Loading core/lib/Drupal/Core/FileTransfer/FTP.php +1 −1 Original line number Diff line number Diff line Loading @@ -10,7 +10,7 @@ abstract class FTP extends FileTransfer { /** * {@inheritdoc} */ public function __construct($jail, $username, $password, $hostname, $port) { public function __construct($jail, $username, #[\SensitiveParameter] $password, $hostname, $port) { $this->username = $username; $this->password = $password; $this->hostname = $hostname; Loading core/lib/Drupal/Core/FileTransfer/SSH.php +1 −1 Original line number Diff line number Diff line Loading @@ -10,7 +10,7 @@ class SSH extends FileTransfer implements ChmodInterface { /** * {@inheritdoc} */ public function __construct($jail, $username, $password, $hostname = "localhost", $port = 22) { public function __construct($jail, $username, #[\SensitiveParameter] $password, $hostname = "localhost", $port = 22) { $this->username = $username; $this->password = $password; $this->hostname = $hostname; Loading core/lib/Drupal/Core/Password/PasswordInterface.php +2 −2 Original line number Diff line number Diff line Loading @@ -21,7 +21,7 @@ interface PasswordInterface { * @return string * A string containing the hashed password, or FALSE on failure. */ public function hash($password); public function hash(#[\SensitiveParameter] $password); /** * Check whether a plain text password matches a hashed password. Loading @@ -34,7 +34,7 @@ public function hash($password); * @return bool * TRUE if the password is valid, FALSE if not. */ public function check($password, $hash); public function check(#[\SensitiveParameter] $password, #[\SensitiveParameter] $hash); /** * Check whether a hashed password needs to be replaced with a new hash. Loading core/lib/Drupal/Core/Password/PhpassHashedPassword.php +4 −4 Original line number Diff line number Diff line Loading @@ -155,7 +155,7 @@ protected function enforceLog2Boundaries($count_log2) { * A string containing the hashed password (and salt) or FALSE on failure. * The return string will be truncated at HASH_LENGTH characters max. */ protected function crypt($algo, $password, $setting) { protected function crypt($algo, #[\SensitiveParameter] $password, $setting) { // Prevent DoS attacks by refusing to hash large passwords. if (strlen($password) > PasswordInterface::PASSWORD_MAX_LENGTH) { return FALSE; Loading Loading @@ -213,14 +213,14 @@ public function getCountLog2($setting) { /** * {@inheritdoc} */ public function hash($password) { public function hash(#[\SensitiveParameter] $password) { return $this->crypt('sha512', $password, $this->generateSalt()); } /** * {@inheritdoc} */ public function check($password, $hash) { public function check(#[\SensitiveParameter] $password, #[\SensitiveParameter] $hash) { if (substr($hash, 0, 2) == 'U$') { // This may be an updated password from user_update_7000(). Such hashes // have 'U' added as the first character and need an extra md5() (see the Loading Loading @@ -258,7 +258,7 @@ public function check($password, $hash) { /** * {@inheritdoc} */ public function needsRehash($hash) { public function needsRehash(#[\SensitiveParameter] $hash) { // Check whether this was an updated password. if ((substr($hash, 0, 3) != '$S$') || (strlen($hash) != static::HASH_LENGTH)) { return TRUE; Loading core/lib/Drupal/Core/PrivateKey.php +1 −1 Original line number Diff line number Diff line Loading @@ -48,7 +48,7 @@ public function get() { * @param string $key * The private key to set. */ public function set($key) { public function set(#[\SensitiveParameter] $key) { return $this->state->set('system.private_key', $key); } Loading Loading
core/lib/Drupal/Core/FileTransfer/FTP.php +1 −1 Original line number Diff line number Diff line Loading @@ -10,7 +10,7 @@ abstract class FTP extends FileTransfer { /** * {@inheritdoc} */ public function __construct($jail, $username, $password, $hostname, $port) { public function __construct($jail, $username, #[\SensitiveParameter] $password, $hostname, $port) { $this->username = $username; $this->password = $password; $this->hostname = $hostname; Loading
core/lib/Drupal/Core/FileTransfer/SSH.php +1 −1 Original line number Diff line number Diff line Loading @@ -10,7 +10,7 @@ class SSH extends FileTransfer implements ChmodInterface { /** * {@inheritdoc} */ public function __construct($jail, $username, $password, $hostname = "localhost", $port = 22) { public function __construct($jail, $username, #[\SensitiveParameter] $password, $hostname = "localhost", $port = 22) { $this->username = $username; $this->password = $password; $this->hostname = $hostname; Loading
core/lib/Drupal/Core/Password/PasswordInterface.php +2 −2 Original line number Diff line number Diff line Loading @@ -21,7 +21,7 @@ interface PasswordInterface { * @return string * A string containing the hashed password, or FALSE on failure. */ public function hash($password); public function hash(#[\SensitiveParameter] $password); /** * Check whether a plain text password matches a hashed password. Loading @@ -34,7 +34,7 @@ public function hash($password); * @return bool * TRUE if the password is valid, FALSE if not. */ public function check($password, $hash); public function check(#[\SensitiveParameter] $password, #[\SensitiveParameter] $hash); /** * Check whether a hashed password needs to be replaced with a new hash. Loading
core/lib/Drupal/Core/Password/PhpassHashedPassword.php +4 −4 Original line number Diff line number Diff line Loading @@ -155,7 +155,7 @@ protected function enforceLog2Boundaries($count_log2) { * A string containing the hashed password (and salt) or FALSE on failure. * The return string will be truncated at HASH_LENGTH characters max. */ protected function crypt($algo, $password, $setting) { protected function crypt($algo, #[\SensitiveParameter] $password, $setting) { // Prevent DoS attacks by refusing to hash large passwords. if (strlen($password) > PasswordInterface::PASSWORD_MAX_LENGTH) { return FALSE; Loading Loading @@ -213,14 +213,14 @@ public function getCountLog2($setting) { /** * {@inheritdoc} */ public function hash($password) { public function hash(#[\SensitiveParameter] $password) { return $this->crypt('sha512', $password, $this->generateSalt()); } /** * {@inheritdoc} */ public function check($password, $hash) { public function check(#[\SensitiveParameter] $password, #[\SensitiveParameter] $hash) { if (substr($hash, 0, 2) == 'U$') { // This may be an updated password from user_update_7000(). Such hashes // have 'U' added as the first character and need an extra md5() (see the Loading Loading @@ -258,7 +258,7 @@ public function check($password, $hash) { /** * {@inheritdoc} */ public function needsRehash($hash) { public function needsRehash(#[\SensitiveParameter] $hash) { // Check whether this was an updated password. if ((substr($hash, 0, 3) != '$S$') || (strlen($hash) != static::HASH_LENGTH)) { return TRUE; Loading
core/lib/Drupal/Core/PrivateKey.php +1 −1 Original line number Diff line number Diff line Loading @@ -48,7 +48,7 @@ public function get() { * @param string $key * The private key to set. */ public function set($key) { public function set(#[\SensitiveParameter] $key) { return $this->state->set('system.private_key', $key); } Loading
