Mark password_hash()'s password parameter as sensitive

Author: TimWolla

ext/standard/password.c

@@ -24,6 +24,7 @@
 #include "php_rand.h"
 #include "php_crypt.h"
 #include "base64.h"
+#include "zend_attributes.h"
 #include "zend_interfaces.h"
 #include "info.h"
 #include "php_random.h"
@@ -448,6 +449,13 @@ PHP_MINIT_FUNCTION(password) /* {{{ */
 	REGISTER_STRING_CONSTANT("PASSWORD_ARGON2_PROVIDER", "standard", CONST_CS | CONST_PERSISTENT);
 #endif
 
+	zend_add_parameter_attribute(
+		zend_hash_str_find_ptr(CG(function_table), "password_hash", sizeof("password_hash") - 1),
+		0,
+		zend_ce_sensitive_parameter->name,
+		0
+	);
+
 	return SUCCESS;
 }
 /* }}} */

ext/standard/tests/password/password_hash_sensitive_parameter.phpt

@@ -0,0 +1,24 @@
+--TEST--
+Test that the password parameter is marked sensitive.
+--FILE--
+<?php
+try {
+    var_dump(password_hash("foo"));
+} catch (\Throwable $e) {
+    echo $e, PHP_EOL;
+}
+try {
+    var_dump(password_hash("foo", "Invalid"));
+} catch (\Throwable $e) {
+    echo $e, PHP_EOL;
+}
+?>
+--EXPECTF--
+ArgumentCountError: password_hash() expects at least 2 arguments, 1 given in %spassword_hash_sensitive_parameter.php:3
+Stack trace:
+#0 %spassword_hash_sensitive_parameter.php(3): password_hash(Object(SensitiveParameterValue))
+#1 {main}
+ValueError: password_hash(): Argument #2 ($algo) must be a valid password hashing algorithm in%spassword_hash_sensitive_parameter.php:8
+Stack trace:
+#0 %spassword_hash_sensitive_parameter.php(8): password_hash(Object(SensitiveParameterValue), 'Invalid')
+#1 {main}