From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Tue, 4 May 2021 09:52:44 +0000 (+0200)
Subject: Consider parameters with password|passphrase|secret in their name to be sensitive
X-Git-Tag: 5.4.0_Alpha_1~4^2~2
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=80b38d0992dfe069b98b2f2bb7e720a2daa3c790;p=GitHub%2FWoltLab%2FWCF.git

Consider parameters with password|passphrase|secret in their name to be sensitive
---

diff --git a/wcfsetup/install/files/lib/core.functions.php b/wcfsetup/install/files/lib/core.functions.php
index f96e050e11..d325c4acd4 100644
--- a/wcfsetup/install/files/lib/core.functions.php
+++ b/wcfsetup/install/files/lib/core.functions.php
@@ -733,6 +733,12 @@ EXPLANATION;
 				) {
 					$isSensitive = true;
 				}
+				if (\preg_match(
+					'/(?:^(?:password|passphrase|secret)|(?:Password|Passphrase|Secret))/',
+					$parameter->getName()
+				)) {
+					$isSensitive = true;
+				}
 
 				if ($isSensitive && isset($item['args'][$i])) {
 					$item['args'][$i] = '[redacted]';