Using 1.3.0.
The following code looks safe but reports issues:
Maybe it is enough to make Title::getArticleID safe, but that looks already returning int
protected function getNewslettersWithNewsletterMainPage( $newNewsletterName ) { $dbr = wfGetDB( DB_REPLICA ); return $dbr->selectRowCount( 'nl_newsletters', '*', $dbr->makeList( [ 'nl_name' => $newNewsletterName, $dbr->makeList( [ 'nl_main_page_id' => $this->content->getMainPage()->getArticleID(), 'nl_active' => 1 ], LIST_AND ) ], LIST_OR ) ); }
<?xml version="1.0" encoding="ISO-8859-15"?> <checkstyle version="6.5"> <file name="./includes/content/NewsletterDataUpdate.php"> <error line="31" severity="error" message="Calling method \Wikimedia\Rdbms\Database::selectRowCount() in \NewsletterDataUpdate::getNewslettersWithNewsletterMainPage that outputs using tainted argument $[arg #3]. (Caused by: ../../includes/Title.php +3535; ../../includes/Title.php +3528; ../../includes/Title.php +3532)" source="SecurityCheck-SQLInjection"/> </file> </checkstyle>