From 891b27d73263606d5c472d075fdec1d5c05212be Mon Sep 17 00:00:00 2001
From: Fabrizio Balliano <fabrizio.balliano@gmail.com>
Date: Mon, 30 Sep 2024 00:27:43 +0100
Subject: [PATCH] PHP 8.2: Added #[\SensitiveParameter] to all the codebase

---
 .rector.php                                        |  5 +++++
 app/code/core/Mage/Admin/Model/Session.php         |  2 +-
 app/code/core/Mage/Admin/Model/User.php            |  8 ++++----
 app/code/core/Mage/Adminhtml/Controller/Action.php |  2 +-
 app/code/core/Mage/Core/Helper/Data.php            |  6 +++---
 app/code/core/Mage/Core/Model/Encryption.php       |  8 ++++----
 app/code/core/Mage/Customer/Model/Customer.php     | 14 +++++++-------
 app/code/core/Mage/Customer/Model/Session.php      |  2 +-
 8 files changed, 26 insertions(+), 21 deletions(-)

diff --git a/.rector.php b/.rector.php
index 92cfffc11..5a5802591 100644
--- a/.rector.php
+++ b/.rector.php
@@ -29,4 +29,9 @@
         DeadCode\Property\RemoveUselessVarTagRector::class,
         Rector\Php83\Rector\ClassMethod\AddOverrideAttributeToOverriddenMethodsRector::class,
         TypeDeclaration\ClassMethod\ReturnNeverTypeRector::class
+    ])
+    ->withConfiguredRule(Rector\Php82\Rector\Param\AddSensitiveParameterAttributeRector::class, [
+        'sensitive_parameters' => [
+            'password'
+        ],
     ]);
\ No newline at end of file
diff --git a/app/code/core/Mage/Admin/Model/Session.php b/app/code/core/Mage/Admin/Model/Session.php
index d7cc952bc..b97b3b9c2 100644
--- a/app/code/core/Mage/Admin/Model/Session.php
+++ b/app/code/core/Mage/Admin/Model/Session.php
@@ -139,7 +139,7 @@ protected function logoutIndirect()
      * @param  Mage_Core_Controller_Request_Http $request
      * @return Mage_Admin_Model_User|null
      */
-    public function login($username, $password, $request = null)
+    public function login($username, #[\SensitiveParameter] $password, $request = null)
     {
         if (empty($username) || empty($password)) {
             return null;
diff --git a/app/code/core/Mage/Admin/Model/User.php b/app/code/core/Mage/Admin/Model/User.php
index cb487d2b6..3e8c9399d 100644
--- a/app/code/core/Mage/Admin/Model/User.php
+++ b/app/code/core/Mage/Admin/Model/User.php
@@ -372,7 +372,7 @@ public function getAclRole()
      * @return bool
      * @throws Mage_Core_Exception
      */
-    public function authenticate($username, $password)
+    public function authenticate($username, #[\SensitiveParameter] $password)
     {
         $config = Mage::getStoreConfigFlag('admin/security/use_case_sensitive_login');
         $result = false;
@@ -420,7 +420,7 @@ public function authenticate($username, $password)
      * @return  $this
      * @throws Mage_Core_Exception
      */
-    public function login($username, $password)
+    public function login($username, #[\SensitiveParameter] $password)
     {
         if ($this->authenticate($username, $password)) {
             $this->getResource()->recordLogin($this);
@@ -478,7 +478,7 @@ public function hasAssigned2Role($user)
      * @param string $password
      * @return string
      */
-    protected function _getEncodedPassword($password)
+    protected function _getEncodedPassword(#[\SensitiveParameter] $password)
     {
         return Mage::helper('core')->getHash($password, self::HASH_SALT_LENGTH);
     }
@@ -636,7 +636,7 @@ public function validate()
      * @return array|true
      * @throws Zend_Validate_Exception
      */
-    public function validateCurrentPassword($password)
+    public function validateCurrentPassword(#[\SensitiveParameter] $password)
     {
         $result = [];
 
diff --git a/app/code/core/Mage/Adminhtml/Controller/Action.php b/app/code/core/Mage/Adminhtml/Controller/Action.php
index 1ead8bc67..29dd7124d 100644
--- a/app/code/core/Mage/Adminhtml/Controller/Action.php
+++ b/app/code/core/Mage/Adminhtml/Controller/Action.php
@@ -408,7 +408,7 @@ protected function _validateSecretKey()
      *
      * @return mixed - returns true or array of errors
      */
-    protected function _validateCurrentPassword($password)
+    protected function _validateCurrentPassword(#[\SensitiveParameter] $password)
     {
         $user = Mage::getSingleton('admin/session')->getUser();
         return $user->validateCurrentPassword($password);
diff --git a/app/code/core/Mage/Core/Helper/Data.php b/app/code/core/Mage/Core/Helper/Data.php
index 5e3664956..a30ca4edd 100644
--- a/app/code/core/Mage/Core/Helper/Data.php
+++ b/app/code/core/Mage/Core/Helper/Data.php
@@ -264,7 +264,7 @@ public function getRandomString($len, $chars = null)
      * @param string|int|bool $salt
      * @return string
      */
-    public function getHash($password, $salt = false)
+    public function getHash(#[\SensitiveParameter] $password, $salt = false)
     {
         return $this->getEncryptor()->getHash($password, $salt);
     }
@@ -276,7 +276,7 @@ public function getHash($password, $salt = false)
      * @param mixed $salt
      * @return string
      */
-    public function getHashPassword($password, $salt = false)
+    public function getHashPassword(#[\SensitiveParameter] $password, $salt = false)
     {
         $encryptionModel = $this->getEncryptor();
         $latestVersionHash = $this->getVersionHash($encryptionModel);
@@ -292,7 +292,7 @@ public function getHashPassword($password, $salt = false)
      * @return bool
      * @throws Exception
      */
-    public function validateHash($password, $hash)
+    public function validateHash(#[\SensitiveParameter] $password, $hash)
     {
         return $this->getEncryptor()->validateHash($password, $hash);
     }
diff --git a/app/code/core/Mage/Core/Model/Encryption.php b/app/code/core/Mage/Core/Model/Encryption.php
index 308346489..cb40284a3 100644
--- a/app/code/core/Mage/Core/Model/Encryption.php
+++ b/app/code/core/Mage/Core/Model/Encryption.php
@@ -65,7 +65,7 @@ public function setHelper($helper)
      * @param mixed $salt
      * @return string
      */
-    public function getHash($password, $salt = false)
+    public function getHash(#[\SensitiveParameter] $password, $salt = false)
     {
         if (is_int($salt)) {
             $salt = $this->_helper->getRandomString($salt);
@@ -82,7 +82,7 @@ public function getHash($password, $salt = false)
      * @param mixed $salt
      * @return string
      */
-    public function getHashPassword($password, $salt = null)
+    public function getHashPassword(#[\SensitiveParameter] $password, $salt = null)
     {
         if (is_int($salt)) {
             $salt = $this->_helper->getRandomString($salt);
@@ -119,7 +119,7 @@ public function hash($data, $version = self::HASH_VERSION_MD5)
      * @return bool
      * @throws Exception
      */
-    public function validateHash($password, $hash)
+    public function validateHash(#[\SensitiveParameter] $password, $hash)
     {
         if (strlen($password) > self::MAXIMUM_PASSWORD_LENGTH) {
             return false;
@@ -139,7 +139,7 @@ public function validateHash($password, $hash)
      * @param int $version
      * @return bool
      */
-    public function validateHashByVersion($password, $hash, $version = self::HASH_VERSION_MD5)
+    public function validateHashByVersion(#[\SensitiveParameter] $password, $hash, $version = self::HASH_VERSION_MD5)
     {
         if ($version == self::HASH_VERSION_LATEST && $version == $this->_helper->getVersionHash($this)) {
             return password_verify($password, $hash);
diff --git a/app/code/core/Mage/Customer/Model/Customer.php b/app/code/core/Mage/Customer/Model/Customer.php
index 5cc25b1ef..e1a372d93 100644
--- a/app/code/core/Mage/Customer/Model/Customer.php
+++ b/app/code/core/Mage/Customer/Model/Customer.php
@@ -253,7 +253,7 @@ public function getSharingConfig()
      * @throws Mage_Core_Exception
      * @return true
      */
-    public function authenticate($login, $password)
+    public function authenticate($login, #[\SensitiveParameter] $password)
     {
         $this->loadByEmail($login);
         if ($this->getConfirmation() && $this->isConfirmationRequired()) {
@@ -486,7 +486,7 @@ public function getPassword(): string
      * @param string $password
      * @return $this
      */
-    public function setPassword($password)
+    public function setPassword(#[\SensitiveParameter] $password)
     {
         $this->setData('password', $password);
         $this->setPasswordHash($this->hashPassword($password));
@@ -501,7 +501,7 @@ public function setPassword($password)
      * @param   int    $salt
      * @return  string
      */
-    public function hashPassword($password, $salt = null)
+    public function hashPassword(#[\SensitiveParameter] $password, $salt = null)
     {
         /** @var Mage_Core_Helper_Data $helper */
         $helper = $this->_getHelper('core');
@@ -545,7 +545,7 @@ public function generatePassword($length = 8)
      * @return bool
      * @throws Exception
      */
-    public function validatePassword($password)
+    public function validatePassword(#[\SensitiveParameter] $password)
     {
         $hash = $this->getPasswordHash();
         if (!$hash) {
@@ -560,7 +560,7 @@ public function validatePassword($password)
      * @param   string $password
      * @return  string
      */
-    public function encryptPassword($password)
+    public function encryptPassword(#[\SensitiveParameter] $password)
     {
         return Mage::helper('core')->encrypt($password);
     }
@@ -571,7 +571,7 @@ public function encryptPassword($password)
      * @param   string $password
      * @return  string
      */
-    public function decryptPassword($password)
+    public function decryptPassword(#[\SensitiveParameter] $password)
     {
         return Mage::helper('core')->decrypt($password);
     }
@@ -719,7 +719,7 @@ public function isAddressPrimary(Mage_Customer_Model_Address $address)
      * @throws Mage_Core_Exception
      * @return $this
      */
-    public function sendNewAccountEmail($type = 'registered', $backUrl = '', $storeId = '0', $password = null)
+    public function sendNewAccountEmail($type = 'registered', $backUrl = '', $storeId = '0', #[\SensitiveParameter] $password = null)
     {
         $types = [
             'registered'   => self::XML_PATH_REGISTER_EMAIL_TEMPLATE, // welcome email, when confirmation is disabled
diff --git a/app/code/core/Mage/Customer/Model/Session.php b/app/code/core/Mage/Customer/Model/Session.php
index c1874a4ab..d9974ee05 100644
--- a/app/code/core/Mage/Customer/Model/Session.php
+++ b/app/code/core/Mage/Customer/Model/Session.php
@@ -221,7 +221,7 @@ public function checkCustomerId($customerId)
      * @param   string $password
      * @return  bool
      */
-    public function login($username, $password)
+    public function login($username, #[\SensitiveParameter] $password)
     {
         /** @var Mage_Customer_Model_Customer $customer */
         $customer = Mage::getModel('customer/customer')