From 2dcb1b3426217b6faf6c2b5f9eba84e9e873df78 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Tue, 4 May 2021 09:51:58 +0200
Subject: [PATCH] Make use of \wcf\SensitiveArgument attribute

---
 wcfsetup/install/files/lib/data/user/User.class.php    |  9 +++++++--
 .../authentication/DefaultUserAuthentication.class.php | 10 ++++++++--
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/wcfsetup/install/files/lib/data/user/User.class.php b/wcfsetup/install/files/lib/data/user/User.class.php
index 6a4b820aac..3152984278 100644
--- a/wcfsetup/install/files/lib/data/user/User.class.php
+++ b/wcfsetup/install/files/lib/data/user/User.class.php
@@ -152,8 +152,13 @@ final class User extends DatabaseObject implements IPopoverObject, IRouteControl
      * @param string $password
      * @return  bool        password correct
      */
-    public function checkPassword($password)
-    {
+    public function checkPassword(
+        // phpcs:disable Squiz.Functions.FunctionDeclarationArgumentSpacing.SpacingAfterHint
+        // phpcs:disable Squiz.Functions.MultiLineFunctionDeclaration.FirstParamSpacing
+        // https://github.com/squizlabs/PHP_CodeSniffer/pull/3320
+        #[\wcf\SensitiveArgument()]
+        $password
+    ) {
         $isValid = false;
 
         $manager = PasswordAlgorithmManager::getInstance();
diff --git a/wcfsetup/install/files/lib/system/user/authentication/DefaultUserAuthentication.class.php b/wcfsetup/install/files/lib/system/user/authentication/DefaultUserAuthentication.class.php
index 1515bd3860..2f22167665 100644
--- a/wcfsetup/install/files/lib/system/user/authentication/DefaultUserAuthentication.class.php
+++ b/wcfsetup/install/files/lib/system/user/authentication/DefaultUserAuthentication.class.php
@@ -34,8 +34,14 @@ class DefaultUserAuthentication extends AbstractUserAuthentication
     /**
      * @inheritDoc
      */
-    public function loginManually($username, $password, $userClassname = User::class)
-    {
+    public function loginManually(
+        $username,
+        // phpcs:disable Squiz.Functions.FunctionDeclarationArgumentSpacing.SpacingAfterHint
+        // https://github.com/squizlabs/PHP_CodeSniffer/pull/3320
+        #[\wcf\SensitiveArgument()]
+        $password,
+        $userClassname = User::class
+    ) {
         $user = $this->getUserByLogin($username);
         $userSession = (\get_class($user) == $userClassname ? $user : new $userClassname(null, null, $user));
 
-- 
2.20.1