home.social

#sensitiveparameter — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #sensitiveparameter, aggregated by home.social.

  1. @beberlei Really curious if all the bugs in the core attribute functionality are now finally fixed. With each of my three attribute-RFCs (#SensitiveParameter, #Override, #Deprecated) I found some more of them 😁

    This time it was named parameters for attributes on internal classes that was broken.

  2. @edorian Ah, the joy of the suggested php.ini-production differing from the actual default values that are embedded into the binary.

    At least with #SensitiveParameter being picked up pretty quickly, a case could be made to update the php.ini-production default values of `zend.exception_ignore_args` and `zend.exception_string_param_max_len` to make stack traces more useful. Like I did in:

    github.com/WoltLab/WCF/blob/db

    (which is possible, because luckily they are INI_ALL)

  3. @SenseException To add to that: Attributes are backwards compatible, they don't need to be backed by a class. Thus #SensitiveParameter can be applied to code that still needs to run on #PHP 8.1, without breaking anything (e.g. libraries). Below PHP 8.2 it will not do anything by default, but for the case of SensitiveParameter this doesn't matter, as you are no worse off than without the attribute. And libraries could still detect the attribute in stack traces by themselves!

  4. @dgoosens @mwop @ramsey @zend Regarding #SensitiveParameter and @mwop wishing it would be applied to the native functions: It is! I've went through all the stubs in php/php-src and added the attribute onto anything I could identify as sensitive. Example: github.com/php/php-src/blob/27

    If you believe I've missed anything, send a PR 😃

  5. What’s New In #PHP 8.2? howtogeek.com/devops/whats-new

    I have to say, I'm looking forward to playing with some of these features. I can see a few usecases that could improve #WordPress. Especially the #SensitiveParameter directive which looks like it would pass as a comment for older versions of PHP.

  6. #PHP 8.2 and #WoltLab: The #SensitiveParameter Attribute:

    woltlab.com/article/274-php-8-

    The article explains the idea behind the `#[\SensitiveParameter]` attribute we proposed for and contributed to PHP 8.2 and showcases how we experienced PHP’s #RFC process as first-time contributors.

    The RFC process went super smooth and we can highly recommend other developers to contribute on the #Internals list to ensure their use cases are included in future RFCs and possibly write their own RFC!