Merge pull request #45 from tangrufus/sensitive-parameter

Mark `$password` and `$hash` as `SensitiveParameter`
roots · Nov 27, 2024 · a15a506 · a15a506
2 parents 833311e + 013e859
commit a15a506
Showing 1 changed file with 16 additions and 6 deletions.
diff --git a/wp-password-bcrypt.php b/wp-password-bcrypt.php
@@ -26,8 +26,13 @@
  *
  * @SuppressWarnings(PHPMD.CamelCaseVariableName) $wp_hasher
  */
-function wp_check_password($password, $hash, $user_id = '')
-{
+function wp_check_password(
+    #[\SensitiveParameter]
+    $password,
+    #[\SensitiveParameter]
+    $hash,
+    $user_id = ''
+) {
     if (! password_needs_rehash($hash, PASSWORD_DEFAULT, apply_filters('wp_hash_password_options', []))) {
         return apply_filters(
             'check_password',
@@ -67,8 +72,10 @@ function wp_check_password($password, $hash, $user_id = '')
  * @param  string $password The password in plain text.
  * @return string
  */
-function wp_hash_password($password)
-{
+function wp_hash_password(
+    #[\SensitiveParameter]
+    $password
+) {
     return password_hash(
         $password,
         PASSWORD_DEFAULT,
@@ -83,8 +90,11 @@ function wp_hash_password($password)
  * @param  int    $user_id  The user ID.
  * @return string The new hashed password.
  */
-function wp_set_password($password, $user_id)
-{
+function wp_set_password(
+    #[\SensitiveParameter]
+    $password,
+    $user_id
+) {
     $old_user_data = get_userdata($user_id);
     $hash = wp_hash_password($password);
     $is_api_request = apply_filters(