Page MenuHomePhabricator
Differential D19782

Support %P (Password or Secret) in qsprintf()
ClosedPublic
Actions

Authored by epriestley on Nov 7 2018, 12:34 AM.
Tags
None
Referenced Files
F18740943: D19782.id47248.diff
Thu, Oct 2, 7:07 AM
F18740784: D19782.id.diff
Thu, Oct 2, 5:45 AM
F18739597: D19782.diff
Wed, Oct 1, 10:06 PM
F18669792: D19782.diff
Wed, Sep 24, 9:58 PM
F18618334: D19782.diff
Sun, Sep 14, 11:48 PM
F18568709: D19782.id47285.diff
Wed, Sep 10, 12:23 AM
F18568708: D19782.id47248.diff
Wed, Sep 10, 12:23 AM
F18509912: D19782.id.diff
Fri, Sep 5, 3:40 AM
View All Files
Subscribers
None

Details

Reviewers
amckinley
Maniphest Tasks
T6960: Support %P in qsprintf()
T13216: 2018 Week 45-47 Bonus Content
T13217: Upgrading: Hardening of qsprintf()
Commits
rPHUf842247de41a: Support %P (Password or Secret) in qsprintf()
Summary

Depends on D19781. Fixes T6960. Ref T13217. Ref T13216. Occasionally, we issue queries which contain passwords or secrets. Supporting "%P" (similar to the csprintf() "%P") allows us to mask these in logs and output while still generating the correct values when we actually execute a query.

Test Plan
$ cat test.php 
<?php

require_once 'scripts/init/init-script.php';

$conn = id(new PhabricatorUser())->establishConnection('r');

$query = qsprintf(
  $conn,
  'SELECT %P',
  new PhutilOpaqueEnvelope('hunter2'));

echo $query."\n";
var_dump(queryfx_one($conn, '%Q', $query));
$ php -f test.php 
SELECT ********
array(1) {
  ["hunter2"]=>
  string(7) "hunter2"
}

Diff Detail

Repository
rPHU libphutil
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
src/
xsprintf/
41 lines

Diff 47285

View Options

src/xsprintf/qsprintf.php

Loading...
Phabricator · Built by Phacility