Skip argument sanitization when argument list is empty

There is no need to invoke heavy-weight reflection if nothing is to be
sanitized.

diff --git a/wcfsetup/install/files/lib/core.functions.php b/wcfsetup/install/files/lib/core.functions.php
index 2320209123107d4cefe7645f18077909121c9523..2cf712aa79175b85eaeb9f1201dd0c51e4ebf3bd 100644 (file)
--- a/wcfsetup/install/files/lib/core.functions.php
+++ b/wcfsetup/install/files/lib/core.functions.php
@@ -716,42 +716,44 @@ EXPLANATION;
                        if (!isset($item['type'])) $item['type'] = '';
                        if (!isset($item['args'])) $item['args'] = [];
 
-                       if ($item['class']) {
-                               $function = new \ReflectionMethod($item['class'], $item['function']);
-                       }
-                       else {
-                               $function = new \ReflectionFunction($item['function']);
-                       }
-
-                       $parameters = $function->getParameters();
-                       $i = 0;
-                       foreach ($parameters as $parameter) {
-                               $isSensitive = false;
-                               if (
-                                       \method_exists($parameter, 'getAttributes')
-                                       && !empty($parameter->getAttributes(\wcf\SensitiveArgument::class))
-                               ) {
-                                       $isSensitive = true;
+                       if (!empty($item['args'])) {
+                               if ($item['class']) {
+                                       $function = new \ReflectionMethod($item['class'], $item['function']);
                                }
-                               if (\preg_match(
-                                       '/(?:^(?:password|passphrase|secret)|(?:Password|Passphrase|Secret))/',
-                                       $parameter->getName()
-                               )) {
-                                       $isSensitive = true;
+                               else {
+                                       $function = new \ReflectionFunction($item['function']);
                                }
 
-                               if ($isSensitive && isset($item['args'][$i])) {
-                                       $item['args'][$i] = '[redacted]';
+                               $parameters = $function->getParameters();
+                               $i = 0;
+                               foreach ($parameters as $parameter) {
+                                       $isSensitive = false;
+                                       if (
+                                               \method_exists($parameter, 'getAttributes')
+                                               && !empty($parameter->getAttributes(\wcf\SensitiveArgument::class))
+                                       ) {
+                                               $isSensitive = true;
+                                       }
+                                       if (\preg_match(
+                                               '/(?:^(?:password|passphrase|secret)|(?:Password|Passphrase|Secret))/',
+                                               $parameter->getName()
+                                       )) {
+                                               $isSensitive = true;
+                                       }
+
+                                       if ($isSensitive && isset($item['args'][$i])) {
+                                               $item['args'][$i] = '[redacted]';
+                                       }
+                                       $i++;
                                }
-                               $i++;
-                       }
-                       
-                       // strip database credentials
-                       if (preg_match('~\\\\?wcf\\\\system\\\\database\\\\[a-zA-Z]*Database~', $item['class']) || $item['class'] === 'PDO') {
-                               if ($item['function'] === '__construct') {
-                                       $item['args'] = array_map(function () {
-                                               return '[redacted]';
-                                       }, $item['args']);
+                               
+                               // strip database credentials
+                               if (preg_match('~\\\\?wcf\\\\system\\\\database\\\\[a-zA-Z]*Database~', $item['class']) || $item['class'] === 'PDO') {
+                                       if ($item['function'] === '__construct') {
+                                               $item['args'] = array_map(function () {
+                                                       return '[redacted]';
+                                               }, $item['args']);
+                                       }
                                }
                        }