Page MenuHomePhabricator

Replace manual IN query with select wrapper in maintenance/storage/checkStorage.php [blob_id]
Closed, ResolvedPublic


[This is very similar to T182208]

In MediaWiki core, maintenance/storage/checkStorage.php manually puts together SQL fragments to
make IN queries. This is causing false positives in the phan-taint-check-plugin script.

Instead we should use the functionality of the $dbr->select() to generate them automatically.

Things like:

$res = $extDb->select( $blobsTable,
        [ 'blob_id' ],
        [ 'blob_id IN( ' . implode( ',', $blobIds ) . ')' ], __METHOD__ );

Should be replaced with

$res = $extDb->select(
        [ 'blob_id' ],
        [ 'blob_id' => $blobids ],

You are expected to provide a patch in Wikimedia Gerrit which replaces all of manual IN construction in

  • maintenance/storage/checkStorage.php (Line 209 and 413).

See for how to set up Git and Gerrit.

Event Timeline

Bawolff created this task.Dec 12 2017, 2:44 PM
Restricted Application added subscribers: TerraCodes, Aklapper. · View Herald TranscriptDec 12 2017, 2:44 PM

Change 398205 had a related patch set uploaded (by Pppery; owner: Pppery):
[mediawiki/core@master] Fix manual IN queries in checkStorage,php

Change 398205 merged by jenkins-bot:
[mediawiki/core@master] Fix manual IN queries in checkStorage.php

Bawolff closed this task as Resolved.Dec 14 2017, 4:15 AM
Bawolff assigned this task to Pppery.