From: Brian Wolff Date: Thu, 20 Sep 2018 05:38:05 +0000 (+0000) Subject: Fix some phan-taint-check false positives X-Git-Tag: 1.34.0-rc.0~4023 X-Git-Url: https://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/comptes/journal.php?a=commitdiff_plain;h=528042054f99fb1ebb3406cfb5eb72a2832a7705;p=lhc%2Fweb%2Fwiklou.git Fix some phan-taint-check false positives Change-Id: Ic5ccbb3f97722476bee7188b83b80cdc652d2a64 --- diff --git a/includes/actions/RawAction.php b/includes/actions/RawAction.php index 50eb28a3cf..817c9fd126 100644 --- a/includes/actions/RawAction.php +++ b/includes/actions/RawAction.php @@ -47,6 +47,9 @@ class RawAction extends FormlessAction { return false; } + /** + * @suppress SecurityCheck-XSS Non html mime type + */ function onView() { $this->getOutput()->disable(); $request = $this->getRequest(); diff --git a/includes/changetags/ChangeTags.php b/includes/changetags/ChangeTags.php index 008a2f6f19..45a35c0ead 100644 --- a/includes/changetags/ChangeTags.php +++ b/includes/changetags/ChangeTags.php @@ -88,6 +88,7 @@ class ChangeTags { * @return array Array with two items: (html, classes) * - html: String: HTML for displaying the tags (empty string when param $tags is empty) * - classes: Array of strings: CSS classes used in the generated html, one class for each tag + * @return-taint onlysafefor_htmlnoent */ public static function formatSummaryRow( $tags, $page, IContextSource $context = null ) { if ( !$tags ) { diff --git a/includes/installer/MysqlUpdater.php b/includes/installer/MysqlUpdater.php index 242363466b..6430ecee5b 100644 --- a/includes/installer/MysqlUpdater.php +++ b/includes/installer/MysqlUpdater.php @@ -601,7 +601,7 @@ class MysqlUpdater extends DatabaseUpdater { foreach ( $rows as $row ) { if ( $prev_title == $row->cur_title && $prev_namespace == $row->cur_namespace ) { - $deleteId[] = $row->cur_id; + $deleteId[] = (int)$row->cur_id; } $prev_title = $row->cur_title; $prev_namespace = $row->cur_namespace; diff --git a/includes/libs/rdbms/database/DatabasePostgres.php b/includes/libs/rdbms/database/DatabasePostgres.php index 3c2f145656..691a4b72e1 100644 --- a/includes/libs/rdbms/database/DatabasePostgres.php +++ b/includes/libs/rdbms/database/DatabasePostgres.php @@ -861,6 +861,9 @@ __INDEXATTR__; return false; } + /** + * @suppress SecurityCheck-SQLInjection array_map not recognized T204911 + */ public function listTables( $prefix = null, $fname = __METHOD__ ) { $eschemas = implode( ',', array_map( [ $this, 'addQuotes' ], $this->getCoreSchemas() ) ); $result = $this->query( diff --git a/includes/pager/IndexPager.php b/includes/pager/IndexPager.php index 7ce125de1b..05af4fdb84 100644 --- a/includes/pager/IndexPager.php +++ b/includes/pager/IndexPager.php @@ -80,6 +80,7 @@ abstract class IndexPager extends ContextSource implements Pager { public $mDefaultLimit = 50; public $mOffset, $mLimit; public $mQueryDone = false; + /** @var IDatabase */ public $mDb; public $mPastTheEndRow;