From 286d49011f5ad2593cb1cd8fff04369d9dc947c7 Mon Sep 17 00:00:00 2001 From: Brian Wolff Date: Sun, 17 Feb 2019 11:41:11 +0000 Subject: [PATCH] Various fixes for phan-taint-check Bug: T216348 Change-Id: I0adafdc680dae0e930f38f08fe926645c57be06c --- includes/installer/DatabaseInstaller.php | 1 + includes/installer/Installer.php | 1 + includes/jobqueue/JobQueueDB.php | 1 + includes/parser/LinkHolderArray.php | 2 ++ 4 files changed, 5 insertions(+) diff --git a/includes/installer/DatabaseInstaller.php b/includes/installer/DatabaseInstaller.php index bb30d3d1ef..6315de465b 100644 --- a/includes/installer/DatabaseInstaller.php +++ b/includes/installer/DatabaseInstaller.php @@ -373,6 +373,7 @@ abstract class DatabaseInstaller { /** * Perform database upgrades * + * @suppress SecurityCheck-XSS Escaping provided by $this->outputHandler * @return bool */ public function doUpgrade() { diff --git a/includes/installer/Installer.php b/includes/installer/Installer.php index 5a3d77adf4..20661f240d 100644 --- a/includes/installer/Installer.php +++ b/includes/installer/Installer.php @@ -1464,6 +1464,7 @@ abstract class Installer { /** * Installs the auto-detected extensions. * + * @suppress SecurityCheck-OTHER It thinks $exts/$IP is user controlled but they are not. * @return Status */ protected function includeExtensions() { diff --git a/includes/jobqueue/JobQueueDB.php b/includes/jobqueue/JobQueueDB.php index fa17284ecd..cda0636c86 100644 --- a/includes/jobqueue/JobQueueDB.php +++ b/includes/jobqueue/JobQueueDB.php @@ -206,6 +206,7 @@ class JobQueueDB extends JobQueue { /** * This function should *not* be called outside of JobQueueDB * + * @suppress SecurityCheck-SQLInjection Bug in phan-taint-check handling bulk inserts * @param IDatabase $dbw * @param IJobSpecification[] $jobs * @param int $flags diff --git a/includes/parser/LinkHolderArray.php b/includes/parser/LinkHolderArray.php index f4856be96d..078c819d6f 100644 --- a/includes/parser/LinkHolderArray.php +++ b/includes/parser/LinkHolderArray.php @@ -275,6 +275,7 @@ class LinkHolderArray { /** * Replace internal links + * @suppress SecurityCheck-XSS Gets confused with $entry['pdbk'] * @param string &$text */ protected function replaceInternal( &$text ) { @@ -418,6 +419,7 @@ class LinkHolderArray { /** * Replace interwiki links * @param string &$text + * @suppress SecurityCheck-XSS Gets confused with $this->interwikis['pdbk'] */ protected function replaceInterwiki( &$text ) { if ( empty( $this->interwikis ) ) { -- 2.20.1