starred/google2fa

Fork 0

mirror of https://github.com/antonioribeiro/google2fa.git synced 2026-04-25 08:05:49 +03:00

[PR #187] [MERGED] Add `\SensitiveParameter` attribute to params with any secret or key material #436

New issue

Closed

opened 2026-03-01 17:49:40 +03:00 by kerem · 0 comments

kerem commented

2026-03-01 17:49:40 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/antonioribeiro/google2fa/pull/187
Author: @spaze
Created: 2/7/2023
Status: ✅ Merged
Merged: 3/1/2023
Merged by: @antonioribeiro

Base: 8.x ← Head: spaze/sensitive-parameters

📝 Commits (1)

9c498ff Add \SensitiveParameter attribute to params with any secret or key material

📊 Changes

3 files changed (+82 additions, -34 deletions)

View changed files

📝 src/Google2FA.php (+34 -12)
📝 src/Support/Base32.php (+42 -20)
📝 src/Support/QRCode.php (+6 -2)

📄 Description

Hi, this attribute is used to mark a parameter that is sensitive and should have its value redacted if present in a stack trace. (verbatim copy from the PHP manual)

The redaction will be performed only on PHP 8.2 and newer but the attribute itself and the syntax is backwards compatible so using the class with let's say PHP 7.4 will still work as it did before.

I have added the attribute to all params that hold the secret, or the 2FA code, or strings that will contain parts of either of them.

Compare the call stacks, before:

and after the attribute has been added:

Thanks.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/antonioribeiro/google2fa/pull/187 **Author:** [@spaze](https://github.com/spaze) **Created:** 2/7/2023 **Status:** ✅ Merged **Merged:** 3/1/2023 **Merged by:** [@antonioribeiro](https://github.com/antonioribeiro) **Base:** `8.x` ← **Head:** `spaze/sensitive-parameters` --- ### 📝 Commits (1) - [`9c498ff`](https://github.com/antonioribeiro/google2fa/commit/9c498ff144d77dc4427aa552549585ef51bb4e56) Add \SensitiveParameter attribute to params with any secret or key material ### 📊 Changes **3 files changed** (+82 additions, -34 deletions) <details> <summary>View changed files</summary> 📝 `src/Google2FA.php` (+34 -12) 📝 `src/Support/Base32.php` (+42 -20) 📝 `src/Support/QRCode.php` (+6 -2) </details> ### 📄 Description Hi, this attribute is used to mark a parameter that is sensitive and should have its value redacted if present in a stack trace. (verbatim copy from the [PHP manual](https://www.php.net/manual/en/class.sensitiveparameter.php)) The redaction will be performed only on PHP 8.2 and newer but the attribute itself and the syntax is backwards compatible so using the class with let's say PHP 7.4 will still work as it did before. I have added the attribute to all params that hold the secret, or the 2FA code, or strings that will contain parts of either of them. Compare the call stacks, before: ![before](https://user-images.githubusercontent.com/1966648/217379948-dd968b16-68a9-45bd-8399-9ab9849eebac.png) and after the attribute has been added: ![after](https://user-images.githubusercontent.com/1966648/217379974-ed12a1c4-1473-48e8-95b8-9d7808c3635f.png) Thanks. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

kerem

2026-03-01 17:49:40 +03:00

closed this issue
added the
pull-request
label

No labels

bug

pull-request

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/google2fa#436

No description provided.

Rows
Columns

[PR #187] [MERGED] Add \SensitiveParameter attribute to params with any secret or key material #436

📋 Pull Request Information

📝 Commits (1)

📊 Changes

📄 Description

[PR #187] [MERGED] Add `\SensitiveParameter` attribute to params with any secret or key material #436