Update documentation and annotation related to $maskVars property y…

…iisoft#20295

docs/guide/runtime-logging.md

@@ -217,14 +217,20 @@ Or if you want to implement your own way of providing context information, you m
 [[yii\log\Target::getContextMessage()]] method.
 
 In case some of your request fields contain sensitive information you would not like to log (e.g. passwords, access tokens),
-you may additionally configure `maskVars` property. By default, the following request parameters will be masked with `***`:
+you may additionally configure `maskVars` property, which can contain both exact values and (case-insensitive) patterns. By default,
+the following request parameters will be masked with `***`:
 `$_SERVER[HTTP_AUTHORIZATION]`, `$_SERVER[PHP_AUTH_USER]`, `$_SERVER[PHP_AUTH_PW]`, but you can set your own:
 
 ```php
 [
     'class' => 'yii\log\FileTarget',
     'logVars' => ['_SERVER'],
-    'maskVars' => ['_SERVER.HTTP_X_PASSWORD']
+    'maskVars' => [
+        '_SERVER.HTTP_X_PASSWORD',
+        '_SERVER.*_SECRET', // matches all ending with "_SECRET"
+        '_SERVER.SECRET_*', // matches all starting with "SECRET_"
+        '_SERVER.*SECRET*', // matches all containing "SECRET"
+    ]
 ]
 ```
 

framework/log/Target.php

@@ -92,6 +92,11 @@ abstract class Target extends Component
      * - `var` - `var` will be logged as `***`
      * - `var.key` - only `var[key]` will be logged as `***`
      *
+     * In addition, this property accepts (case-insensitive) patterns. For example:
+     * - `_SERVER.*_SECRET` matches all ending with `_SECRET`, such as `$_SERVER['TOKEN_SECRET']` etc.
+     * - `_SERVER.SECRET_*` matches all starting with `SECRET_`, such as `$_SERVER['SECRET_TOKEN']` etc.
+     * - `_SERVER.*SECRET*` matches all containing `SECRET` i.e. both of the above.
+     *
      * @since 2.0.16
      */
     public $maskVars = [