From 7c8c7a2cb3b4d0263a505c55704712a2e0c9ab07 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Fri, 24 Jun 2022 11:02:04 +0200
Subject: [PATCH] Use \SensitiveParameterValue as the replacement value in
 exception handling

Use the standard PHP 8.2 replacement value, instead of the `[redacted]` string
for consistency. This works as expected, because `SensitiveParameterValue` is
polyfilled.
---
 wcfsetup/install/files/lib/core.functions.php | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/wcfsetup/install/files/lib/core.functions.php b/wcfsetup/install/files/lib/core.functions.php
index ed81b6d393..8190bd7dd0 100644
--- a/wcfsetup/install/files/lib/core.functions.php
+++ b/wcfsetup/install/files/lib/core.functions.php
@@ -736,8 +736,12 @@ EXPLANATION;
 							$isSensitive = true;
 						}
 
-						if ($isSensitive && isset($item['args'][$i])) {
-							$item['args'][$i] = '[redacted]';
+						if (
+							$isSensitive
+							&& isset($item['args'][$i])
+							&& !($item['args'][$i] instanceof \SensitiveParameterValue)
+						) {
+							$item['args'][$i] = new \SensitiveParameterValue($item['args'][$i]);
 						}
 						$i++;
 					}
@@ -748,8 +752,12 @@ EXPLANATION;
 						|| $item['class'] === 'PDO'
 					) {
 						if ($item['function'] === '__construct') {
-							$item['args'] = array_map(function () {
-								return '[redacted]';
+							$item['args'] = array_map(function ($value) {
+								if (!($value instanceof \SensitiveParameterValue)) {
+									$value = new \SensitiveParameterValue($value);
+								}
+
+								return $value;
 							}, $item['args']);
 						}
 					}
-- 
2.20.1