PHP 8.2: Added #[\SensitiveParameter] to all the codebase

.rector.php

@@ -38,5 +38,15 @@
         DeadCode\ClassMethod\RemoveUselessParamTagRector::class,
         DeadCode\ClassMethod\RemoveUselessReturnTagRector::class,
         DeadCode\Property\RemoveUselessVarTagRector::class,
+        Rector\Php83\Rector\ClassMethod\AddOverrideAttributeToOverriddenMethodsRector::class,
         TypeDeclaration\ClassMethod\ReturnNeverTypeRector::class,
+    ])
+    ->withConfiguredRule(Rector\Php82\Rector\Param\AddSensitiveParameterAttributeRector::class, [
+        'sensitive_parameters' => [
+            'apiKey',
+            'email',
+            'useremail',
+            'username',
+            'password'
+        ],
     ]);

app/code/core/Mage/Admin/Model/Resource/User.php

@@ -74,7 +74,7 @@ public function recordLogin(Mage_Admin_Model_User $user)
      * @param string $username
      * @return false|array
      */
-    public function loadByUsername($username)
+    public function loadByUsername(#[\SensitiveParameter] $username)
     {
         $adapter = $this->_getReadAdapter();
 

app/code/core/Mage/Admin/Model/Session.php

@@ -142,7 +142,7 @@ protected function logoutIndirect()
      * @param  Mage_Core_Controller_Request_Http $request
      * @return Mage_Admin_Model_User|null
      */
-    public function login($username, $password, $request = null)
+    public function login(#[\SensitiveParameter] $username, #[\SensitiveParameter] $password, $request = null)
     {
         if (empty($username) || empty($password)) {
             return null;
@@ -306,7 +306,7 @@ protected function _getRequestUri($request = null)
      * @param string $message
      * @param Mage_Core_Controller_Request_Http|null $request
      */
-    protected function _loginFailed($e, $request, $username, $message)
+    protected function _loginFailed($e, $request, #[\SensitiveParameter] $username, $message)
     {
         try {
             Mage::dispatchEvent('admin_session_user_login_failed', [

app/code/core/Mage/Admin/Model/User.php

@@ -372,7 +372,7 @@ public function getAclRole()
      * @return bool
      * @throws Mage_Core_Exception
      */
-    public function authenticate($username, $password)
+    public function authenticate(#[\SensitiveParameter] $username, #[\SensitiveParameter] $password)
     {
         $config = Mage::getStoreConfigFlag('admin/security/use_case_sensitive_login');
         $result = false;
@@ -425,7 +425,7 @@ public function validatePasswordHash(string $string1, string $string2): bool
      * @return  $this
      * @throws Mage_Core_Exception
      */
-    public function login($username, $password)
+    public function login(#[\SensitiveParameter] $username, #[\SensitiveParameter] $password)
     {
         if ($this->authenticate($username, $password)) {
             $this->getResource()->recordLogin($this);
@@ -460,7 +460,7 @@ public function reload()
      * @param string $username
      * @return $this
      */
-    public function loadByUsername($username)
+    public function loadByUsername(#[\SensitiveParameter] $username)
     {
         $this->setData($this->getResource()->loadByUsername($username));
         return $this;
@@ -483,7 +483,7 @@ public function hasAssigned2Role($user)
      * @param string $password
      * @return string
      */
-    protected function _getEncodedPassword($password)
+    protected function _getEncodedPassword(#[\SensitiveParameter] $password)
     {
         return Mage::helper('core')->getHash($password, self::HASH_SALT_LENGTH);
     }
@@ -641,7 +641,7 @@ public function validate()
      * @return array|true
      * @throws Zend_Validate_Exception
      */
-    public function validateCurrentPassword($password)
+    public function validateCurrentPassword(#[\SensitiveParameter] $password)
     {
         $result = [];
 

app/code/core/Mage/Adminhtml/Controller/Action.php

@@ -414,7 +414,7 @@ protected function _validateSecretKey()
      *
      * @return mixed - returns true or array of errors
      */
-    protected function _validateCurrentPassword($password)
+    protected function _validateCurrentPassword(#[\SensitiveParameter] $password)
     {
         $user = Mage::getSingleton('admin/session')->getUser();
         return $user->validateCurrentPassword($password);

app/code/core/Mage/Api/Model/Resource/User.php

@@ -131,8 +131,8 @@
      * @param string $username
      * @return array
      */
-    public function loadByUsername($username)
+    public function loadByUsername(#[\SensitiveParameter] $username)
     {
         $adapter = $this->_getReadAdapter();
         $select = $adapter->select()->from($this->getTable('api/user'))
             ->where('username=:username');
@@ -169,7 +169,7 @@
      * @param string $sessid
      * @return $this
      */
     public function clearBySessId($sessid)
     {
         $this->_getWriteAdapter()->delete(
             $this->getTable('api/session'),
@@ -184,7 +184,7 @@
      * @param int | Mage_Api_Model_User $user
      * @return null | array
      */
     public function hasAssigned2Role($user)
     {
         $userId = null;
         $result = null;
@@ -209,7 +209,7 @@
      *
      * @return $this
      */
     protected function _beforeSave(Mage_Core_Model_Abstract $user)
     {
         $now = Varien_Date::now();
         if (!$user->getId()) {
@@ -225,7 +225,7 @@
      * @return $this
      * @throws Exception
      */
     public function delete(Mage_Core_Model_Abstract $user)
     {
         $dbh = $this->_getWriteAdapter();
         $uid = (int) $user->getId();
@@ -246,7 +246,7 @@
      *
      * @return $this|Mage_Core_Model_Abstract
      */
     public function _saveRelations(Mage_Core_Model_Abstract $user)
     {
         $rolesIds = $user->getRoleIds();
         if (!is_array($rolesIds) || count($rolesIds) == 0) {
@@ -296,7 +296,7 @@
      *
      * @return array
      */
     public function _getRoles(Mage_Core_Model_Abstract $user)
     {
         if (!$user->getId()) {
             return [];
@@ -323,7 +323,7 @@
      *
      * @return $this
      */
     public function add(Mage_Core_Model_Abstract $user)
     {
         $adapter = $this->_getWriteAdapter();
         $aRoles  = $this->hasAssigned2Role($user);
@@ -358,7 +358,7 @@
      *
      * @return $this
      */
     public function deleteFromRole(Mage_Core_Model_Abstract $user)
     {
         if ($user->getUserId() <= 0) {
             return $this;
@@ -384,7 +384,7 @@
      *
      * @return array
      */
     public function roleUserExists(Mage_Core_Model_Abstract $user)
     {
         $result = [];
         if ($user->getUserId() > 0) {

app/code/core/Mage/Api/Model/Server/Handler/Abstract.php

@@ -207,7 +207,7 @@ protected function _prepareResourceModelName($resource)
      * @param string $apiKey
      * @return string
      */
-    public function login($username, $apiKey = null)
+    public function login(#[\SensitiveParameter] $username, #[\SensitiveParameter] $apiKey = null)
     {
         if (empty($username) || empty($apiKey)) {
             return $this->_fault('invalid_request_param');

app/code/core/Mage/Api/Model/Server/Wsi/Handler.php

@@ -80,7 +80,7 @@ public function __call($function, $args)
      * @param string $apiKey
      * @return stdClass
      */
-    public function login($username, $apiKey = null)
+    public function login(#[\SensitiveParameter] $username, #[\SensitiveParameter] $apiKey = null)
     {
         if (is_object($username)) {
             $apiKey = $username->apiKey;

app/code/core/Mage/Api/Model/Session.php

@@ -122,7 +122,7 @@ public function getIsInstaLogin(): bool
      * @return mixed
      * @throws Mage_Core_Exception
      */
-    public function login($username, $apiKey)
+    public function login(#[\SensitiveParameter] $username, #[\SensitiveParameter] $apiKey)
     {
         $user = Mage::getModel('api/user')
             ->setSessid($this->getSessionId());

app/code/core/Mage/Api/Model/User.php

@@ -238,7 +238,7 @@ public function getAclRole()
      * @return bool
      * @throws Exception
      */
-    public function authenticate($username, $apiKey)
+    public function authenticate(#[\SensitiveParameter] $username, #[\SensitiveParameter] $apiKey)
     {
         $this->loadByUsername($username);
         if (!$this->getId()) {
@@ -261,7 +261,7 @@ public function authenticate($username, $apiKey)
      * @return Mage_Api_Model_User
      * @throws Exception
      */
-    public function login($username, $apiKey)
+    public function login(#[\SensitiveParameter] $username, #[\SensitiveParameter] $apiKey)
     {
         $sessId = $this->getSessid();
         if ($this->authenticate($username, $apiKey)) {
@@ -295,7 +295,7 @@ public function reload()
      * @param string $username
      * @return $this
      */
-    public function loadByUsername($username)
+    public function loadByUsername(#[\SensitiveParameter] $username)
     {
         $this->setData($this->getResource()->loadByUsername($username));
         return $this;
@@ -342,7 +342,7 @@ public function hasAssigned2Role($user)
      * @param string $apiKey
      * @return string
      */
-    protected function _getEncodedApiKey($apiKey)
+    protected function _getEncodedApiKey(#[\SensitiveParameter] $apiKey)
     {
         return Mage::helper('core')->getHash($apiKey, Mage_Admin_Model_User::HASH_SALT_LENGTH);
     }

app/code/core/Mage/Checkout/Model/Type/Abstract.php

@@ -148,7 +148,7 @@ protected function _createOrderFromAddress($address)
      * @param Mage_Sales_Model_Order $order
      * @deprecated after 1.4.0.0-rc1
      */
-    protected function _emailOrderConfirmation($email, $name, $order)
+    protected function _emailOrderConfirmation(#[\SensitiveParameter] $email, $name, $order)
     {
         $mailer = Mage::getModel('core/email')
             ->setTemplate('email/order.phtml')

app/code/core/Mage/Checkout/Model/Type/Onepage.php

@@ -911,7 +911,7 @@ protected function validateOrder()
      * @param int $websiteId
      * @return false|Mage_Customer_Model_Customer
      */
-    protected function _customerEmailExists($email, $websiteId = null)
+    protected function _customerEmailExists(#[\SensitiveParameter] $email, $websiteId = null)
     {
         $customer = Mage::getModel('customer/customer');
         if ($websiteId) {

app/code/core/Mage/Core/Helper/Data.php

@@ -284,7 +284,7 @@ public function getRandomString($len, $chars = null)
      * @param string|int|bool $salt
      * @return string
      */
-    public function getHash($password, $salt = false)
+    public function getHash(#[\SensitiveParameter] $password, $salt = false)
     {
         return $this->getEncryptor()->getHash($password, $salt);
     }
@@ -296,7 +296,7 @@ public function getHash($password, $salt = false)
      * @param mixed $salt
      * @return string
      */
-    public function getHashPassword($password, $salt = false)
+    public function getHashPassword(#[\SensitiveParameter] $password, $salt = false)
     {
         $encryptionModel = $this->getEncryptor();
         $latestVersionHash = $this->getVersionHash($encryptionModel);
@@ -312,7 +312,7 @@ public function getHashPassword($password, $salt = false)
      * @return bool
      * @throws Exception
      */
-    public function validateHash($password, $hash)
+    public function validateHash(#[\SensitiveParameter] $password, $hash)
     {
         return $this->getEncryptor()->validateHash($password, $hash);
     }

app/code/core/Mage/Core/Model/Email/Info.php

@@ -62,7 +62,7 @@ class Mage_Core_Model_Email_Info extends Varien_Object
      * @param string|null $name
      * @return $this
      */
-    public function addBcc($email, $name = null)
+    public function addBcc(#[\SensitiveParameter] $email, $name = null)
     {
         $this->_bccNames[] = $name;
         $this->_bccEmails[] = $email;
@@ -76,7 +76,7 @@ public function addBcc($email, $name = null)
      * @param array|string|null $name
      * @return $this
      */
-    public function addTo($email, $name = null)
+    public function addTo(#[\SensitiveParameter] $email, $name = null)
     {
         $this->_toNames[] = $name;
         $this->_toEmails[] = $email;

app/code/core/Mage/Core/Model/Email/Template.php

@@ -370,7 +370,7 @@ public function getInclude($template, array $variables)
      * @param   array              $variables    template variables
      * @return bool
      **/
-    public function send($email, $name = null, array $variables = [])
+    public function send(#[\SensitiveParameter] $email, $name = null, array $variables = [])
     {
         if (!$this->isValidForSend()) {
             Mage::logException(new Exception('This letter cannot be sent.')); // translation is intentionally omitted
@@ -498,7 +498,7 @@ public function send($email, $name = null, array $variables = [])
      *
      * @return  $this
      */
-    public function sendTransactional($templateId, $sender, $email, $name, $vars = [], $storeId = null)
+    public function sendTransactional($templateId, $sender, #[\SensitiveParameter] $email, $name, $vars = [], $storeId = null)
     {
         $this->setSentSuccess(false);
         if (($storeId === null) && $this->getDesignConfig()->getStore()) {
@@ -583,7 +583,7 @@ public function addBcc($bcc)
      * @param string $email
      * @return $this
      */
-    public function setReturnPath($email)
+    public function setReturnPath(#[\SensitiveParameter] $email)
     {
         $this->getMail()->setReturnPath($email);
         return $this;
@@ -595,7 +595,7 @@ public function setReturnPath($email)
      * @param string $email
      * @return $this
      */
-    public function setReplyTo($email)
+    public function setReplyTo(#[\SensitiveParameter] $email)
     {
         $this->getMail()->setReplyTo($email);
         return $this;

app/code/core/Mage/Core/Model/Encryption.php

@@ -70,7 +70,7 @@ public function setHelper($helper)
      * @param mixed $salt
      * @return string
      */
-    public function getHash($password, $salt = false)
+    public function getHash(#[\SensitiveParameter] $password, $salt = false)
     {
         if (is_int($salt)) {
             $salt = $this->_helper->getRandomString($salt);
@@ -87,7 +87,7 @@ public function getHash($password, $salt = false)
      * @param mixed $salt
      * @return string
      */
-    public function getHashPassword($password, $salt = null)
+    public function getHashPassword(#[\SensitiveParameter] $password, $salt = null)
     {
         if (is_int($salt)) {
             $salt = $this->_helper->getRandomString($salt);
@@ -124,7 +124,7 @@ public function hash($data, $version = self::HASH_VERSION_MD5)
      * @return bool
      * @throws Exception
      */
-    public function validateHash($password, $hash)
+    public function validateHash(#[\SensitiveParameter] $password, $hash)
     {
         if (strlen($password) > self::MAXIMUM_PASSWORD_LENGTH) {
             return false;
@@ -144,7 +144,7 @@ public function validateHash($password, $hash)
      * @param int $version
      * @return bool
      */
-    public function validateHashByVersion($password, $hash, $version = self::HASH_VERSION_MD5)
+    public function validateHashByVersion(#[\SensitiveParameter] $password, $hash, $version = self::HASH_VERSION_MD5)
     {
         if ($version == self::HASH_VERSION_LATEST && $version == $this->_helper->getVersionHash($this)) {
             return password_verify($password, $hash);

app/code/core/Mage/Customer/Helper/Data.php

@@ -360,7 +360,7 @@ public function isConfirmationRequired()
      * @param string $email
      * @return string
      */
-    public function getEmailConfirmationUrl($email = null)
+    public function getEmailConfirmationUrl(#[\SensitiveParameter] $email = null)
     {
         return $this->_getUrl('customer/account/confirmation', ['email' => $email]);
     }

app/code/core/Mage/Customer/Model/Customer.php

@@ -257,7 +257,7 @@ public function getSharingConfig()
      * @throws Mage_Core_Exception
      * @return true
      */
-    public function authenticate($login, $password)
+    public function authenticate($login, #[\SensitiveParameter] $password)
     {
         $this->loadByEmail($login);
         if ($this->getConfirmation() && $this->isConfirmationRequired()) {
@@ -489,7 +489,7 @@ public function getPassword(): string
      * @param string $password
      * @return $this
      */
-    public function setPassword($password)
+    public function setPassword(#[\SensitiveParameter] $password)
     {
         $this->setData('password', $password);
         $this->setPasswordHash($this->hashPassword($password));
@@ -504,7 +504,7 @@ public function setPassword($password)
      * @param   int    $salt
      * @return  string
      */
-    public function hashPassword($password, $salt = null)
+    public function hashPassword(#[\SensitiveParameter] $password, $salt = null)
     {
         /** @var Mage_Core_Helper_Data $helper */
         $helper = $this->_getHelper('core');
@@ -548,7 +548,7 @@ public function generatePassword($length = 8)
      * @return bool
      * @throws Exception
      */
-    public function validatePassword($password)
+    public function validatePassword(#[\SensitiveParameter] $password)
     {
         $hash = $this->getPasswordHash();
         if (!$hash) {
@@ -563,7 +563,7 @@ public function validatePassword($password)
      * @param   string $password
      * @return  string
      */
-    public function encryptPassword($password)
+    public function encryptPassword(#[\SensitiveParameter] $password)
     {
         return Mage::helper('core')->encrypt($password);
     }
@@ -574,7 +574,7 @@ public function encryptPassword($password)
      * @param   string $password
      * @return  string
      */
-    public function decryptPassword($password)
+    public function decryptPassword(#[\SensitiveParameter] $password)
     {
         return Mage::helper('core')->decrypt($password);
     }
@@ -722,7 +722,7 @@ public function isAddressPrimary(Mage_Customer_Model_Address $address)
      * @throws Mage_Core_Exception
      * @return $this
      */
-    public function sendNewAccountEmail($type = 'registered', $backUrl = '', $storeId = '0', $password = null)
+    public function sendNewAccountEmail($type = 'registered', $backUrl = '', $storeId = '0', #[\SensitiveParameter] $password = null)
     {
         $types = [
             'registered'   => self::XML_PATH_REGISTER_EMAIL_TEMPLATE, // welcome email, when confirmation is disabled

app/code/core/Mage/Customer/Model/Flowpassword.php

@@ -60,7 +60,7 @@ protected function _prepareData()
      * @param string $email
      * @return bool
      */
-    public function checkCustomerForgotPasswordFlowEmail($email)
+    public function checkCustomerForgotPasswordFlowEmail(#[\SensitiveParameter] $email)
     {
         $helper = Mage::helper('customer');
         $checkForgotPasswordFlowTypes = [

app/code/core/Mage/Customer/Model/Resource/Customer.php

@@ -190,7 +190,7 @@ protected function _getLoadRowSelect($object, $rowId)
      * @param bool $testOnly
      * @return $this
      */
-    public function loadByEmail(Mage_Customer_Model_Customer $customer, $email, $testOnly = false)
+    public function loadByEmail(Mage_Customer_Model_Customer $customer, #[\SensitiveParameter] $email, $testOnly = false)
     {
         $adapter = $this->_getReadAdapter();
         $bind    = ['customer_email' => $email];