SECURITY: Fix handling of CommentStore and insertSelect

[lhc/web/wiklou.git] / includes / filerepo / file / LocalFile.php

diff --git a/includes/filerepo/file/LocalFile.php b/includes/filerepo/file/LocalFile.php
index 96e7a7e..fd0f3f3 100644 (file)
--- a/includes/filerepo/file/LocalFile.php
+++ b/includes/filerepo/file/LocalFile.php
@@ -351,9 +351,8 @@ class LocalFile extends File {
                static $results = [];
 
                if ( $prefix == '' ) {
-                       return $fields;
+                       return array_merge( $fields, [ 'description' ] );
                }
-
                if ( !isset( $results[$prefix] ) ) {
                        $prefixedFields = [];
                        foreach ( $fields as $field ) {
@@ -2308,7 +2307,6 @@ class LocalFileDeleteBatch {
 
                $encTimestamp = $dbw->addQuotes( $dbw->timestamp( $now ) );
                $encUserId = $dbw->addQuotes( $this->user->getId() );
-               $encReason = $dbw->addQuotes( $this->reason );
                $encGroup = $dbw->addQuotes( 'deleted' );
                $ext = $this->file->getExtension();
                $dotExt = $ext === '' ? '' : ".$ext";
@@ -2351,7 +2349,10 @@ class LocalFileDeleteBatch {
                        ];
                        $joins = [];
 
-                       $fields += $commentStoreFaReason->insert( $dbw, $encReason );
+                       $fields += array_map(
+                               [ $dbw, 'addQuotes' ],
+                               $commentStoreFaReason->insert( $dbw, $this->reason )
+                       );
 
                        if ( $wgCommentTableSchemaMigrationStage <= MIGRATION_WRITE_BOTH ) {
                                $fields['fa_description'] = 'img_description';