[wp-trac] [WordPress Trac] #57304: Add SensitiveParameter attribute to DB connection and login variables

WordPress Trac noreply at wordpress.org
Mon Feb 27 22:17:19 UTC 2023


#57304: Add SensitiveParameter attribute to DB connection and login variables
-------------------------------+-----------------------------
 Reporter:  TobiasBg           |       Owner:  (none)
     Type:  enhancement        |      Status:  new
 Priority:  normal             |   Milestone:  Future Release
Component:  Security           |     Version:
 Severity:  normal             |  Resolution:
 Keywords:  needs-patch php82  |     Focuses:
-------------------------------+-----------------------------

Comment (by petitphp):

 Started working on a patch for this ticket and I encounter a small quirk.

 To make this change compatible with PHP7.x and below we'll need to use a
 custom formatting and include the attribute in its own line or this will
 cause a Fatal error since it's interpreted as a comment and discard the
 end of the line (see the [https://3v4l.org/9MhEf 3v4l.org demo]).

 Example for the `wpdb` constructor we could end up with :
 {{{#!php
 public function __construct(
         $dbuser,
         #[\SensitiveParameter] <-- should be on its own line
         $dbpassword,
         $dbname,
         $dbhost
 ) {
 }}}

 This looks ok to me, but I wanted to have other opinions before putting up
 a patch.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/57304#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list