Consider parameters with password|passphrase|secret in their name to be sensitive

[GitHub/WoltLab/WCF.git] / wcfsetup / install / files / lib / core.functions.php

diff --git a/wcfsetup/install/files/lib/core.functions.php b/wcfsetup/install/files/lib/core.functions.php
index f96e050e11287a54d58b0991772a06a060784107..d325c4acd44a3dbd6bbf73b13644caeaaed4a62c 100644 (file)
--- a/wcfsetup/install/files/lib/core.functions.php
+++ b/wcfsetup/install/files/lib/core.functions.php
@@ -733,6 +733,12 @@ EXPLANATION;
                                ) {
                                        $isSensitive = true;
                                }
+                               if (\preg_match(
+                                       '/(?:^(?:password|passphrase|secret)|(?:Password|Passphrase|Secret))/',
+                                       $parameter->getName()
+                               )) {
+                                       $isSensitive = true;
+                               }
 
                                if ($isSensitive && isset($item['args'][$i])) {
                                        $item['args'][$i] = '[redacted]';