Would be nice to add phan-taint-check-plugin to EducationProgram extensions
<?xml version="1.0" encoding="ISO-8859-15"?> <checkstyle version="6.5"> <file name="./includes/actions/HistoryAction.php"> <error line="94" severity="warning" message="Calling method \OutputPage::addHTML() in \EducationProgram\HistoryAction::displayRevisions that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: ./includes/actions/HistoryAction.php +71)" source="SecurityCheck-XSS"/> </file> <file name="./includes/actions/ViewOrgAction.php"> <error line="99" severity="warning" message="Calling method \htmlspecialchars() in \EducationProgram\ViewOrgAction::getSummaryData that outputs using tainted argument $stat." source="SecurityCheck-DoubleEscaped"/> </file> <file name="./includes/pagers/ArticleTable.php"> <error line="375" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./includes/pagers/ArticleTable.php +372; ../../includes/user/UserGroupMembership.php +402; ./includes/pagers/ArticleTable.php +375)" source="SecurityCheck-XSS"/> <error line="375" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./includes/pagers/ArticleTable.php +372; ../../includes/user/UserGroupMembership.php +402; ./includes/pagers/ArticleTable.php +375; ./includes/pagers/ArticleTable.php +404)" source="SecurityCheck-XSS"/> <error line="375" severity="warning" message="Calling method \Linker::link() in \EducationProgram\ArticleTable::getArticleCell that outputs using tainted argument $html. (Caused by: ../../includes/Linker.php +113) (Caused by: ./includes/pagers/ArticleTable.php +372; ../../includes/user/UserGroupMembership.php +402; ./includes/pagers/ArticleTable.php +375)" source="SecurityCheck-XSS"/> <error line="375" severity="warning" message="Calling method \Linker::link() in \EducationProgram\ArticleTable::getArticleCell that outputs using tainted argument $html. (Caused by: ../../includes/Linker.php +113) (Caused by: ./includes/pagers/ArticleTable.php +372; ../../includes/user/UserGroupMembership.php +402; ./includes/pagers/ArticleTable.php +375; ./includes/pagers/ArticleTable.php +404)" source="SecurityCheck-XSS"/> <error line="404" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./includes/pagers/ArticleTable.php +372; ../../includes/user/UserGroupMembership.php +402; ./includes/pagers/ArticleTable.php +375)" source="SecurityCheck-XSS"/> <error line="404" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./includes/pagers/ArticleTable.php +372; ../../includes/user/UserGroupMembership.php +402; ./includes/pagers/ArticleTable.php +375; ./includes/pagers/ArticleTable.php +404)" source="SecurityCheck-XSS"/> </file> <file name="./includes/pagers/CoursePager.php"> <error line="146" severity="warning" message="Calling method \htmlspecialchars() in \EducationProgram\CoursePager::getFormattedValue that outputs using tainted argument $value." source="SecurityCheck-DoubleEscaped"/> <error line="158" severity="warning" message="Calling method \htmlspecialchars() in \EducationProgram\CoursePager::getFormattedValue that outputs using tainted argument $[arg #1]. (Caused by: ./includes/pagers/CoursePager.php +153)" source="SecurityCheck-DoubleEscaped"/> <error line="165" severity="warning" message="Calling method \htmlspecialchars() in \EducationProgram\CoursePager::getFormattedValue that outputs using tainted argument $[arg #1]. (Caused by: ./includes/pagers/CoursePager.php +153; ./includes/pagers/CoursePager.php +158)" source="SecurityCheck-DoubleEscaped"/> </file> <file name="./includes/pagers/OrgPager.php"> <error line="114" severity="warning" message="Calling method \htmlspecialchars() in \EducationProgram\OrgPager::getFormattedValue that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/> </file> <file name="./includes/pagers/StudentActivityPager.php"> <error line="106" severity="warning" message="Calling method \htmlspecialchars() in \EducationProgram\StudentActivityPager::getFormattedValue that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/> </file> <file name="./includes/pagers/StudentPager.php"> <error line="91" severity="warning" message="Calling method \htmlspecialchars() in \EducationProgram\StudentPager::getFormattedValue that outputs using tainted argument $[arg #1]." source="SecurityCheck-DoubleEscaped"/> </file> </checkstyle>
Possible affected by T183174