rfc:redact_parameters_in_back_traces

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
rfc:redact_parameters_in_back_traces [2022/02/09 13:01] – Formatting timwollarfc:redact_parameters_in_back_traces [2022/06/13 09:15] (current) – Add the PR that applied the attribute to the existing functions. timwolla
Line 3: Line 3:
   * Date: 2022-01-10   * Date: 2022-01-10
   * Author: Tim Düsterhus, duesterhus@woltlab.com   * Author: Tim Düsterhus, duesterhus@woltlab.com
-  * Status: Voting+  * Status: Implemented 
 +  * Target Version: PHP 8.2 
 +  * Implementation: https://github.com/php/php-src/commit/90851977348cbb8c65fce19a1670868422414fae (Creation of the attribute) / https://github.com/php/php-src/pull/8352 (Applying the attribute)
   * First Published at: http://wiki.php.net/rfc/redact_parameters_in_back_traces   * First Published at: http://wiki.php.net/rfc/redact_parameters_in_back_traces
  
Line 437: Line 439:
 Voting started on 2022-02-09. Voting runs until 2022-02-23 at 13:30 UTC. Voting started on 2022-02-09. Voting runs until 2022-02-23 at 13:30 UTC.
  
-<doodle title="Redacting parameters in back traces" auth="timwolla" voteType="single" closed="false">+<doodle title="Redacting parameters in back traces" auth="timwolla" voteType="single" closed="true">
    * Yes    * Yes
    * No    * No
Line 445: Line 447:
  
 Prototype patch: https://github.com/php/php-src/pull/7921 Prototype patch: https://github.com/php/php-src/pull/7921
 +
 +===== Errata =====
 +
 +During code review it was noticed that the proposed serialization behavior of <php>\SensitiveParameterValue</php> was not useful:
 +
 +  * https://github.com/php/php-src/pull/7921#discussion_r813743903
 +  * https://externals.io/message/117136
 +
 +Compared to the proposal a userland implementation of <php>\SensitiveParameterValue</php> class would look like the following:
 +
 +<PHP>
 +<?php
 +
 +final class SensitiveParameterValue
 +{
 +    public function __construct(private readonly mixed $value) {}
 +
 +    public function getValue(): mixed { return $value; }
 +
 +    /* Hide the value from var_dump(). */
 +    public function __debugInfo(): array { return []; }
 +
 +    /* Prevent serialization. */
 +    public function __serialize(): array {
 +        throw new \Exception('...');
 +    }
 +
 +    /* Prevent unserialization. */
 +    public function __unserialize(array $data): void {
 +        throw new \Exception('...');
 +    }
 +}
 +</PHP>
 +
 +Note that the <php>__serialize()</php> and <php>__unserialize()</php> methods are not actually implemented. Serialization is prevented using a flag on the internal class implementation.
  
 ===== Implementation ===== ===== Implementation =====
  
-n/a+This was merged into PHP 8.2 in https://github.com/php/php-src/commit/90851977348cbb8c65fce19a1670868422414fae, based on the PR https://github.com/php/php-src/pull/7921. 
 + 
 +The attribute was applied to existing functions in https://github.com/php/php-src/pull/8352. 
  
 ===== References ===== ===== References =====
rfc/redact_parameters_in_back_traces.1644411679.txt.gz · Last modified: 2022/02/09 13:01 by timwolla

Page Tools