PHP 8.2.32 Released!

SensitiveParameter 注解

(PHP 8 >= 8.2.0)

简介

该注解用于标记敏感参数,如果出现在栈跟踪中,则应编辑其值。

类摘要

#[\Attribute]
final class SensitiveParameter {
/* 方法 */
public function __construct ()
}

示例

<?php
function defaultBehavior(
 string $secret,
 string $normal
) {
 throw new Exception('Error!');
}
function sensitiveParametersWithAttribute(
 #[\SensitiveParameter]
 string $secret,
 string $normal
) {
 throw new Exception('Error!');
}
try {
 defaultBehavior('password', 'normal');
} catch (Exception $e) {
 echo $e, PHP_EOL, PHP_EOL;
}
try {
 sensitiveParametersWithAttribute('password', 'normal');
} catch (Exception $e) {
 echo $e, PHP_EOL, PHP_EOL;
}
?>

上述示例在 PHP 8.2 中的输出类似于:

Exception: Error! in example.php:7
Stack trace:
#0 example.php(19): defaultBehavior('password', 'normal')
#1 {main}
Exception: Error! in example.php:15
Stack trace:
#0 example.php(25): sensitiveParametersWithAttribute(Object(SensitiveParameterValue), 'normal')
#1 {main}

目录

发现了问题?

了解如何改进此页面提交拉取请求报告一个错误
+添加备注

用户贡献的备注 1 note

up
22
miqrogroove at gmail dot com
1 year ago
Beware this attribute does nothing on object interfaces and will permit password exposure when used incorrectly.
<?php
interface Server
{
 public function connect(
 #[\SensitiveParameter]
 string $password,
 );
}
class TestServer implements Server
{
 public function connect(
 string $password,
 ) {
 throw new Exception('Guess what?');
 }
}
($var = new TestServer())->connect('wrl!L3=6O57T9?r');
+添加备注

AltStyle によって変換されたページ (->オリジナル) /