From: sbassett Date: Tue, 13 Aug 2019 22:06:53 +0000 (-0500) Subject: Set @return-taint of Sanitizer::stripAllTags to tainted X-Git-Tag: 1.34.0-rc.0~722^2 X-Git-Url: https://git.cyclocoop.org/%20%27.%28%24debut%20%20%20%24par_page%29.%27?a=commitdiff_plain;h=dcdbd13d97bbf824c94db7c764cb34b18ef3d8ba;p=lhc%2Fweb%2Fwiklou.git Set @return-taint of Sanitizer::stripAllTags to tainted phan-taint-check (aka SecurityCheckPlugin) doesn't recognize Sanitizer::stripAllTags' output as tainted in certain situations. Adding a @return-taint of tainted to ensure that it does, which may result in the reporting of more issues. Bug: T230234 Change-Id: I357c168417a26882c7c460df20f36ec2be401096 --- diff --git a/includes/parser/Sanitizer.php b/includes/parser/Sanitizer.php index 8e0cf5c877..d4110468b6 100644 --- a/includes/parser/Sanitizer.php +++ b/includes/parser/Sanitizer.php @@ -2036,6 +2036,7 @@ class Sanitizer { * * @param string $html HTML fragment * @return string + * @return-taint tainted */ static function stripAllTags( $html ) { // Use RemexHtml to tokenize $html and extract the text