LiquidThreads failing on version 1.3.0 (and on 1.4.0, but that is T203281), which now blocks merges
<?xml version="1.0" encoding="ISO-8859-15"?> <checkstyle version="6.5"> <file name="./classes/Thread.php"> <error line="1304" severity="warning" message="Calling method \LqtView::formatSubject in \Thread::formattedSubject that is always unsafe (Caused by: ./classes/View.php +2494)" source="SecurityCheck-DoubleEscaped"/> </file> <file name="./classes/View.php"> <error line="192" severity="warning" message="Calling method \Thread::formattedSubject in \LqtView::linkInContext that is always unsafe (Caused by: ./classes/Thread.php +1304)" source="SecurityCheck-DoubleEscaped"/> <error line="1733" severity="warning" message="Calling method \Thread::formattedSubject in \LqtView::showThreadHeading that is always unsafe (Caused by: ./classes/Thread.php +1304)" source="SecurityCheck-DoubleEscaped"/> <error line="1739" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./classes/View.php +1733)" source="SecurityCheck-DoubleEscaped"/> <error line="1740" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./classes/View.php +1733; ./classes/View.php +1739)" source="SecurityCheck-DoubleEscaped"/> <error line="1741" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./classes/View.php +1733; ./classes/View.php +1739; ./classes/View.php +1740)" source="SecurityCheck-DoubleEscaped"/> <error line="1747" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./classes/View.php +1733)" source="SecurityCheck-DoubleEscaped"/> <error line="2176" severity="warning" message="Calling method \LqtView::showThreadHeading in \LqtView::showThread that is always unsafe (Caused by: ./classes/View.php +1750; ./classes/View.php +1733; ./classes/View.php +1747)" source="SecurityCheck-DoubleEscaped"/> <error line="2176" severity="warning" message="Calling method \LqtView::showThreadHeading in \LqtView::showThread that is always unsafe (Caused by: ./classes/View.php +1750; ./classes/View.php +1733; ./classes/View.php +1747; ./classes/View.php +1733; ./classes/View.php +1747)" source="SecurityCheck-DoubleEscaped"/> <error line="2176" severity="warning" message="Calling method \LqtView::showThreadHeading in \LqtView::showThread that is always unsafe (Caused by: ./classes/View.php +1750; ./classes/View.php +1733; ./classes/View.php +1747; ./classes/View.php +1733; ./classes/View.php +1747; ./classes/View.php +1733; ./classes/View.php +1747)" source="SecurityCheck-DoubleEscaped"/> <error line="2181" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./classes/View.php +2176)" source="SecurityCheck-DoubleEscaped"/> <error line="2189" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./classes/View.php +2176; ./classes/View.php +2181)" source="SecurityCheck-DoubleEscaped"/> <error line="2195" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./classes/View.php +2176; ./classes/View.php +2181; ./classes/View.php +2189)" source="SecurityCheck-DoubleEscaped"/> <error line="2209" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./classes/View.php +2176; ./classes/View.php +2181; ./classes/View.php +2189; ./classes/View.php +2195)" source="SecurityCheck-DoubleEscaped"/> <error line="2259" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./classes/View.php +2176; ./classes/View.php +2181; ./classes/View.php +2189; ./classes/View.php +2195; ./classes/View.php +2209; ./classes/View.php +2219)" source="SecurityCheck-DoubleEscaped"/> <error line="2279" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./classes/View.php +2176; ./classes/View.php +2181; ./classes/View.php +2189; ./classes/View.php +2195; ./classes/View.php +2209; ./classes/View.php +2219; ./classes/View.php +2260)" source="SecurityCheck-DoubleEscaped"/> <error line="2284" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./classes/View.php +2176; ./classes/View.php +2181; ./classes/View.php +2189; ./classes/View.php +2195; ./classes/View.php +2209; ./classes/View.php +2219; ./classes/View.php +2260; ./classes/View.php +2280)" source="SecurityCheck-DoubleEscaped"/> <error line="2290" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: ./classes/View.php +2176; ./classes/View.php +2181; ./classes/View.php +2189; ./classes/View.php +2195; ./classes/View.php +2209; ./classes/View.php +2219; ./classes/View.php +2260; ./classes/View.php +2280)" source="SecurityCheck-DoubleEscaped"/> <error line="2494" severity="warning" message="Calling method \Linker::formatLinksInComment in \LqtView::formatSubject that is always unsafe (Caused by: ../../includes/Linker.php +1218)" source="SecurityCheck-DoubleEscaped"/> </file> <file name="./pages/NewUserMessagesView.php"> <error line="42" severity="warning" message="Calling method \LqtView::formatSubject in \NewUserMessagesView::getUndoButton that is always unsafe (Caused by: ./classes/View.php +2494)" source="SecurityCheck-DoubleEscaped"/> </file> <file name="./pages/ThreadPermalinkView.php"> <error line="108" severity="warning" message="Calling method \LqtView::showThreadHeading in \ThreadPermalinkView::showThreadHeading that is always unsafe (Caused by: ./classes/View.php +1750; ./classes/View.php +1733; ./classes/View.php +1747; ./classes/View.php +1733; ./classes/View.php +1747; ./classes/View.php +1733; ./classes/View.php +1747)" source="SecurityCheck-DoubleEscaped"/> </file> </checkstyle>
From https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/LiquidThreads/+/458319/
https://integration.wikimedia.org/ci/job/mwext-php70-phan-seccheck-docker/13563/console