diff --git a/ext/pdo/pdo.c b/ext/pdo/pdo.c index f11b983a9a8..e8738db9f85 100644 --- a/ext/pdo/pdo.c +++ b/ext/pdo/pdo.c @@ -252,7 +252,7 @@ PHP_MINIT_FUNCTION(pdo) pdo_exception_ce = register_class_PDOException(spl_ce_RuntimeException); - pdo_dbh_init(); + pdo_dbh_init(module_number); pdo_stmt_init(); return SUCCESS; diff --git a/ext/pdo/pdo_dbh.c b/ext/pdo/pdo_dbh.c index 692f187a04d..6cb767aa712 100644 --- a/ext/pdo/pdo_dbh.c +++ b/ext/pdo/pdo_dbh.c @@ -28,6 +28,7 @@ #include "php_pdo.h" #include "php_pdo_driver.h" #include "php_pdo_int.h" +#include "zend_attributes.h" #include "zend_exceptions.h" #include "zend_object_handlers.h" #include "zend_hash.h" @@ -1325,7 +1326,7 @@ static HashTable *dbh_get_gc(zend_object *object, zval **gc_data, int *gc_count) static zend_object_handlers pdo_dbh_object_handlers; static void pdo_dbh_free_storage(zend_object *std); -void pdo_dbh_init(void) +void pdo_dbh_init(int module_number) { pdo_dbh_ce = register_class_PDO(); pdo_dbh_ce->create_object = pdo_dbh_new; @@ -1423,6 +1424,8 @@ void pdo_dbh_init(void) REGISTER_PDO_CLASS_CONST_LONG("CURSOR_FWDONLY", (zend_long)PDO_CURSOR_FWDONLY); REGISTER_PDO_CLASS_CONST_LONG("CURSOR_SCROLL", (zend_long)PDO_CURSOR_SCROLL); + + register_pdo_dbh_symbols(module_number, pdo_dbh_ce); } static void dbh_free(pdo_dbh_t *dbh, bool free_persistent) diff --git a/ext/pdo/pdo_dbh.stub.php b/ext/pdo/pdo_dbh.stub.php index 7ff52c9696a..571925dbb6e 100644 --- a/ext/pdo/pdo_dbh.stub.php +++ b/ext/pdo/pdo_dbh.stub.php @@ -5,6 +5,7 @@ /** @not-serializable */ class PDO { + /** @sensitive-param $password */ public function __construct(string $dsn, ?string $username = null, ?string $password = null, ?array $options = null) {} /** @tentative-return-type */ diff --git a/ext/pdo/pdo_dbh_arginfo.h b/ext/pdo/pdo_dbh_arginfo.h index 11d6fac08b5..ce1bbd6b08f 100644 --- a/ext/pdo/pdo_dbh_arginfo.h +++ b/ext/pdo/pdo_dbh_arginfo.h @@ -1,5 +1,5 @@ /* This is a generated file, edit the .stub.php file instead. - * Stub hash: 7d10dbdfd55eb4a4dc779cbf4fa000cdf4fb3539 */ + * Stub hash: 5d26f6875ff2704506a9f94b171adbe13aa40483 */ ZEND_BEGIN_ARG_INFO_EX(arginfo_class_PDO___construct, 0, 0, 1) ZEND_ARG_TYPE_INFO(0, dsn, IS_STRING, 0) @@ -95,6 +95,11 @@ static const zend_function_entry class_PDO_methods[] = { ZEND_FE_END }; +static void register_pdo_dbh_symbols(int module_number, zend_class_entry *class_entry_PDO) +{ + zend_mark_function_parameter_as_sensitive(&class_entry_PDO->function_table, "__construct", 2); +} + static zend_class_entry *register_class_PDO(void) { zend_class_entry ce, *class_entry; diff --git a/ext/pdo/php_pdo_int.h b/ext/pdo/php_pdo_int.h index c3d2fe00a1d..aa83c6603b5 100644 --- a/ext/pdo/php_pdo_int.h +++ b/ext/pdo/php_pdo_int.h @@ -25,7 +25,7 @@ extern HashTable pdo_driver_hash; extern zend_class_entry *pdo_exception_ce; int php_pdo_list_entry(void); -void pdo_dbh_init(void); +void pdo_dbh_init(int module_number); void pdo_stmt_init(void); extern zend_object *pdo_dbh_new(zend_class_entry *ce); diff --git a/ext/pdo/tests/sensitive_parameter.phpt b/ext/pdo/tests/sensitive_parameter.phpt new file mode 100644 index 00000000000..b9cf01baedf --- /dev/null +++ b/ext/pdo/tests/sensitive_parameter.phpt @@ -0,0 +1,17 @@ +--TEST-- +Test that sensitive parameters are marked sensitive. +--EXTENSIONS-- +pdo +--FILE-- + +--EXPECTF-- +PDOException: PDO::__construct(): Argument #1 ($dsn) must be a valid data source name in %s:%d +Stack trace: +#0 %s(%d): PDO->__construct('dsn', 'username', Object(SensitiveParameterValue)) +#1 {main}