From 695f5f66d2e4254239fe86bf6a3dd0c929774ddb Mon Sep 17 00:00:00 2001 From: =?utf8?q?Gerg=C5=91=20Tisza?= Date: Thu, 22 Sep 2016 19:44:07 +0000 Subject: [PATCH] Log when Message::__toString has an unexpected format Message formatting methods have a side effect on how string conversion will work, which is a security problem waiting to happen: $msg = new Message( 'foo' ); echo $msg; // parsed echo $msg->plain(); echo $msg; // not parsed This change logs Message -> string transformations which are affected by a prior call in this way. The behavior will be removed in a later patch (possibly replaced by something more explicit if it turns out that something depends on it). Bug: T146416 Change-Id: Id51cf6a5a937bc41a914f317e980ef42e4d385fb --- includes/Message.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/includes/Message.php b/includes/Message.php index c2c954ab62..c1a12aa912 100644 --- a/includes/Message.php +++ b/includes/Message.php @@ -852,6 +852,12 @@ class Message implements MessageSpecifier, Serializable { * @return string */ public function __toString() { + if ( $this->format !== 'parse' ) { + $ex = new LogicException( __METHOD__ . ' using implicit format: ' . $this->format ); + \MediaWiki\Logger\LoggerFactory::getInstance( 'message-format' )->warning( + $ex->getMessage(), [ 'exception' => $ex, 'format' => $this->format, 'key' => $this->key ] ); + } + // PHP doesn't allow __toString to throw exceptions and will // trigger a fatal error if it does. So, catch any exceptions. -- 2.20.1