diff --git a/src/Symfony/Component/HttpFoundation/Session/SessionUtils.php b/src/Symfony/Component/HttpFoundation/Session/SessionUtils.php index b5bce4a884eff..504c5848e9dd9 100644 --- a/src/Symfony/Component/HttpFoundation/Session/SessionUtils.php +++ b/src/Symfony/Component/HttpFoundation/Session/SessionUtils.php @@ -25,7 +25,7 @@ final class SessionUtils * Finds the session header amongst the headers that are to be sent, removes it, and returns * it so the caller can process it further. */ - public static function popSessionCookie(string $sessionName, string $sessionId): ?string + public static function popSessionCookie(string $sessionName, #[\SensitiveParameter] string $sessionId): ?string { $sessionCookie = null; $sessionCookiePrefix = sprintf(' %s=', urlencode($sessionName)); diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php index 88e513c5ddd3f..288c24232c89d 100644 --- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php +++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php @@ -38,13 +38,13 @@ public function open(string $savePath, string $sessionName): bool return true; } - abstract protected function doRead(string $sessionId): string; + abstract protected function doRead(#[\SensitiveParameter] string $sessionId): string; - abstract protected function doWrite(string $sessionId, string $data): bool; + abstract protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool; - abstract protected function doDestroy(string $sessionId): bool; + abstract protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool; - public function validateId(string $sessionId): bool + public function validateId(#[\SensitiveParameter] string $sessionId): bool { $this->prefetchData = $this->read($sessionId); $this->prefetchId = $sessionId; @@ -52,7 +52,7 @@ public function validateId(string $sessionId): bool return '' !== $this->prefetchData; } - public function read(string $sessionId): string + public function read(#[\SensitiveParameter] string $sessionId): string { if (isset($this->prefetchId)) { $prefetchId = $this->prefetchId; @@ -72,7 +72,7 @@ public function read(string $sessionId): string return $data; } - public function write(string $sessionId, string $data): bool + public function write(#[\SensitiveParameter] string $sessionId, string $data): bool { // see https://github.com/igbinary/igbinary/issues/146 $this->igbinaryEmptyData ??= \function_exists('igbinary_serialize') ? igbinary_serialize([]) : ''; @@ -84,7 +84,7 @@ public function write(string $sessionId, string $data): bool return $this->doWrite($sessionId, $data); } - public function destroy(string $sessionId): bool + public function destroy(#[\SensitiveParameter] string $sessionId): bool { if (!headers_sent() && filter_var(\ini_get('session.use_cookies'), \FILTER_VALIDATE_BOOL)) { if (!isset($this->sessionName)) { diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MarshallingSessionHandler.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MarshallingSessionHandler.php index 9962fef3d6c4c..1567f54332c51 100644 --- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MarshallingSessionHandler.php +++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MarshallingSessionHandler.php @@ -37,7 +37,7 @@ public function close(): bool return $this->handler->close(); } - public function destroy(string $sessionId): bool + public function destroy(#[\SensitiveParameter] string $sessionId): bool { return $this->handler->destroy($sessionId); } @@ -47,12 +47,12 @@ public function gc(int $maxlifetime): int|false return $this->handler->gc($maxlifetime); } - public function read(string $sessionId): string + public function read(#[\SensitiveParameter] string $sessionId): string { return $this->marshaller->unmarshall($this->handler->read($sessionId)); } - public function write(string $sessionId, string $data): bool + public function write(#[\SensitiveParameter] string $sessionId, string $data): bool { $failed = []; $marshalledData = $this->marshaller->marshall(['data' => $data], $failed); @@ -64,12 +64,12 @@ public function write(string $sessionId, string $data): bool return $this->handler->write($sessionId, $marshalledData['data']); } - public function validateId(string $sessionId): bool + public function validateId(#[\SensitiveParameter] string $sessionId): bool { return $this->handler->validateId($sessionId); } - public function updateTimestamp(string $sessionId, string $data): bool + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool { return $this->handler->updateTimestamp($sessionId, $data); } diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcachedSessionHandler.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcachedSessionHandler.php index 2bc29b459cacd..91a023ddbc119 100644 --- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcachedSessionHandler.php +++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MemcachedSessionHandler.php @@ -59,19 +59,19 @@ public function close(): bool return $this->memcached->quit(); } - protected function doRead(string $sessionId): string + protected function doRead(#[\SensitiveParameter] string $sessionId): string { return $this->memcached->get($this->prefix.$sessionId) ?: ''; } - public function updateTimestamp(string $sessionId, string $data): bool + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool { $this->memcached->touch($this->prefix.$sessionId, $this->getCompatibleTtl()); return true; } - protected function doWrite(string $sessionId, string $data): bool + protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool { return $this->memcached->set($this->prefix.$sessionId, $data, $this->getCompatibleTtl()); } @@ -89,7 +89,7 @@ private function getCompatibleTtl(): int return $ttl; } - protected function doDestroy(string $sessionId): bool + protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool { $result = $this->memcached->delete($this->prefix.$sessionId); diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MigratingSessionHandler.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MigratingSessionHandler.php index 46fbeb006f453..8ed6a7b3fd08b 100644 --- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MigratingSessionHandler.php +++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MigratingSessionHandler.php @@ -46,7 +46,7 @@ public function close(): bool return $result; } - public function destroy(string $sessionId): bool + public function destroy(#[\SensitiveParameter] string $sessionId): bool { $result = $this->currentHandler->destroy($sessionId); $this->writeOnlyHandler->destroy($sessionId); @@ -70,13 +70,13 @@ public function open(string $savePath, string $sessionName): bool return $result; } - public function read(string $sessionId): string + public function read(#[\SensitiveParameter] string $sessionId): string { // No reading from new handler until switch-over return $this->currentHandler->read($sessionId); } - public function write(string $sessionId, string $sessionData): bool + public function write(#[\SensitiveParameter] string $sessionId, string $sessionData): bool { $result = $this->currentHandler->write($sessionId, $sessionData); $this->writeOnlyHandler->write($sessionId, $sessionData); @@ -84,13 +84,13 @@ public function write(string $sessionId, string $sessionData): bool return $result; } - public function validateId(string $sessionId): bool + public function validateId(#[\SensitiveParameter] string $sessionId): bool { // No reading from new handler until switch-over return $this->currentHandler->validateId($sessionId); } - public function updateTimestamp(string $sessionId, string $sessionData): bool + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $sessionData): bool { $result = $this->currentHandler->updateTimestamp($sessionId, $sessionData); $this->writeOnlyHandler->updateTimestamp($sessionId, $sessionData); diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MongoDbSessionHandler.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MongoDbSessionHandler.php index 63c609ae21657..5ea5b4ae7d98d 100644 --- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MongoDbSessionHandler.php +++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/MongoDbSessionHandler.php @@ -84,7 +84,7 @@ public function close(): bool return true; } - protected function doDestroy(string $sessionId): bool + protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool { $this->getCollection()->deleteOne([ $this->options['id_field'] => $sessionId, @@ -100,7 +100,7 @@ public function gc(int $maxlifetime): int|false ])->getDeletedCount(); } - protected function doWrite(string $sessionId, string $data): bool + protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool { $ttl = ($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime'); $expiry = new UTCDateTime((time() + (int) $ttl) * 1000); @@ -120,7 +120,7 @@ protected function doWrite(string $sessionId, string $data): bool return true; } - public function updateTimestamp(string $sessionId, string $data): bool + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool { $ttl = ($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime'); $expiry = new UTCDateTime((time() + (int) $ttl) * 1000); @@ -136,7 +136,7 @@ public function updateTimestamp(string $sessionId, string $data): bool return true; } - protected function doRead(string $sessionId): string + protected function doRead(#[\SensitiveParameter] string $sessionId): string { $dbData = $this->getCollection()->findOne([ $this->options['id_field'] => $sessionId, diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/NullSessionHandler.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/NullSessionHandler.php index 790ac2fedd8f5..a77185e2ebf77 100644 --- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/NullSessionHandler.php +++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/NullSessionHandler.php @@ -23,27 +23,27 @@ public function close(): bool return true; } - public function validateId(string $sessionId): bool + public function validateId(#[\SensitiveParameter] string $sessionId): bool { return true; } - protected function doRead(string $sessionId): string + protected function doRead(#[\SensitiveParameter] string $sessionId): string { return ''; } - public function updateTimestamp(string $sessionId, string $data): bool + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool { return true; } - protected function doWrite(string $sessionId, string $data): bool + protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool { return true; } - protected function doDestroy(string $sessionId): bool + protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool { return true; } diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php index a046aef95b08c..a5257b4172549 100644 --- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php +++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php @@ -285,7 +285,7 @@ public function open(string $savePath, string $sessionName): bool return parent::open($savePath, $sessionName); } - public function read(string $sessionId): string + public function read(#[\SensitiveParameter] string $sessionId): string { try { return parent::read($sessionId); @@ -305,7 +305,7 @@ public function gc(int $maxlifetime): int|false return 0; } - protected function doDestroy(string $sessionId): bool + protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool { // delete the record associated with this id $sql = "DELETE FROM $this->table WHERE $this->idCol = :id"; @@ -323,7 +323,7 @@ protected function doDestroy(string $sessionId): bool return true; } - protected function doWrite(string $sessionId, string $data): bool + protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool { $maxlifetime = (int) (($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime')); @@ -366,7 +366,7 @@ protected function doWrite(string $sessionId, string $data): bool return true; } - public function updateTimestamp(string $sessionId, string $data): bool + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool { $expiry = time() + (int) (($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime')); @@ -610,7 +610,7 @@ private function rollback(): void * We need to make sure we do not return session data that is already considered garbage according * to the session.gc_maxlifetime setting because gc() is called after read() and only sometimes. */ - protected function doRead(string $sessionId): string + protected function doRead(#[\SensitiveParameter] string $sessionId): string { if (self::LOCK_ADVISORY === $this->lockMode) { $this->unlockStatements[] = $this->doAdvisoryLock($sessionId); @@ -681,7 +681,7 @@ protected function doRead(string $sessionId): string * - for oci using DBMS_LOCK.REQUEST * - for sqlsrv using sp_getapplock with LockOwner = Session */ - private function doAdvisoryLock(string $sessionId): \PDOStatement + private function doAdvisoryLock(#[\SensitiveParameter] string $sessionId): \PDOStatement { switch ($this->driver) { case 'mysql': @@ -780,7 +780,7 @@ private function getSelectSql(): string /** * Returns an insert statement supported by the database for writing session data. */ - private function getInsertStatement(string $sessionId, string $sessionData, int $maxlifetime): \PDOStatement + private function getInsertStatement(#[\SensitiveParameter] string $sessionId, string $sessionData, int $maxlifetime): \PDOStatement { switch ($this->driver) { case 'oci': @@ -807,7 +807,7 @@ private function getInsertStatement(string $sessionId, string $sessionData, int /** * Returns an update statement supported by the database for writing session data. */ - private function getUpdateStatement(string $sessionId, string $sessionData, int $maxlifetime): \PDOStatement + private function getUpdateStatement(#[\SensitiveParameter] string $sessionId, string $sessionData, int $maxlifetime): \PDOStatement { switch ($this->driver) { case 'oci': @@ -834,7 +834,7 @@ private function getUpdateStatement(string $sessionId, string $sessionData, int /** * Returns a merge/upsert (i.e. insert or update) statement when supported by the database for writing session data. */ - private function getMergeStatement(string $sessionId, string $data, int $maxlifetime): ?\PDOStatement + private function getMergeStatement(#[\SensitiveParameter] string $sessionId, string $data, int $maxlifetime): ?\PDOStatement { switch (true) { case 'mysql' === $this->driver: diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/RedisSessionHandler.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/RedisSessionHandler.php index 38f488644deba..c4f1e0216e6cf 100644 --- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/RedisSessionHandler.php +++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/RedisSessionHandler.php @@ -50,12 +50,12 @@ public function __construct( $this->ttl = $options['ttl'] ?? null; } - protected function doRead(string $sessionId): string + protected function doRead(#[\SensitiveParameter] string $sessionId): string { return $this->redis->get($this->prefix.$sessionId) ?: ''; } - protected function doWrite(string $sessionId, string $data): bool + protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool { $ttl = ($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime'); $result = $this->redis->setEx($this->prefix.$sessionId, (int) $ttl, $data); @@ -63,7 +63,7 @@ protected function doWrite(string $sessionId, string $data): bool return $result && !$result instanceof ErrorInterface; } - protected function doDestroy(string $sessionId): bool + protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool { static $unlink = true; @@ -93,7 +93,7 @@ public function gc(int $maxlifetime): int|false return 0; } - public function updateTimestamp(string $sessionId, string $data): bool + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool { $ttl = ($this->ttl instanceof \Closure ? ($this->ttl)() : $this->ttl) ?? \ini_get('session.gc_maxlifetime'); diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/StrictSessionHandler.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/StrictSessionHandler.php index 1a163648155d1..1f8668744762d 100644 --- a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/StrictSessionHandler.php +++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/StrictSessionHandler.php @@ -47,22 +47,22 @@ public function open(string $savePath, string $sessionName): bool return $this->handler->open($savePath, $sessionName); } - protected function doRead(string $sessionId): string + protected function doRead(#[\SensitiveParameter] string $sessionId): string { return $this->handler->read($sessionId); } - public function updateTimestamp(string $sessionId, string $data): bool + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool { return $this->write($sessionId, $data); } - protected function doWrite(string $sessionId, string $data): bool + protected function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool { return $this->handler->write($sessionId, $data); } - public function destroy(string $sessionId): bool + public function destroy(#[\SensitiveParameter] string $sessionId): bool { $this->doDestroy = true; $destroyed = parent::destroy($sessionId); @@ -70,7 +70,7 @@ public function destroy(string $sessionId): bool return $this->doDestroy ? $this->doDestroy($sessionId) : $destroyed; } - protected function doDestroy(string $sessionId): bool + protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool { $this->doDestroy = false; diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Proxy/SessionHandlerProxy.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Proxy/SessionHandlerProxy.php index c292e58f05851..7bf3f9ff1e1dc 100644 --- a/src/Symfony/Component/HttpFoundation/Session/Storage/Proxy/SessionHandlerProxy.php +++ b/src/Symfony/Component/HttpFoundation/Session/Storage/Proxy/SessionHandlerProxy.php @@ -44,17 +44,17 @@ public function close(): bool return $this->handler->close(); } - public function read(string $sessionId): string|false + public function read(#[\SensitiveParameter] string $sessionId): string|false { return $this->handler->read($sessionId); } - public function write(string $sessionId, string $data): bool + public function write(#[\SensitiveParameter] string $sessionId, string $data): bool { return $this->handler->write($sessionId, $data); } - public function destroy(string $sessionId): bool + public function destroy(#[\SensitiveParameter] string $sessionId): bool { return $this->handler->destroy($sessionId); } @@ -64,12 +64,12 @@ public function gc(int $maxlifetime): int|false return $this->handler->gc($maxlifetime); } - public function validateId(string $sessionId): bool + public function validateId(#[\SensitiveParameter] string $sessionId): bool { return !$this->handler instanceof \SessionUpdateTimestampHandlerInterface || $this->handler->validateId($sessionId); } - public function updateTimestamp(string $sessionId, string $data): bool + public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool { return $this->handler instanceof \SessionUpdateTimestampHandlerInterface ? $this->handler->updateTimestamp($sessionId, $data) : $this->write($sessionId, $data); }