From 72632115d6cb72d040f6a4f88c172c8d9ba47d6e Mon Sep 17 00:00:00 2001 From: umherirrender Date: Fri, 20 May 2016 20:11:58 +0200 Subject: [PATCH] Fix various phpcs error from last security patches Found by tests: https://integration.wikimedia.org/ci/job/mediawiki-core-phpcs-trusty/1069/console Breaking merges Change-Id: If01b94705cd7b939ac380053730b1b602c838a8e --- includes/Defines.php | 2 +- includes/GlobalFunctions.php | 3 ++- includes/Linker.php | 2 +- includes/WebStart.php | 2 +- includes/api/ApiMain.php | 3 +-- includes/diff/DifferenceEngine.php | 21 +++++++++++---------- includes/parser/CoreTagHooks.php | 10 +++++----- tests/phpunit/includes/api/ApiMainTest.php | 16 +++++++++------- 8 files changed, 31 insertions(+), 28 deletions(-) diff --git a/includes/Defines.php b/includes/Defines.php index 19a08eff84..d2b3443ea1 100644 --- a/includes/Defines.php +++ b/includes/Defines.php @@ -309,5 +309,5 @@ define( 'CONTENT_FORMAT_XML', 'application/xml' ); /**@{ * Max string length for shell invocations; based on binfmts.h */ -define( 'SHELL_MAX_ARG_STRLEN', '100000'); +define( 'SHELL_MAX_ARG_STRLEN', '100000' ); /**@}*/ diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php index c5637eed1f..d5c6553958 100644 --- a/includes/GlobalFunctions.php +++ b/includes/GlobalFunctions.php @@ -2461,7 +2461,8 @@ function wfShellExec( $cmd, &$retval = null, $environ = [], // accomodating, because very long commands probably include user // input. See T129506. if ( strlen( $cmd ) > SHELL_MAX_ARG_STRLEN ) { - throw new Exception( __METHOD__ . '(): total length of $cmd must not exceed SHELL_MAX_ARG_STRLEN' ); + throw new Exception( __METHOD__ . + '(): total length of $cmd must not exceed SHELL_MAX_ARG_STRLEN' ); } $desc = [ diff --git a/includes/Linker.php b/includes/Linker.php index b090817de6..3baf865106 100644 --- a/includes/Linker.php +++ b/includes/Linker.php @@ -1087,7 +1087,7 @@ class Linker { $newRel = Parser::getExternalLinkRel( $url, $title ); if ( !isset( $attribs['rel'] ) || $attribs['rel'] === '' ) { $attribs['rel'] = $newRel; - } elseif( $newRel !== '' ) { + } elseif ( $newRel !== '' ) { // Merge the rel attributes. $newRels = explode( ' ', $newRel ); $oldRels = explode( ' ', $attribs['rel'] ); diff --git a/includes/WebStart.php b/includes/WebStart.php index 8314e2eb82..d063ce3d6e 100644 --- a/includes/WebStart.php +++ b/includes/WebStart.php @@ -27,7 +27,7 @@ */ if ( ini_get( 'mbstring.func_overload' ) ) { - die( 'MediaWiki does not support installations where mbstring.func_overload is non-zero.' ); + die( 'MediaWiki does not support installations where mbstring.func_overload is non-zero.' ); } # bug 15461: Make IE8 turn off content sniffing. Everybody else should ignore this diff --git a/includes/api/ApiMain.php b/includes/api/ApiMain.php index b4354b9233..60f2832320 100644 --- a/includes/api/ApiMain.php +++ b/includes/api/ApiMain.php @@ -273,11 +273,10 @@ class ApiMain extends ApiBase { } // Allow extensions to override. - $this->lacksSameOriginSecurity = !Hooks::run( 'RequestHasSameOriginSecurity', array( $request ) ); + $this->lacksSameOriginSecurity = !Hooks::run( 'RequestHasSameOriginSecurity', [ $request ] ); return $this->lacksSameOriginSecurity; } - /** * Get the ApiErrorFormatter object associated with current request * @return ApiErrorFormatter diff --git a/includes/diff/DifferenceEngine.php b/includes/diff/DifferenceEngine.php index 8985d511e0..f35356ce06 100644 --- a/includes/diff/DifferenceEngine.php +++ b/includes/diff/DifferenceEngine.php @@ -474,16 +474,17 @@ class DifferenceEngine extends ContextSource { if ( !$linkInfo ) { $this->mMarkPatrolledLink = ''; } else { - $this->mMarkPatrolledLink = ' [' . Linker::linkKnown( - $this->mNewPage, - $this->msg( 'markaspatrolleddiff' )->escaped(), - [], - [ - 'action' => 'markpatrolled', - 'rcid' => $linkInfo['rcid'], - 'token' => $linkInfo['token'], - ] - ) . ']'; + $this->mMarkPatrolledLink = ' [' . + Linker::linkKnown( + $this->mNewPage, + $this->msg( 'markaspatrolleddiff' )->escaped(), + [], + [ + 'action' => 'markpatrolled', + 'rcid' => $linkInfo['rcid'], + 'token' => $linkInfo['token'], + ] + ) . ']'; } } return $this->mMarkPatrolledLink; diff --git a/includes/parser/CoreTagHooks.php b/includes/parser/CoreTagHooks.php index 4541c52ead..c943b7c986 100644 --- a/includes/parser/CoreTagHooks.php +++ b/includes/parser/CoreTagHooks.php @@ -59,8 +59,8 @@ class CoreTagHooks { // We need to let both '"' and '&' through, // for strip markers and entities respectively. $content = str_replace( - array( '>', '<' ), - array( '>', '<' ), + [ '>', '<' ], + [ '>', '<' ], $content ); return Html::rawElement( 'pre', $attribs, $content ); @@ -103,7 +103,7 @@ class CoreTagHooks { * @return array */ public static function nowiki( $content, $attributes, $parser ) { - $content = strtr( $content, array( + $content = strtr( $content, [ // lang converter '-{' => '-{', '}-' => '}-', @@ -112,8 +112,8 @@ class CoreTagHooks { '>' => '>' // Note: Both '"' and '&' are not converted. // This allows strip markers and entities through. - ) ); - return array( $content, 'markerType' => 'nowiki' ); + ] ); + return [ $content, 'markerType' => 'nowiki' ]; } /** diff --git a/tests/phpunit/includes/api/ApiMainTest.php b/tests/phpunit/includes/api/ApiMainTest.php index 53554d7946..334e3b88fb 100644 --- a/tests/phpunit/includes/api/ApiMainTest.php +++ b/tests/phpunit/includes/api/ApiMainTest.php @@ -258,26 +258,28 @@ class ApiMainTest extends ApiTestCase { */ public function testLacksSameOriginSecurity() { // Basic test - $main = new ApiMain( new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) ) ); + $main = new ApiMain( new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] ) ); $this->assertFalse( $main->lacksSameOriginSecurity(), 'Basic test, should have security' ); // JSONp $main = new ApiMain( - new FauxRequest( array( 'action' => 'query', 'format' => 'xml', 'callback' => 'foo' ) ) + new FauxRequest( [ 'action' => 'query', 'format' => 'xml', 'callback' => 'foo' ] ) ); $this->assertTrue( $main->lacksSameOriginSecurity(), 'JSONp, should lack security' ); // Header - $request = new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) ); + $request = new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] ); $request->setHeader( 'TrEaT-As-UnTrUsTeD', '' ); // With falsey value! $main = new ApiMain( $request ); $this->assertTrue( $main->lacksSameOriginSecurity(), 'Header supplied, should lack security' ); // Hook - $this->mergeMwGlobalArrayValue( 'wgHooks', array( - 'RequestHasSameOriginSecurity' => array( function () { return false; } ) - ) ); - $main = new ApiMain( new FauxRequest( array( 'action' => 'query', 'meta' => 'siteinfo' ) ) ); + $this->mergeMwGlobalArrayValue( 'wgHooks', [ + 'RequestHasSameOriginSecurity' => [ function () { + return false; + } ] + ] ); + $main = new ApiMain( new FauxRequest( [ 'action' => 'query', 'meta' => 'siteinfo' ] ) ); $this->assertTrue( $main->lacksSameOriginSecurity(), 'Hook, should lack security' ); } } -- 2.20.1