From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Tue, 4 May 2021 07:51:58 +0000 (+0200)
Subject: Make use of \wcf\SensitiveArgument attribute
X-Git-Tag: 5.4.0_Alpha_1~4^2~1
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=2dcb1b3426217b6faf6c2b5f9eba84e9e873df78;p=GitHub%2FWoltLab%2FWCF.git

Make use of \wcf\SensitiveArgument attribute
---

diff --git a/wcfsetup/install/files/lib/data/user/User.class.php b/wcfsetup/install/files/lib/data/user/User.class.php
index 6a4b820aac..3152984278 100644
--- a/wcfsetup/install/files/lib/data/user/User.class.php
+++ b/wcfsetup/install/files/lib/data/user/User.class.php
@@ -152,8 +152,13 @@ final class User extends DatabaseObject implements IPopoverObject, IRouteControl
      * @param string $password
      * @return  bool        password correct
      */
-    public function checkPassword($password)
-    {
+    public function checkPassword(
+        // phpcs:disable Squiz.Functions.FunctionDeclarationArgumentSpacing.SpacingAfterHint
+        // phpcs:disable Squiz.Functions.MultiLineFunctionDeclaration.FirstParamSpacing
+        // https://github.com/squizlabs/PHP_CodeSniffer/pull/3320
+        #[\wcf\SensitiveArgument()]
+        $password
+    ) {
         $isValid = false;
 
         $manager = PasswordAlgorithmManager::getInstance();
diff --git a/wcfsetup/install/files/lib/system/user/authentication/DefaultUserAuthentication.class.php b/wcfsetup/install/files/lib/system/user/authentication/DefaultUserAuthentication.class.php
index 1515bd3860..2f22167665 100644
--- a/wcfsetup/install/files/lib/system/user/authentication/DefaultUserAuthentication.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/DefaultUserAuthentication.class.php
@@ -34,8 +34,14 @@ class DefaultUserAuthentication extends AbstractUserAuthentication
     /**
      * @inheritDoc
      */
-    public function loginManually($username, $password, $userClassname = User::class)
-    {
+    public function loginManually(
+        $username,
+        // phpcs:disable Squiz.Functions.FunctionDeclarationArgumentSpacing.SpacingAfterHint
+        // https://github.com/squizlabs/PHP_CodeSniffer/pull/3320
+        #[\wcf\SensitiveArgument()]
+        $password,
+        $userClassname = User::class
+    ) {
         $user = $this->getUserByLogin($username);
         $userSession = (\get_class($user) == $userClassname ? $user : new $userClassname(null, null, $user));