists('phpinfo')) {
       ob_start();
-      phpinfo(~ (INFO_VARIABLES | INFO_ENVIRONMENT));
+      $phpinfo_flags = Settings::get('sa_core_2023_004_phpinfo_flags', ~ (INFO_VARIABLES | INFO_ENVIRONMENT));
+      phpinfo($phpinfo_flags);
       $output = ob_get_clean();
     }
     else {

core/modules/system/tests/src/Functional/System/StatusTest.php

@@ -93,6 +93,15 @@ class StatusTest extends BrowserTestBase {
     $this->drupalGet('admin/reports/status/php');
     $this->assertSession()->statusCodeEquals(200);
 
+    $settings['settings']['sa_core_2023_004_phpinfo_flags'] = (object) [
+      'value' => INFO_ALL,
+      'required' => TRUE,
+    ];
+    $this->writeSettings($settings);
+    $this->drupalGet('admin/reports/status/php');
+    $this->assertSession()->pageTextContains('PHP');
+    $this->assertSession()->pageTextContains('$_COOKIE');
+
     // Check if cron error is displayed in errors section.
     $cron_last_run = \Drupal::state()->get('system.cron_last');
     \Drupal::state()->set('system.cron_last', 0);

sites/default/default.settings.php

@@ -560,6 +560,23 @@ $settings['update_free_access'] = FALSE;
  */
 # $settings['file_sa_core_2023_005_schemes'] = ['porcelain'];
 
+/**
+ * Configuration for phpinfo() admin status report.
+ *
+ * Drupal's admin UI includes a report at admin/reports/status/php which shows
+ * the output of phpinfo(). The full output can contain sensitive information
+ * so by default Drupal removes some sections.
+ *
+ * This behaviour can be configured by setting this variable to a different
+ * value corresponding to the flags parameter of phpinfo().
+ *
+ * If you need to expose more information in the report - for example to debug a
+ * problem - consider doing so temporarily.
+ *
+ * @see https://www.php.net/manual/function.phpinfo.php
+ */
+# $settings['sa_core_2023_004_phpinfo_flags'] = ~ (INFO_VARIABLES | INFO_ENVIRONMENT);
+
 /**
  * Private file path:
  *