Mark password_hash()'s password parameter as sensitive

Author: TimWolla

ext/standard/password.c

@@ -24,6 +24,7 @@
 #include "php_rand.h"
 #include "php_crypt.h"
 #include "base64.h"
+#include "zend_attributes.h"
 #include "zend_interfaces.h"
 #include "info.h"
 #include "php_random.h"
@@ -448,6 +449,13 @@ PHP_MINIT_FUNCTION(password) /* {{{ */
 	REGISTER_STRING_CONSTANT("PASSWORD_ARGON2_PROVIDER", "standard", CONST_CS | CONST_PERSISTENT);
 #endif
 
+	zend_add_parameter_attribute(
+		zend_hash_str_find_ptr(CG(function_table), "password_hash", sizeof("password_hash") - 1),
+		0,
+		zend_ce_sensitive_parameter->name,
+		0
+	);
+
 	return SUCCESS;
 }
 /* }}} */