From d5dd48b8a67db6da521c88b9f1a00d640f76b337 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Sun, 17 Feb 2019 11:36:13 +0000
Subject: [PATCH] Various fixes to make phan-taint-check happier

Bug: T216348
Change-Id: Ice672eed3b7e4a199e1307a6477ffe31502b97b5
---
 includes/exception/MWException.php         | 22 ++++++++++++++++------
 includes/exception/MWExceptionRenderer.php |  1 +
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/includes/exception/MWException.php b/includes/exception/MWException.php
index 7f70c4fbaf..502cee82b7 100644
--- a/includes/exception/MWException.php
+++ b/includes/exception/MWException.php
@@ -209,12 +209,7 @@ class MWException extends Exception {
 			wfHttpError( 500, 'Internal Server Error', $this->getText() );
 		} elseif ( self::isCommandLine() ) {
 			$message = $this->getText();
-			// T17602: STDERR may not be available
-			if ( !defined( 'MW_PHPUNIT_TEST' ) && defined( 'STDERR' ) ) {
-				fwrite( STDERR, $message );
-			} else {
-				echo $message;
-			}
+			$this->writeToCommandLine( $message );
 		} else {
 			self::statusHeader( 500 );
 			self::header( "Content-Type: $wgMimeType; charset=utf-8" );
@@ -223,6 +218,21 @@ class MWException extends Exception {
 		}
 	}
 
+	/**
+	 * Write a message to stderr falling back to stdout if stderr unavailable
+	 *
+	 * @param string $message
+	 * @suppress SecurityCheck-XSS
+	 */
+	private function writeToCommandLine( $message ) {
+		// T17602: STDERR may not be available
+		if ( !defined( 'MW_PHPUNIT_TEST' ) && defined( 'STDERR' ) ) {
+			fwrite( STDERR, $message );
+		} else {
+			echo $message;
+		}
+	}
+
 	/**
 	 * Check whether we are in command line mode or not to report the exception
 	 * in the correct format.
diff --git a/includes/exception/MWExceptionRenderer.php b/includes/exception/MWExceptionRenderer.php
index 22be2be05e..ca590d8ef8 100644
--- a/includes/exception/MWExceptionRenderer.php
+++ b/includes/exception/MWExceptionRenderer.php
@@ -268,6 +268,7 @@ class MWExceptionRenderer {
 	 * Print a message, if possible to STDERR.
 	 * Use this in command line mode only (see isCommandLine)
 	 *
+	 * @suppress SecurityCheck-XSS
 	 * @param string $message Failure text
 	 */
 	private static function printError( $message ) {
-- 
2.20.1