From 528042054f99fb1ebb3406cfb5eb72a2832a7705 Mon Sep 17 00:00:00 2001 From: Brian Wolff Date: Thu, 20 Sep 2018 05:38:05 +0000 Subject: [PATCH] Fix some phan-taint-check false positives Change-Id: Ic5ccbb3f97722476bee7188b83b80cdc652d2a64 --- includes/actions/RawAction.php | 3 +++ includes/changetags/ChangeTags.php | 1 + includes/installer/MysqlUpdater.php | 2 +- includes/libs/rdbms/database/DatabasePostgres.php | 3 +++ includes/pager/IndexPager.php | 1 + 5 files changed, 9 insertions(+), 1 deletion(-) diff --git a/includes/actions/RawAction.php b/includes/actions/RawAction.php index 50eb28a3cf..817c9fd126 100644 --- a/includes/actions/RawAction.php +++ b/includes/actions/RawAction.php @@ -47,6 +47,9 @@ class RawAction extends FormlessAction { return false; } + /** + * @suppress SecurityCheck-XSS Non html mime type + */ function onView() { $this->getOutput()->disable(); $request = $this->getRequest(); diff --git a/includes/changetags/ChangeTags.php b/includes/changetags/ChangeTags.php index 008a2f6f19..45a35c0ead 100644 --- a/includes/changetags/ChangeTags.php +++ b/includes/changetags/ChangeTags.php @@ -88,6 +88,7 @@ class ChangeTags { * @return array Array with two items: (html, classes) * - html: String: HTML for displaying the tags (empty string when param $tags is empty) * - classes: Array of strings: CSS classes used in the generated html, one class for each tag + * @return-taint onlysafefor_htmlnoent */ public static function formatSummaryRow( $tags, $page, IContextSource $context = null ) { if ( !$tags ) { diff --git a/includes/installer/MysqlUpdater.php b/includes/installer/MysqlUpdater.php index 242363466b..6430ecee5b 100644 --- a/includes/installer/MysqlUpdater.php +++ b/includes/installer/MysqlUpdater.php @@ -601,7 +601,7 @@ class MysqlUpdater extends DatabaseUpdater { foreach ( $rows as $row ) { if ( $prev_title == $row->cur_title && $prev_namespace == $row->cur_namespace ) { - $deleteId[] = $row->cur_id; + $deleteId[] = (int)$row->cur_id; } $prev_title = $row->cur_title; $prev_namespace = $row->cur_namespace; diff --git a/includes/libs/rdbms/database/DatabasePostgres.php b/includes/libs/rdbms/database/DatabasePostgres.php index 3c2f145656..691a4b72e1 100644 --- a/includes/libs/rdbms/database/DatabasePostgres.php +++ b/includes/libs/rdbms/database/DatabasePostgres.php @@ -861,6 +861,9 @@ __INDEXATTR__; return false; } + /** + * @suppress SecurityCheck-SQLInjection array_map not recognized T204911 + */ public function listTables( $prefix = null, $fname = __METHOD__ ) { $eschemas = implode( ',', array_map( [ $this, 'addQuotes' ], $this->getCoreSchemas() ) ); $result = $this->query( diff --git a/includes/pager/IndexPager.php b/includes/pager/IndexPager.php index 7ce125de1b..05af4fdb84 100644 --- a/includes/pager/IndexPager.php +++ b/includes/pager/IndexPager.php @@ -80,6 +80,7 @@ abstract class IndexPager extends ContextSource implements Pager { public $mDefaultLimit = 50; public $mOffset, $mLimit; public $mQueryDone = false; + /** @var IDatabase */ public $mDb; public $mPastTheEndRow; -- 2.20.1