From 1af807c10fa99b955f8b5e5f0c19b1b547d5c482 Mon Sep 17 00:00:00 2001 From: Brian Wolff Date: Sun, 17 Feb 2019 11:47:41 +0000 Subject: [PATCH] Various fixes for phan-taint-check Change-Id: I56f42ef2d2e9b4f3c23e1e93d1a4d3db64f16de7 --- maintenance/includes/MigrateActors.php | 2 ++ maintenance/renameDbPrefix.php | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/maintenance/includes/MigrateActors.php b/maintenance/includes/MigrateActors.php index ba6c375aa7..ef8756f357 100644 --- a/maintenance/includes/MigrateActors.php +++ b/maintenance/includes/MigrateActors.php @@ -144,6 +144,8 @@ class MigrateActors extends LoggedUpdateMaintenance { /** * Add actors for anons in a set of rows + * + * @suppress SecurityCheck-SQLInjection The array_keys/array_map is too much for static analysis * @param IDatabase $dbw * @param string $nameField * @param object[] &$rows diff --git a/maintenance/renameDbPrefix.php b/maintenance/renameDbPrefix.php index 73bc4d9fea..e5aa23ec4d 100644 --- a/maintenance/renameDbPrefix.php +++ b/maintenance/renameDbPrefix.php @@ -82,7 +82,9 @@ class RenameDbPrefix extends Maintenance { // $old should be regexp safe ([a-zA-Z_]) $newTable = preg_replace( '/^' . $old . '/', $new, $table ); $this->output( "Renaming table $table to $newTable\n" ); - $dbw->query( "RENAME TABLE $table TO $newTable" ); + $oldTableEnc = $dbw->addIdentifierQuotes( $table ); + $newTableEnc = $dbw->addIdentifierQuotes( $newTable ); + $dbw->query( "RENAME TABLE $oldTableEnc TO $newTableEnc" ); } $count++; } -- 2.20.1