Support %P (Password or Secret) in qsprintf()
f842247de41a
Actions

Description

Support %P (Password or Secret) in qsprintf()

Summary: Depends on D19781. Fixes T6960. Ref T13217. Ref T13216. Occasionally, we issue queries which contain passwords or secrets. Supporting "%P" (similar to the csprintf() "%P") allows us to mask these in logs and output while still generating the correct values when we actually execute a query.

Test Plan:

$ cat test.php
<?php

require_once 'scripts/init/init-script.php';

$conn = id(new PhabricatorUser())->establishConnection('r');

$query = qsprintf(
  $conn,
  'SELECT %P',
  new PhutilOpaqueEnvelope('hunter2'));

echo $query."\n";
var_dump(queryfx_one($conn, '%Q', $query));

$ php -f test.php
SELECT ********
array(1) {
  ["hunter2"]=>
  string(7) "hunter2"
}

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13217, T13216, T6960

Differential Revision: https://secure.phabricator.com/D19782

Details

Provenance

epriestley	Authored on Nov 7 2018, 12:30 AM
epriestley	Pushed on Nov 13 2018, 4:48 PM

Reviewer

amckinley

Differential Revision

D19782: Support %P (Password or Secret) in qsprintf()

Parents

rPHUe1e8d3ba95b2: Make qsprintf() return an object, not a string, to support %P and hardening of…

Branches

Unknown

Tags

Unknown

Tasks

T13217: Upgrading: Hardening of qsprintf()
T6960: Support %P in qsprintf()
T13216: 2018 Week 45-47 Bonus Content

Build Status

Buildable 21134
Build 28730: Run Core Tests

Event Timeline

epriestley committed rPHUf842247de41a: Support %P (Password or Secret) in qsprintf() (authored by epriestley).Nov 13 2018, 4:48 PM

epriestley added a task: T13217: Upgrading: Hardening of qsprintf().

epriestley added a task: T13216: 2018 Week 45-47 Bonus Content.

epriestley added a task: T6960: Support %P in qsprintf().

Harbormaster completed building B21134: rPHUf842247de41a: Support %P (Password or Secret) in qsprintf().Nov 13 2018, 4:49 PM

Changes (1)

Path

Size

src/

xsprintf/

qsprintf.php

rPHUf842247de41a

View Options