[wp-trac] [WordPress Trac] #57304: Add SensitiveParameter attribute to DB connection and login variables
WordPress Trac
noreply at wordpress.org
Fri Dec 9 21:34:04 UTC 2022
#57304: Add SensitiveParameter attribute to DB connection and login variables
-------------------------+-------------------------------
Reporter: TobiasBg | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: 6.2
Component: Security | Version:
Severity: normal | Keywords: needs-patch php82
Focuses: |
-------------------------+-------------------------------
PHP 8.2 introduces a [https://www.php.net/manual/en/class.sensitive-
parameter.php SensitiveParameter] attribute that can "mark a parameter
that is sensitive and should have its value redacted if present in a stack
trace."
WordPress deals with user passwords, database login credentials, etc. To
protect these from appearing in logs or stack traces (which sometimes get
copied into bug reports in forum threads and similar), using the
`#[\SensitiveParameter]` attribute for such variables should be explored.
As that attribute starts with a `#`, which indicates a comment, it's safe
to use this with older versions of PHP as well (similar to the
`#[\AllowDynamicProperties]` attribute that is already used in Core).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57304>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list