./includes/Cite.php:276 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. ./includes/Cite.php:277 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. ./includes/Cite.php:279 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. ./includes/Cite.php:284 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. ./includes/Cite.php:285 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. ./includes/Cite.php:287 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. ./includes/Cite.php:295 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key. ./includes/Cite.php:296 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key. ./includes/Cite.php:314 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key. ./includes/Cite.php:315 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key. ./includes/Cite.php:777 SecurityCheck-DoubleEscaped Calling method \Parser::recursiveTagParse() in \Cite::referencesFormat that outputs using tainted argument $parserInput. (Caused by: ./includes/Cite.php +772) ./includes/Cite.php:1050 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: ./includes/Cite.php +984; ./includes/Cite.php +1131; ./includes/Cite.php +987) ./includes/Cite.php:1050 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: ./includes/Cite.php +984; ./includes/Cite.php +1131; ./includes/Cite.php +987; ./includes/Cite.php +1131) ./includes/Cite.php:1058 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: ./includes/Cite.php +984; ./includes/Cite.php +1131; ./includes/Cite.php +987) ./includes/Cite.php:1058 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: ./includes/Cite.php +984; ./includes/Cite.php +1131; ./includes/Cite.php +987; ./includes/Cite.php +1131) ./includes/Cite.php:1234 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::checkRefsNoReferences that outputs using tainted argument $group. (Caused by: ./includes/Cite.php +1227; ./includes/Cite.php +743; ./includes/Cite.php +1232) ./includes/Cite.php:1235 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::checkRefsNoReferences that outputs using tainted argument $group. (Caused by: ./includes/Cite.php +1227; ./includes/Cite.php +743; ./includes/Cite.php +1232) ./includes/Cite.php:1237 SecurityCheck-DoubleEscaped Calling method \Sanitizer::safeEncodeAttribute() in \Cite::checkRefsNoReferences that outputs using tainted argument $group. (Caused by: ./includes/Cite.php +1227; ./includes/Cite.php +743; ./includes/Cite.php +1232) ./includes/Cite.php:1369 SecurityCheck-DoubleEscaped Calling method \Parser::recursiveTagParse() in \Cite::error that outputs using tainted argument $ret. (Caused by: ./includes/Cite.php +1358) ./includes/Cite.php:1369 SecurityCheck-DoubleEscaped Calling method \Parser::recursiveTagParse() in \Cite::error that outputs using tainted argument $ret. (Caused by: ./includes/Cite.php +1358; ./includes/Cite.php +1369) ./includes/Cite.php:1412 SecurityCheck-DoubleEscaped Calling method \Parser::recursiveTagParse() in \Cite::warning that outputs using tainted argument $ret. (Caused by: ./includes/Cite.php +1400) ./includes/Cite.php:1412 SecurityCheck-DoubleEscaped Calling method \Parser::recursiveTagParse() in \Cite::warning that outputs using tainted argument $ret. (Caused by: ./includes/Cite.php +1400; ./includes/Cite.php +1412)
Description
Description
Details
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
Make Cite pass phan-taint-check | mediawiki/extensions/Cite | master | +27 -17 |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | None | T193909 update phan-taint-check to 1.2.0 | |||
Resolved | Bawolff | T195009 Cite extension does not pass phan-taint-check 1.2.0 |
Event Timeline
Comment Actions
It is now failing also for 1.1.0 and blocks merges
<?xml version="1.0" encoding="ISO-8859-15"?> <checkstyle version="6.5"> <file name="./includes/Cite.php"> <error line="276" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/> <error line="277" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/> <error line="279" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/> <error line="284" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/> <error line="285" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/> <error line="287" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/> <error line="295" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/> <error line="296" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/> <error line="314" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/> <error line="315" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::guardedRef that outputs using tainted argument $key. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +251)" source="SecurityCheck-DoubleEscaped"/> <error line="1056" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +990; ./includes/Cite.php +1137; ./includes/Cite.php +993)" source="SecurityCheck-DoubleEscaped"/> <error line="1056" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +990; ./includes/Cite.php +1137; ./includes/Cite.php +993; ./includes/Cite.php +1137)" source="SecurityCheck-DoubleEscaped"/> <error line="1056" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +990; ./includes/Cite.php +1137; ./includes/Cite.php +993; ./includes/Cite.php +1137; ./includes/Cite.php +1137)" source="SecurityCheck-DoubleEscaped"/> <error line="1064" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +990; ./includes/Cite.php +1137; ./includes/Cite.php +993)" source="SecurityCheck-DoubleEscaped"/> <error line="1064" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +990; ./includes/Cite.php +1137; ./includes/Cite.php +993; ./includes/Cite.php +1137)" source="SecurityCheck-DoubleEscaped"/> <error line="1064" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::linkRef that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +990; ./includes/Cite.php +1137; ./includes/Cite.php +993; ./includes/Cite.php +1137; ./includes/Cite.php +1137)" source="SecurityCheck-DoubleEscaped"/> <error line="1235" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::checkRefsNoReferences that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +1226)" source="SecurityCheck-DoubleEscaped"/> <error line="1236" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::checkRefsNoReferences that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +1226)" source="SecurityCheck-DoubleEscaped"/> <error line="1238" severity="warning" message="Calling method \Sanitizer::safeEncodeAttribute() in \Cite::checkRefsNoReferences that outputs using tainted argument $group. (Caused by: Builtin-\Sanitizer::safeEncodeAttribute) (Caused by: ./includes/Cite.php +1226)" source="SecurityCheck-DoubleEscaped"/> </file> </checkstyle>
Comment Actions
Change 460181 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/Cite@master] Make Cite pass phan-taint-check
Comment Actions
Change 460181 merged by jenkins-bot:
[mediawiki/extensions/Cite@master] Make Cite pass phan-taint-check