Context Navigation

← Previous Change
Next Change →

class-wpdb.php

Timestamp:

02/03/2025 07:50:50 PM (4 months ago)

Author:

johnbillion

Message:

Security: Add the SensitiveParameter attribute to sensitive parameters.

Values passed to parameters with this attribute will be redacted if present in a stack trace when using PHP 8.2 or later. This reduces the chance that passwords and security keys get accidentally exposed in debug logs and bug reports.

Props petitphp, TobiasBg, jrf, johnbillion.

Fixes #57304

File:

: 1 edited

trunk/src/wp-includes/class-wpdb.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/wp-includes/class-wpdb.php

-                      r59159
+                      r59754
      * @param string $dbhost     Database host.
      */
+    public function __construct( $dbuser, $dbpassword, $dbname, $dbhost ) {
+    public function __construct(
+        $dbuser,
+        #[\SensitiveParameter]
+        $dbpassword,
+        $dbname,
+        $dbhost
+    ) {
         if ( WP_DEBUG && WP_DEBUG_DISPLAY ) {
             $this->show_errors();

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 59754 for trunk/src/wp-includes/class-wpdb.php

Legend:

trunk/src/wp-includes/class-wpdb.php

Download in other formats: