From 6b19444b32360d506a8166bb21c0b462e7eea462 Mon Sep 17 00:00:00 2001
From: Brian Wolff <bawolff+wn@gmail.com>
Date: Fri, 6 Jul 2018 13:47:39 +0000
Subject: [PATCH] Force phan-taint-check to think LogFormatter stuff is safe
 for html

Whether or not LogFormatter::getActionText() and friends are safe
for html depends on the runtime value of LogFormatter::$plaintext
which is beyond the abilities of phan-taint-check's static analysis
to determine. Thus this method results in a lot of false positives.

To prevent that, add an annotation that marks the method as always
safe for html. This is not ideal, but refactoring this method while
maintaining back-compat looks like it would be very challenging.

Bug: T197002
Change-Id: I9aded350ed4acc733b4fb697dd3400686a178fa9
---
 includes/logging/LogFormatter.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/includes/logging/LogFormatter.php b/includes/logging/LogFormatter.php
index d59c6aa1ca..35bb45164d 100644
--- a/includes/logging/LogFormatter.php
+++ b/includes/logging/LogFormatter.php
@@ -189,6 +189,7 @@ class LogFormatter {
 	 * to avoid formatting for any particular user.
 	 * @see getActionText()
 	 * @return string Plain text
+	 * @return-taint tainted
 	 */
 	public function getPlainActionText() {
 		$this->plaintext = true;
@@ -436,6 +437,8 @@ class LogFormatter {
 	/**
 	 * Gets the log action, including username.
 	 * @return string HTML
+	 * phan-taint-check gets very confused by $this->plaintext, so disable.
+	 * @return-taint onlysafefor_html
 	 */
 	public function getActionText() {
 		if ( $this->canView( LogPage::DELETED_ACTION ) ) {
@@ -702,6 +705,7 @@ class LogFormatter {
 	 * Helper method for displaying restricted element.
 	 * @param string $message
 	 * @return string HTML or wiki text
+	 * @return-taint onlysafefor_html
 	 */
 	protected function getRestrictedElement( $message ) {
 		if ( $this->plaintext ) {
@@ -737,6 +741,12 @@ class LogFormatter {
 		return $this->context->msg( $key );
 	}
 
+	/**
+	 * @param User $user
+	 * @param int $toolFlags Combination of Linker::TOOL_LINKS_* flags
+	 * @return string wikitext or html
+	 * @return-taint onlysafefor_html
+	 */
 	protected function makeUserLink( User $user, $toolFlags = 0 ) {
 		if ( $this->plaintext ) {
 			$element = $user->getName();
@@ -938,6 +948,10 @@ class LegacyLogFormatter extends LogFormatter {
 		return $this->comment;
 	}
 
+	/**
+	 * @return string
+	 * @return-taint onlysafefor_html
+	 */
 	protected function getActionMessage() {
 		$entry = $this->entry;
 		$action = LogPage::actionText(
-- 
2.20.1