see topic.
Remaining todo: Anything alphabetical >= PdfHandler Legoktm did the rest
Cite and CategoryTree have issues with new version
see topic.
Remaining todo: Anything alphabetical >= PdfHandler Legoktm did the rest
Cite and CategoryTree have issues with new version
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | None | T193909 update phan-taint-check to 1.2.0 | |||
Resolved | Bawolff | T195009 Cite extension does not pass phan-taint-check 1.2.0 | |||
Resolved | Legoktm | T195010 CategoryTree extension does not pass phan-taint-check 1.2.0 | |||
Resolved | Bawolff | T195017 Renameuser extension does not pass phan-taint-check 1.2.0 |
Fails on extension Cite:
./includes/Cite.php:276 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. ./includes/Cite.php:277 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. ./includes/Cite.php:279 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. ./includes/Cite.php:284 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. ./includes/Cite.php:285 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. ./includes/Cite.php:287 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. ./includes/Cite.php:295 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key. ./includes/Cite.php:296 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key. ./includes/Cite.php:314 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key. ./includes/Cite.php:315 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key. ./includes/Cite.php:777 SecurityCheck-DoubleEscaped Calling method \Parser::recursiveTagParse() in \Cite::referencesFormat that outputs using tainted argument $parserInput. (Caused by: ./includes/Cite.php +772) ./includes/Cite.php:1050 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: ./includes/Cite.php +984; ./includes/Cite.php +1131; ./includes/Cite.php +987) ./includes/Cite.php:1050 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: ./includes/Cite.php +984; ./includes/Cite.php +1131; ./includes/Cite.php +987; ./includes/Cite.php +1131) ./includes/Cite.php:1058 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: ./includes/Cite.php +984; ./includes/Cite.php +1131; ./includes/Cite.php +987) ./includes/Cite.php:1058 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: ./includes/Cite.php +984; ./includes/Cite.php +1131; ./includes/Cite.php +987; ./includes/Cite.php +1131) ./includes/Cite.php:1234 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::checkRefsNoReferences that outputs using tainted argument $group. (Caused by: ./includes/Cite.php +1227; ./includes/Cite.php +743; ./includes/Cite.php +1232) ./includes/Cite.php:1235 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::checkRefsNoReferences that outputs using tainted argument $group. (Caused by: ./includes/Cite.php +1227; ./includes/Cite.php +743; ./includes/Cite.php +1232) ./includes/Cite.php:1237 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::checkRefsNoReferences that outputs using tainted argument $group. (Caused by: ./includes/Cite.php +1227; ./includes/Cite.php +743; ./includes/Cite.php +1232) ./includes/Cite.php:1369 SecurityCheck-DoubleEscaped Calling method \Parser::recursiveTagParse() in \Cite::error that outputs using tainted argument $ret. (Caused by: ./includes/Cite.php +1358) ./includes/Cite.php:1369 SecurityCheck-DoubleEscaped Calling method \Parser::recursiveTagParse() in \Cite::error that outputs using tainted argument $ret. (Caused by: ./includes/Cite.php +1358; ./includes/Cite.php +1369) ./includes/Cite.php:1412 SecurityCheck-DoubleEscaped Calling method \Parser::recursiveTagParse() in \Cite::warning that outputs using tainted argument $ret. (Caused by: ./includes/Cite.php +1400) ./includes/Cite.php:1412 SecurityCheck-DoubleEscaped Calling method \Parser::recursiveTagParse() in \Cite::warning that outputs using tainted argument $ret. (Caused by: ./includes/Cite.php +1400; ./includes/Cite.php +1412)
Change 431007 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/CiteThisPage@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431008 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/CodeEditor@master] Add phan-taint-check as version 1.2.0
Change 431009 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/ConfirmEdit@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431010 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/Gadgets@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431011 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/ImageMap@master] Bump phan-taint-check 1.1.0->1.2.0
CategoryTree also has some potentially false positives from the new version:
./includes/CategoryTreeHooks.php:113 SecurityCheck-XSS Outputting user controlled HTML from Parser function hook \CategoryTreeHooks::parserFunction (Caused by: ./includes/CategoryTreeHooks.php +112) ./includes/CategoryTreeHooks.php:168 SecurityCheck-XSS Outputting user controlled HTML from Parser tag hook \CategoryTreeHooks::parserHook (Caused by: ./includes/CategoryTree.php +386; ./includes/CategoryTreeHooks.php +144; ./includes/CategoryTreeHooks.php +155) ./includes/CategoryTreePage.php:119 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \CategoryTreePage::execute that outputs using tainted argument $[arg #1]. (Caused by: ./includes/CategoryTree.php +556)
Change 431015 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/InputBox@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431016 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/Interwiki@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431018 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/LocalisationUpdate@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431007 merged by jenkins-bot:
[mediawiki/extensions/CiteThisPage@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431022 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/MultimediaViewer@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431009 merged by jenkins-bot:
[mediawiki/extensions/ConfirmEdit@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431010 merged by jenkins-bot:
[mediawiki/extensions/Gadgets@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431011 merged by jenkins-bot:
[mediawiki/extensions/ImageMap@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431023 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/Nuke@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431026 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/OATHAuth@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431008 merged by jenkins-bot:
[mediawiki/extensions/CodeEditor@master] Add phan-taint-check as version 1.2.0
Change 431016 merged by jenkins-bot:
[mediawiki/extensions/Interwiki@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431018 merged by jenkins-bot:
[mediawiki/extensions/LocalisationUpdate@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431023 merged by jenkins-bot:
[mediawiki/extensions/Nuke@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431026 merged by jenkins-bot:
[mediawiki/extensions/OATHAuth@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431015 merged by jenkins-bot:
[mediawiki/extensions/InputBox@master] Bump phan-taint-check 1.1.0->1.2.0
Change 431069 had a related patch set uploaded (by Legoktm; owner: Brian Wolff):
[mediawiki/extensions/OATHAuth@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431070 had a related patch set uploaded (by Legoktm; owner: Brian Wolff):
[mediawiki/extensions/ConfirmEdit@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431071 had a related patch set uploaded (by Legoktm; owner: Brian Wolff):
[mediawiki/extensions/Nuke@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431072 had a related patch set uploaded (by Legoktm; owner: Brian Wolff):
[mediawiki/extensions/LocalisationUpdate@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431073 had a related patch set uploaded (by Legoktm; owner: Brian Wolff):
[mediawiki/extensions/Interwiki@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431074 had a related patch set uploaded (by Legoktm; owner: Brian Wolff):
[mediawiki/extensions/ImageMap@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431075 had a related patch set uploaded (by Legoktm; owner: Brian Wolff):
[mediawiki/extensions/Gadgets@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431076 had a related patch set uploaded (by Legoktm; owner: Brian Wolff):
[mediawiki/extensions/CodeEditor@REL1_31] Add phan-taint-check as version 1.2.0
Change 431077 had a related patch set uploaded (by Legoktm; owner: Brian Wolff):
[mediawiki/extensions/CiteThisPage@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431079 had a related patch set uploaded (by Legoktm; owner: Brian Wolff):
[mediawiki/extensions/InputBox@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431069 merged by jenkins-bot:
[mediawiki/extensions/OATHAuth@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431070 merged by jenkins-bot:
[mediawiki/extensions/ConfirmEdit@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431071 merged by jenkins-bot:
[mediawiki/extensions/Nuke@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431072 merged by jenkins-bot:
[mediawiki/extensions/LocalisationUpdate@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431074 merged by jenkins-bot:
[mediawiki/extensions/ImageMap@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431075 merged by jenkins-bot:
[mediawiki/extensions/Gadgets@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431073 merged by jenkins-bot:
[mediawiki/extensions/Interwiki@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431077 merged by jenkins-bot:
[mediawiki/extensions/CiteThisPage@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431076 merged by jenkins-bot:
[mediawiki/extensions/CodeEditor@REL1_31] Add phan-taint-check as version 1.2.0
Change 431079 merged by jenkins-bot:
[mediawiki/extensions/InputBox@REL1_31] Bump phan-taint-check 1.1.0->1.2.0
Change 431022 merged by Umherirrender:
[mediawiki/extensions/MultimediaViewer@master] Bump phan-taint-check 1.1.0->1.2.0