From 7d000370b7fb14120c3bdc91141d86e46eb91864 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Tim=20D=C3=BCsterhus?= <duesterhus@woltlab.com>
Date: Wed, 5 May 2021 16:42:48 +0200
Subject: [PATCH] Skip argument sanitization when argument list is empty

There is no need to invoke heavy-weight reflection if nothing is to be
sanitized.
---
 wcfsetup/install/files/lib/core.functions.php | 66 ++++++++++---------
 1 file changed, 34 insertions(+), 32 deletions(-)

diff --git a/wcfsetup/install/files/lib/core.functions.php b/wcfsetup/install/files/lib/core.functions.php
index 2320209123..2cf712aa79 100644
--- a/wcfsetup/install/files/lib/core.functions.php
+++ b/wcfsetup/install/files/lib/core.functions.php
@@ -716,42 +716,44 @@ EXPLANATION;
 			if (!isset($item['type'])) $item['type'] = '';
 			if (!isset($item['args'])) $item['args'] = [];
 
-			if ($item['class']) {
-				$function = new \ReflectionMethod($item['class'], $item['function']);
-			}
-			else {
-				$function = new \ReflectionFunction($item['function']);
-			}
-
-			$parameters = $function->getParameters();
-			$i = 0;
-			foreach ($parameters as $parameter) {
-				$isSensitive = false;
-				if (
-					\method_exists($parameter, 'getAttributes')
-					&& !empty($parameter->getAttributes(\wcf\SensitiveArgument::class))
-				) {
-					$isSensitive = true;
+			if (!empty($item['args'])) {
+				if ($item['class']) {
+					$function = new \ReflectionMethod($item['class'], $item['function']);
 				}
-				if (\preg_match(
-					'/(?:^(?:password|passphrase|secret)|(?:Password|Passphrase|Secret))/',
-					$parameter->getName()
-				)) {
-					$isSensitive = true;
+				else {
+					$function = new \ReflectionFunction($item['function']);
 				}
 
-				if ($isSensitive && isset($item['args'][$i])) {
-					$item['args'][$i] = '[redacted]';
+				$parameters = $function->getParameters();
+				$i = 0;
+				foreach ($parameters as $parameter) {
+					$isSensitive = false;
+					if (
+						\method_exists($parameter, 'getAttributes')
+						&& !empty($parameter->getAttributes(\wcf\SensitiveArgument::class))
+					) {
+						$isSensitive = true;
+					}
+					if (\preg_match(
+						'/(?:^(?:password|passphrase|secret)|(?:Password|Passphrase|Secret))/',
+						$parameter->getName()
+					)) {
+						$isSensitive = true;
+					}
+
+					if ($isSensitive && isset($item['args'][$i])) {
+						$item['args'][$i] = '[redacted]';
+					}
+					$i++;
 				}
-				$i++;
-			}
-			
-			// strip database credentials
-			if (preg_match('~\\\\?wcf\\\\system\\\\database\\\\[a-zA-Z]*Database~', $item['class']) || $item['class'] === 'PDO') {
-				if ($item['function'] === '__construct') {
-					$item['args'] = array_map(function () {
-						return '[redacted]';
-					}, $item['args']);
+				
+				// strip database credentials
+				if (preg_match('~\\\\?wcf\\\\system\\\\database\\\\[a-zA-Z]*Database~', $item['class']) || $item['class'] === 'PDO') {
+					if ($item['function'] === '__construct') {
+						$item['args'] = array_map(function () {
+							return '[redacted]';
+						}, $item['args']);
+					}
 				}
 			}
 			
-- 
2.20.1