Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply PHP 8.2's SensitiveParameter attribute to Uri::withUserInfo() #116

Merged
merged 1 commit into from Aug 30, 2022
Merged

Apply PHP 8.2's SensitiveParameter attribute to Uri::withUserInfo() #116

merged 1 commit into from Aug 30, 2022

Conversation

TimWolla
Copy link
Contributor

Q A
Documentation no
Bugfix no
BC Break no
New Feature yes
RFC no
QA maybe

Description

Technically the $password will end up in the URI anyway when stringifying it.

Adding the Attribute is simple though and absolves the reader from needing to
consider whether not having the attribute in this specific instance is safe or
not.

I've searched the codebase for “password“, “auth” and “secret” and this is the only place where the attribute makes sense.

@TimWolla
Copy link
Contributor Author

Error: There must be exactly one space between parameter type hint and parameter $password.

That likely is a bug in PHP CodeSniffer?

Ocramius
Ocramius requested changes Aug 30, 2022
View reviewed changes
src/Uri.php Show resolved Hide resolved
Ocramius
Ocramius reviewed Aug 30, 2022
View reviewed changes
psalm.xml.dist Outdated Show resolved Hide resolved
@TimWolla
Apply PHP 8.2's SensitiveParameter attribute to Uri::withUserInfo()
9b5e106 
Technically the `$password` will end up in the URI anyway when stringifying it.

Adding the Attribute is simple though and absolves the reader from needing to
consider whether not having the attribute in this specific instance is safe or
not.

Signed-off-by: Tim Düsterhus <duesterhus@woltlab.com>
@Ocramius Ocramius added this to the 2.17.0 milestone Aug 30, 2022
@Ocramius Ocramius self-assigned this Aug 30, 2022
Ocramius
Ocramius approved these changes Aug 30, 2022
View reviewed changes
Copy link
Member

@Ocramius Ocramius left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @TimWolla!

@Ocramius Ocramius merged commit 5b32597 into laminas:2.17.x Aug 30, 2022
@TimWolla TimWolla deleted the sensitive-parameter branch August 30, 2022 17:01
@Ocramius Ocramius changed the title Apply PHP 8.2's SensitiveParameter attribute to Uri::withUserInfo() Apply PHP 8.2's SensitiveParameter attribute to Uri::withUserInfo() Aug 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ocramius Ocramius Ocramius approved these changes

Assignees

@Ocramius Ocramius

Labels
Enhancement
Projects
None yet
Milestone
2.17.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@TimWolla @Ocramius