[wp-trac] [WordPress Trac] #57304: Add SensitiveParameter attribute to DB connection and login variables
WordPress Trac
noreply at wordpress.org
Mon Feb 27 22:17:19 UTC 2023
#57304: Add SensitiveParameter attribute to DB connection and login variables
-------------------------------+-----------------------------
Reporter: TobiasBg | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Future Release
Component: Security | Version:
Severity: normal | Resolution:
Keywords: needs-patch php82 | Focuses:
-------------------------------+-----------------------------
Comment (by petitphp):
Started working on a patch for this ticket and I encounter a small quirk.
To make this change compatible with PHP7.x and below we'll need to use a
custom formatting and include the attribute in its own line or this will
cause a Fatal error since it's interpreted as a comment and discard the
end of the line (see the [https://3v4l.org/9MhEf 3v4l.org demo]).
Example for the `wpdb` constructor we could end up with :
{{{#!php
public function __construct(
$dbuser,
#[\SensitiveParameter] <-- should be on its own line
$dbpassword,
$dbname,
$dbhost
) {
}}}
This looks ok to me, but I wanted to have other opinions before putting up
a patch.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57304#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list