Page MenuHomePhabricator

Suppress or fix non-double escape phan-taint-check warnings for MW core
Open, MediumPublic

Description

As the first step to getting phan-taint-check running on MW core, we need to get rid of the false (and true!) positives in MW core.

As first step, ignore the double escaping warnings, to make this task more manageable (We can exclude those warnings in initial deployment to build process)

Details

ProjectBranchLines +/-Subject
mediawiki/coremaster+12 -7
mediawiki/coremaster+2 -0
mediawiki/coremaster+2 -1
mediawiki/coremaster+3 -0
mediawiki/coremaster+2 -0
mediawiki/coremaster+30 -8
mediawiki/tools/phan/SecurityCheckPluginmaster+52 -8
mediawiki/coremaster+6 -1
mediawiki/coremaster+7 -7
mediawiki/coremaster+0 -1
mediawiki/coremaster+26 -26
mediawiki/coremaster+22 -11
mediawiki/coremaster+19 -26
mediawiki/coremaster+2 -2
mediawiki/coremaster+2 -0
mediawiki/coremaster+3 -1
mediawiki/coremaster+15 -9
mediawiki/coremaster+14 -2
mediawiki/coremaster+42 -25
mediawiki/coremaster+2 -2
mediawiki/coremaster+17 -6
mediawiki/coremaster+5 -0
mediawiki/coremaster+4 -4
mediawiki/coremaster+1 -1
Show related patches Customize query in gerrit

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

Change 462839 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] Avoid rawParams() in Special:Emailuser

https://gerrit.wikimedia.org/r/462839

Change 491035 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] Make addIdentifierQuotes part of IDatabase

https://gerrit.wikimedia.org/r/491035

Aklapper renamed this task from Suppress or fix non-doubke escape phan-taint-check warnings for MW core to Suppress or fix non-double escape phan-taint-check warnings for MW core.Feb 17 2019, 11:07 AM

Change 491036 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] Make Special:Version escape extension names that aren't links

https://gerrit.wikimedia.org/r/491036

Change 491037 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] Do not use raw html for Special:ProtectedPages drop-down messages

https://gerrit.wikimedia.org/r/491037

Change 491038 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] Use htmlspecialchars() not htmlentities in xml export for validity

https://gerrit.wikimedia.org/r/491038

Change 491039 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] Various fixes to Block.php to make phan-taint-check happy

https://gerrit.wikimedia.org/r/491039

Change 491040 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] Various fixes to make phan-taint-check happier

https://gerrit.wikimedia.org/r/491040

Change 491041 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] Various fixes to make phan-taint-check happier

https://gerrit.wikimedia.org/r/491041

Change 491042 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] Various fixes for phan-taint-check

https://gerrit.wikimedia.org/r/491042

Change 491043 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] Various fixes for phan-taint-check

https://gerrit.wikimedia.org/r/491043

Change 462839 merged by jenkins-bot:
[mediawiki/core@master] Avoid rawParams() in Special:Emailuser

https://gerrit.wikimedia.org/r/462839

Change 491037 merged by jenkins-bot:
[mediawiki/core@master] Do not use raw html for Special:ProtectedPages drop-down messages

https://gerrit.wikimedia.org/r/491037

Change 491042 merged by jenkins-bot:
[mediawiki/core@master] Various fixes for phan-taint-check

https://gerrit.wikimedia.org/r/491042

Change 491041 merged by jenkins-bot:
[mediawiki/core@master] Various fixes to make phan-taint-check happier

https://gerrit.wikimedia.org/r/491041

Change 491038 merged by jenkins-bot:
[mediawiki/core@master] Use htmlspecialchars() not htmlentities in xml export for validity

https://gerrit.wikimedia.org/r/491038

Change 491043 merged by jenkins-bot:
[mediawiki/core@master] Various fixes for phan-taint-check

https://gerrit.wikimedia.org/r/491043

Change 491040 merged by jenkins-bot:
[mediawiki/core@master] Various fixes to make phan-taint-check happier

https://gerrit.wikimedia.org/r/491040

Change 491035 merged by jenkins-bot:
[mediawiki/core@master] Make addIdentifierQuotes part of IDatabase

https://gerrit.wikimedia.org/r/491035

Change 491036 had a related patch set uploaded (by Krinkle; owner: Brian Wolff):
[mediawiki/core@master] Make Special:Version escape extension names that aren't links

https://gerrit.wikimedia.org/r/491036

Change 491036 merged by jenkins-bot:
[mediawiki/core@master] Make Special:Version escape extension names that aren't links

https://gerrit.wikimedia.org/r/491036

Krinkle moved this task from Inbox to Checkers on the MediaWiki-Core-Testing board.Apr 8 2019, 6:02 PM
Daimona added a subscriber: Daimona.EditedMay 15 2019, 5:22 PM

I checked with 2.x, and we have 64 DoubleEscaped of a total of 512 warnings, so they're not really a problem. I'll sample a few warnings and check how many false positives I got. If there are too many, it may be worth fixing taint-check first (if the fix is easy), then start working on core as soon as a future version (not 2.0) is released.

EDIT: And apparently some of them are false positives. I'll check how we can fix those. ATM I cannot compare the results with seccheck master due to system incompatibility, so I'm wondering, is there an error count available for taint-check master?

Daimona added a comment.EditedMay 19 2019, 11:48 AM

I checked with 2.x, and we have 64 DoubleEscaped of a total of 512 warnings

After having fixed some other regressions, running https://gerrit.wikimedia.org/r/#/c/mediawiki/tools/phan/SecurityCheckPlugin/+/507619/ on core yields 218 DoubleEscaped warnings and 249 total warnings. I'll look into the remaining issues.

sbassett changed the task status from Open to Stalled.Jun 26 2019, 7:21 PM
sbassett triaged this task as Medium priority.
sbassett added a subscriber: sbassett.

@Daimona - with r/507619 being merged, do we need to keep this task open? If there are remaining issues, do we want to break those out into other tasks?

@sbassett Great question! I think we need the final error count with seccheck 2.x. Individual tasks will probably be the right choice once we get a limited amount of different errors.

Change 522419 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/core@master] [WIP] Add phan-taint-check-plugin

https://gerrit.wikimedia.org/r/522419

Daimona changed the task status from Stalled to Open.Jul 12 2019, 11:50 AM

Let's see how many things we have to fix, and whether to open separate tasks.

Daimona added a comment.EditedJul 15 2019, 11:20 AM

Current warnings list is here:

1<?xml version="1.0" encoding="ISO-8859-15"?>
2<checkstyle version="6.5">
3 <file name="includes/CategoryViewer.php">
4 <error line="184" severity="warning" message="Calling method \CategoryViewer::generateLink() in \CategoryViewer::addSubcategoryObject that outputs using tainted argument $[arg #4]. (Caused by: includes/CategoryViewer.php +203)" source="SecurityCheck-DoubleEscaped"/>
5 <error line="416" severity="warning" message="Calling method \CategoryViewer::formatList() in \CategoryViewer::getSubcategorySection that outputs using tainted argument $[arg #2]. (Caused by: includes/CategoryViewer.php +534) (Caused by: includes/CategoryViewer.php +191; includes/CategoryViewer.php +275)" source="SecurityCheck-DoubleEscaped"/>
6 <error line="446" severity="warning" message="Calling method \CategoryViewer::formatList() in \CategoryViewer::getPagesSection that outputs using tainted argument $[arg #2]. (Caused by: includes/CategoryViewer.php +534) (Caused by: includes/CategoryViewer.php +268; includes/CategoryViewer.php +279)" source="SecurityCheck-DoubleEscaped"/>
7 <error line="474" severity="warning" message="Calling method \CategoryViewer::formatList() in \CategoryViewer::getImageSection that outputs using tainted argument $[arg #2]. (Caused by: includes/CategoryViewer.php +534) (Caused by: includes/CategoryViewer.php +253; includes/CategoryViewer.php +283)" source="SecurityCheck-DoubleEscaped"/>
8 </file>
9 <file name="includes/Linker.php">
10 <error line="858" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/Linker.php +858)" source="SecurityCheck-DoubleEscaped"/>
11 <error line="1760" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/Linker.php +1760)" source="SecurityCheck-DoubleEscaped"/>
12 </file>
13 <file name="includes/OutputPage.php">
14 <error line="2561" severity="warning" message="Echoing expression that was not html escaped (Caused by: includes/OutputPage.php +1573; includes/OutputPage.php +1551; includes/OutputPage.php +1560; includes/OutputPage.php +1939; includes/OutputPage.php +2653; includes/OutputPage.php +3960; includes/OutputPage.php +2843; includes/OutputPage.php +2730; i...)" source="SecurityCheck-XSS"/>
15 <error line="3165" severity="warning" message="Calling method \ResourceLoader::makeConfigSetScript() in \OutputPage::getBottomScripts that outputs using tainted argument $[arg #1]. (Caused by: includes/resourceloader/ResourceLoader.php +1537) (Caused by: includes/OutputPage.php +1890)" source="SecurityCheck-DoubleEscaped"/>
16 <error line="3166" severity="warning" message="Calling method \ResourceLoader::makeConfigSetScript() in \OutputPage::getBottomScripts that outputs using tainted argument $[arg #1]. (Caused by: includes/resourceloader/ResourceLoader.php +1537) (Caused by: includes/OutputPage.php +1890)" source="SecurityCheck-DoubleEscaped"/>
17 <error line="3816" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/OutputPage.php +3812)" source="SecurityCheck-DoubleEscaped"/>
18 </file>
19 <file name="includes/Rest/ResponseFactory.php">
20 <error line="234" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/Rest/ResponseFactory.php +234)" source="SecurityCheck-DoubleEscaped"/>
21 </file>
22 <file name="includes/actions/HistoryAction.php">
23 <error line="415" severity="warning" message="Calling method \FeedItem::__construct() in \HistoryAction::feedEmpty that outputs using tainted argument $[arg #2]. (Caused by: includes/changes/FeedItem.php +145) (Caused by: Builtin-\Message::parseAsBlock; includes/language/Message.php +981)" source="SecurityCheck-DoubleEscaped"/>
24 <error line="457" severity="warning" message="Calling method \FeedItem::__construct() in \HistoryAction::feedItem that outputs using tainted argument $text. (Caused by: includes/changes/FeedItem.php +145) (Caused by: includes/actions/HistoryAction.php +436)" source="SecurityCheck-DoubleEscaped"/>
25 </file>
26 <file name="includes/actions/RawAction.php">
27 <error line="127" severity="warning" message="Calling method \HttpError::__construct() in \RawAction::onView that outputs using tainted argument $msg. (Caused by: includes/exception/HttpError.php +122) (Caused by: includes/actions/RawAction.php +126)" source="SecurityCheck-DoubleEscaped"/>
28 <error line="152" severity="warning" message="Calling method \HttpError::__construct() in \RawAction::onView that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php +122) (Caused by: includes/GlobalFunctions.php +1270)" source="SecurityCheck-DoubleEscaped"/>
29 </file>
30 <file name="includes/api/ApiCSPReport.php">
31 <error line="188" severity="warning" message="Calling method \ApiCSPReport::error() in \ApiCSPReport::getReport that outputs using tainted argument $msg. (Caused by: includes/api/ApiCSPReport.php +252) (Caused by: includes/api/ApiCSPReport.php +184)" source="SecurityCheck-DoubleEscaped"/>
32 </file>
33 <file name="includes/api/ApiFeedContributions.php">
34 <error line="148" severity="warning" message="Calling method \FeedItem::__construct() in \ApiFeedContributions::feedItem that outputs using tainted argument $[arg #2]. (Caused by: includes/changes/FeedItem.php +145) (Caused by: includes/api/ApiFeedContributions.php +197; includes/api/ApiFeedContributions.php +177)" source="SecurityCheck-DoubleEscaped"/>
35 </file>
36 <file name="includes/api/ApiFeedWatchlist.php">
37 <error line="157" severity="warning" message="Calling method \FeedItem::__construct() in \ApiFeedWatchlist::execute that outputs using tainted argument $errorTitle. (Caused by: includes/changes/FeedItem.php +119) (Caused by: includes/api/ApiFeedWatchlist.php +155)" source="SecurityCheck-DoubleEscaped"/>
38 <error line="164" severity="warning" message="Calling method \FeedItem::__construct() in \ApiFeedWatchlist::execute that outputs using tainted argument $errorTitle. (Caused by: includes/changes/FeedItem.php +119) (Caused by: includes/api/ApiFeedWatchlist.php +162)" source="SecurityCheck-DoubleEscaped"/>
39 </file>
40 <file name="includes/api/ApiFormatJson.php">
41 <error line="112" severity="warning" message="Calling method \ApiFormatJson::printText() in \ApiFormatJson::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/api/ApiFormatJson.php +112; includes/api/ApiFormatJson.php +109)" source="SecurityCheck-XSS"/>
42 </file>
43 <file name="includes/api/ApiHelp.php">
44 <error line="293" severity="warning" message="Calling method \Html::element() in \ApiHelp::getHelpInternal that outputs using tainted argument $headerContent. (Caused by: Builtin-\Html::element) (Caused by: includes/api/ApiHelp.php +269; includes/api/ApiHelp.php +293)" source="SecurityCheck-DoubleEscaped"/>
45 <error line="571" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/api/ApiHelp.php +571)" source="SecurityCheck-DoubleEscaped"/>
46 <error line="807" severity="warning" message="Calling method \Html::element() in \ApiHelp::getHelpInternal that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::element) (Caused by: includes/api/ApiHelp.php +317; includes/api/ApiHelp.php +808; includes/api/ApiHelp.php +807)" source="SecurityCheck-DoubleEscaped"/>
47 <error line="808" severity="warning" message="Calling method \Html::element() in \ApiHelp::getHelpInternal that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::element) (Caused by: includes/api/ApiHelp.php +317; includes/api/ApiHelp.php +808)" source="SecurityCheck-DoubleEscaped"/>
48 </file>
49 <file name="includes/api/ApiQueryBacklinks.php">
50 <error line="450" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/api/ApiQueryBacklinks.php +173; includes/api/ApiQueryBacklinks.php +295; includes/api/ApiQueryBacklinks.php +250; includes/api/ApiQueryBacklinks.php +294; includes/api/ApiQueryBacklinks.php +287)" source="SecurityCheck-DoubleEscaped"/>
51 </file>
52 <file name="includes/block/DatabaseBlock.php">
53 <error line="321" severity="error" message="Calling method \Wikimedia\Rdbms\Database::select() in \MediaWiki\Block\DatabaseBlock::newLoad that outputs using tainted argument $conds. (Caused by: Builtin-\Wikimedia\Rdbms\Database::select) (Caused by: includes/block/DatabaseBlock.php +299; includes/block/DatabaseBlock.php +295; includes/block/DatabaseBlock.php +303; includes/block/DatabaseBlock.php +305; includes/block/DatabaseBlock.php +310; includes/block/DatabaseBlock.php +312)" source="SecurityCheck-SQLInjection"/>
54 </file>
55 <file name="includes/changes/ChangesFeed.php">
56 <error line="115" severity="warning" message="Calling method \FeedItem::__construct() in \ChangesFeed::buildItems that outputs using tainted argument $[arg #5]. (Caused by: includes/changes/FeedItem.php +182) (Caused by: Builtin-\Message::escaped; includes/language/Message.php +994)" source="SecurityCheck-DoubleEscaped"/>
57 </file>
58 <file name="includes/changes/EnhancedChangesList.php">
59 <error line="756" severity="warning" message="Calling method \Html::rawElement() in \EnhancedChangesList::recentChangesBlockLine that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::rawElement) (Caused by: includes/changes/EnhancedChangesList.php +755)" source="SecurityCheck-DoubleEscaped"/>
60 </file>
61 <file name="includes/changes/FeedItem.php">
62 <error line="119" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getTitle that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/changes/FeedItem.php +119; includes/api/ApiFeedContributions.php +148; includes/changes/ChangesFeed.php +115; includes/api/ApiFeedWatchlist.php +157)" source="SecurityCheck-DoubleEscaped"/>
63 <error line="119" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getTitle that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/changes/FeedItem.php +119; includes/api/ApiFeedContributions.php +148; includes/changes/ChangesFeed.php +115; includes/api/ApiFeedWatchlist.php +157; includes/api/ApiFeedWatchlist.php +164; includes/actions/HistoryAction.php +457)" source="SecurityCheck-DoubleEscaped"/>
64 <error line="119" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getTitle that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/changes/FeedItem.php +119; includes/api/ApiFeedContributions.php +148; includes/changes/ChangesFeed.php +115; includes/api/ApiFeedWatchlist.php +157; includes/api/ApiFeedWatchlist.php +164; includes/actions/HistoryAction.php +457; includes/...)" source="SecurityCheck-DoubleEscaped"/>
65 <error line="145" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getDescription that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/api/ApiFeedContributions.php +148; includes/changes/FeedItem.php +145)" source="SecurityCheck-DoubleEscaped"/>
66 <error line="145" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getDescription that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/api/ApiFeedContributions.php +148; includes/changes/FeedItem.php +145; includes/actions/HistoryAction.php +457)" source="SecurityCheck-DoubleEscaped"/>
67 <error line="145" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getDescription that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/api/ApiFeedContributions.php +148; includes/changes/FeedItem.php +145; includes/actions/HistoryAction.php +457; includes/actions/HistoryAction.php +415)" source="SecurityCheck-DoubleEscaped"/>
68 <error line="145" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getDescription that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/api/ApiFeedContributions.php +148; includes/changes/FeedItem.php +145; includes/actions/HistoryAction.php +457; includes/actions/HistoryAction.php +415; includes/specials/SpecialNewpages.php +490)" source="SecurityCheck-DoubleEscaped"/>
69 <error line="182" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getAuthor that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/changes/FeedItem.php +182; includes/changes/ChangesFeed.php +115)" source="SecurityCheck-DoubleEscaped"/>
70 <error line="182" severity="warning" message="Calling method \FeedItem::xmlEncode() in \FeedItem::getAuthor that outputs using tainted argument $[arg #1]. (Caused by: includes/changes/FeedItem.php +78) (Caused by: includes/changes/FeedItem.php +182; includes/changes/ChangesFeed.php +115; includes/specials/SpecialNewpages.php +490)" source="SecurityCheck-DoubleEscaped"/>
71 </file>
72 <file name="includes/exception/HttpError.php">
73 <error line="122" severity="warning" message="Calling method \htmlspecialchars() in \HttpError::getHTML that outputs using tainted argument $[arg #1]. (Caused by: includes/exception/HttpError.php +122; includes/actions/RawAction.php +127)" source="SecurityCheck-DoubleEscaped"/>
74 <error line="122" severity="warning" message="Calling method \htmlspecialchars() in \HttpError::getHTML that outputs using tainted argument $[arg #1]. (Caused by: includes/exception/HttpError.php +122; includes/actions/RawAction.php +127; includes/actions/RawAction.php +152; includes/linkeddata/PageDataRequestHandler.php +75; includes/linkeddata/PageDataRequestHandler.php +92; includes/linkeddata/PageDataRequ...)" source="SecurityCheck-DoubleEscaped"/>
75 </file>
76 <file name="includes/htmlform/fields/HTMLFormFieldCloner.php">
77 <error line="391" severity="warning" message="Calling method \Html::rawElement() in \HTMLFormFieldCloner::getInputHTML that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::rawElement) (Caused by: includes/htmlform/fields/HTMLFormFieldCloner.php +390)" source="SecurityCheck-DoubleEscaped"/>
78 <error line="471" severity="warning" message="Calling method \Html::rawElement() in \HTMLFormFieldCloner::getInputOOUI that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::rawElement) (Caused by: includes/htmlform/fields/HTMLFormFieldCloner.php +470)" source="SecurityCheck-DoubleEscaped"/>
79 </file>
80 <file name="includes/installer/DatabaseInstaller.php">
81 <error line="643" severity="warning" message="Calling method \DatabaseInstaller::getPasswordBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +545) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
82 <error line="643" severity="warning" message="Calling method \DatabaseInstaller::getTextBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +518) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
83 <error line="645" severity="warning" message="Calling method \DatabaseInstaller::getTextBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +518) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
84 <error line="651" severity="warning" message="Calling method \DatabaseInstaller::getPasswordBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +545) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
85 </file>
86 <file name="includes/installer/DatabaseUpdater.php">
87 <error line="227" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/installer/DatabaseUpdater.php +227)" source="SecurityCheck-DoubleEscaped"/>
88 </file>
89 <file name="includes/installer/MssqlInstaller.php">
90 <error line="92" severity="warning" message="Calling method \MssqlInstaller::getPasswordBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
91 <error line="92" severity="warning" message="Calling method \MssqlInstaller::getRadioSet() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
92 <error line="92" severity="warning" message="Calling method \MssqlInstaller::getTextBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
93 <error line="100" severity="warning" message="Calling method \MssqlInstaller::getTextBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
94 <error line="102" severity="warning" message="Calling method \MssqlInstaller::getTextBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
95 <error line="104" severity="warning" message="Calling method \MssqlInstaller::getTextBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
96 <error line="109" severity="warning" message="Calling method \MssqlInstaller::getRadioSet() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
97 <error line="127" severity="warning" message="Calling method \MssqlInstaller::getTextBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
98 <error line="133" severity="warning" message="Calling method \MssqlInstaller::getPasswordBox() in \MssqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
99 <error line="325" severity="error" message="Calling method \Wikimedia\Rdbms\Database::query() in \MssqlInstaller::canCreateAccounts that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query)" source="SecurityCheck-SQLInjection"/>
100 <error line="368" severity="warning" message="Calling method \MssqlInstaller::getRadioSet() in \MssqlInstaller::getSettingsForm that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
101 <error line="375" severity="warning" message="Calling method \MssqlInstaller::getRadioSet() in \MssqlInstaller::getSettingsForm that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
102 </file>
103 <file name="includes/installer/MysqlInstaller.php">
104 <error line="82" severity="warning" message="Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
105 <error line="90" severity="warning" message="Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
106 <error line="92" severity="warning" message="Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
107 </file>
108 <file name="includes/installer/OracleInstaller.php">
109 <error line="67" severity="warning" message="Calling method \OracleInstaller::getTextBox() in \OracleInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
110 <error line="77" severity="warning" message="Calling method \OracleInstaller::getTextBox() in \OracleInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
111 </file>
112 <file name="includes/installer/PostgresInstaller.php">
113 <error line="64" severity="warning" message="Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
114 <error line="73" severity="warning" message="Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
115 <error line="79" severity="warning" message="Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
116 </file>
117 <file name="includes/installer/PostgresUpdater.php">
118 <error line="1071" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \PostgresUpdater::dropFkey that outputs using tainted argument $command. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/installer/PostgresUpdater.php +1070; includes/installer/PostgresUpdater.php +1066; includes/installer/PostgresUpdater.php +1062; includes/installer/PostgresUpdater.php +1068)" source="SecurityCheck-SQLInjection"/>
119 <error line="1093" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \PostgresUpdater::changeFkeyDeferrable that outputs using tainted argument $command. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/installer/PostgresUpdater.php +1092; includes/installer/PostgresUpdater.php +1089; includes/installer/PostgresUpdater.php +1080; includes/installer/PostgresUpdater.php +1088)" source="SecurityCheck-SQLInjection"/>
120 </file>
121 <file name="includes/installer/SqliteInstaller.php">
122 <error line="88" severity="warning" message="Calling method \SqliteInstaller::getTextBox() in \SqliteInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +518) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
123 <error line="93" severity="warning" message="Calling method \SqliteInstaller::getTextBox() in \SqliteInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +518) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
124 </file>
125 <file name="includes/installer/WebInstallerName.php">
126 <error line="58" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
127 <error line="58" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932) (Caused by: includes/installer/WebInstaller.php +692; includes/installer/WebInstallerName.php +56)" source="SecurityCheck-DoubleEscaped"/>
128 <error line="58" severity="warning" message="Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +970) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
129 <error line="58" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +805) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
130 <error line="59" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
131 <error line="59" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932) (Caused by: includes/installer/WebInstaller.php +692; includes/installer/WebInstallerName.php +56)" source="SecurityCheck-DoubleEscaped"/>
132 <error line="59" severity="warning" message="Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +970) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
133 <error line="59" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +805) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
134 <error line="67" severity="warning" message="Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +970) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
135 <error line="82" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +805) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
136 <error line="95" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +805) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
137 <error line="103" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
138 <error line="108" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932) (Caused by: includes/installer/WebInstaller.php +692; includes/installer/WebInstallerName.php +56)" source="SecurityCheck-DoubleEscaped"/>
139 </file>
140 <file name="includes/installer/WebInstallerOptions.php">
141 <error line="127" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932; includes/installer/WebInstallerName.php +58) (Caused by: includes/installer/WebInstallerOptions.php +125; includes/installer/WebInstallerOptions.php +121) (1092280 &amp;lt;- 567976)" source="SecurityCheckMulti"/>
142 <error line="128" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932; includes/installer/WebInstallerName.php +58) (Caused by: includes/installer/WebInstallerOptions.php +125; includes/installer/WebInstallerOptions.php +121) (1092280 &amp;lt;- 567976)" source="SecurityCheckMulti"/>
143 <error line="129" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932; includes/installer/WebInstallerName.php +58) (Caused by: includes/installer/WebInstallerOptions.php +125; includes/installer/WebInstallerOptions.php +121) (1092280 &amp;lt;- 567976)" source="SecurityCheckMulti"/>
144 <error line="145" severity="warning" message="Calling method \WebInstallerOptions::addHTML() in \WebInstallerOptions::execute that outputs using tainted argument $skinHtml. (Caused by: includes/installer/WebInstallerOptions.php +108; includes/installer/WebInstallerOptions.php +127; includes/installer/WebInstallerOptions.php +114; includes/installer/WebInstallerOptions.php +138; includes/installer/WebInstallerOptions.php +143; incl...)" source="SecurityCheck-XSS"/>
145 <error line="246" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932; includes/installer/WebInstallerName.php +58) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
146 <error line="246" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +805) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
147 <error line="248" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932; includes/installer/WebInstallerName.php +58) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
148 <error line="248" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +805) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
149 <error line="249" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932; includes/installer/WebInstallerName.php +58) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
150 <error line="256" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +805) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
151 <error line="263" severity="warning" message="Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +805) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
152 <error line="270" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932; includes/installer/WebInstallerName.php +58) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
153 <error line="271" severity="warning" message="Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +934; includes/installer/WebInstaller.php +932; includes/installer/WebInstallerName.php +58) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
154 <error line="298" severity="warning" message="Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +852) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
155 <error line="300" severity="warning" message="Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +852) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
156 <error line="314" severity="warning" message="Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +852) (Caused by: includes/installer/WebInstaller.php +692)" source="SecurityCheck-DoubleEscaped"/>
157 </file>
158 <file name="includes/jobqueue/utils/BacklinkJobUtils.php">
159 <error line="102" severity="error" message="Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument $[arg #1]. (Caused by: includes/cache/BacklinkCache.php +441) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)" source="SecurityCheck-SQLInjection"/>
160 <error line="112" severity="error" message="Calling method \BacklinkCache::getLinks() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument $[arg #1]. (Caused by: includes/cache/BacklinkCache.php +172) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)" source="SecurityCheck-SQLInjection"/>
161 </file>
162 <file name="includes/language/Message.php">
163 <error line="1396" severity="warning" message="Calling method \Message::extractParam() in \Message::formatListParam that outputs using tainted argument $[arg #1]. (Caused by: includes/language/Message.php +1204)" source="SecurityCheck-DoubleEscaped"/>
164 <error line="1396" severity="warning" message="Calling method \Message::extractParam() in \Message::formatListParam that outputs using tainted argument $[arg #1]. (Caused by: includes/language/Message.php +1204; includes/language/Message.php +1245)" source="SecurityCheck-DoubleEscaped"/>
165 </file>
166 <file name="includes/libs/rdbms/database/DatabasePostgres.php">
167 <error line="874" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \Wikimedia\Rdbms\DatabasePostgres::resetSequenceForTable that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query)" source="SecurityCheck-SQLInjection"/>
168 </file>
169 <file name="includes/linkeddata/PageDataRequestHandler.php">
170 <error line="75" severity="warning" message="Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php +122) (Caused by: includes/GlobalFunctions.php +1270)" source="SecurityCheck-DoubleEscaped"/>
171 <error line="92" severity="warning" message="Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php +122) (Caused by: includes/GlobalFunctions.php +1270; includes/linkeddata/PageDataRequestHandler.php +84)" source="SecurityCheck-DoubleEscaped"/>
172 <error line="98" severity="warning" message="Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php +122) (Caused by: includes/GlobalFunctions.php +1270; includes/linkeddata/PageDataRequestHandler.php +84; includes/linkeddata/PageDataRequestHandler.php +96)" source="SecurityCheck-DoubleEscaped"/>
173 <error line="147" severity="warning" message="Calling method \HttpError::__construct() in \PageDataRequestHandler::httpContentNegotiation that outputs using tainted argument $msg. (Caused by: includes/exception/HttpError.php +122) (Caused by: includes/linkeddata/PageDataRequestHandler.php +146)" source="SecurityCheck-DoubleEscaped"/>
174 </file>
175 <file name="includes/logging/BlockLogFormatter.php">
176 <error line="74" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/logging/BlockLogFormatter.php +32; includes/logging/BlockLogFormatter.php +59)" source="SecurityCheck-DoubleEscaped"/>
177 </file>
178 <file name="includes/media/ExifBitmapHandler.php">
179 <error line="66" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/media/ExifBitmapHandler.php +44; includes/media/ExifBitmapHandler.php +58; includes/media/ExifBitmapHandler.php +67; includes/media/ExifBitmapHandler.php +66) (1049600 &amp;lt;- 567976)" source="SecurityCheckMulti"/>
180 </file>
181 <file name="includes/media/FormatMetadata.php">
182 <error line="164" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/media/FormatMetadata.php +164)" source="SecurityCheck-DoubleEscaped"/>
183 <error line="941" severity="warning" message="Calling method \htmlspecialchars() in \FormatMetadata::makeFormattedData that outputs using tainted argument $val. (Caused by: includes/media/FormatMetadata.php +168; includes/media/FormatMetadata.php +183; includes/media/FormatMetadata.php +205; includes/media/FormatMetadata.php +223; includes/media/FormatMetadata.php +235; includes/media/FormatMetadata.php +248; includes/...)" source="SecurityCheck-DoubleEscaped"/>
184 <error line="952" severity="warning" message="Calling method \htmlspecialchars() in \FormatMetadata::makeFormattedData that outputs using tainted argument $val. (Caused by: includes/media/FormatMetadata.php +168; includes/media/FormatMetadata.php +183; includes/media/FormatMetadata.php +205; includes/media/FormatMetadata.php +223; includes/media/FormatMetadata.php +235; includes/media/FormatMetadata.php +248; includes/...)" source="SecurityCheck-DoubleEscaped"/>
185 <error line="974" severity="warning" message="Calling method \htmlspecialchars() in \FormatMetadata::makeFormattedData that outputs using tainted argument $[arg #1]. (Caused by: includes/media/FormatMetadata.php +168; includes/media/FormatMetadata.php +183; includes/media/FormatMetadata.php +205; includes/media/FormatMetadata.php +223; includes/media/FormatMetadata.php +235; includes/media/FormatMetadata.php +248; includes/...)" source="SecurityCheck-DoubleEscaped"/>
186 </file>
187 <file name="includes/page/ImagePage.php">
188 <error line="165" severity="warning" message="Calling method \OutputPage::addHTML() in \ImagePage::view that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/page/ImagePage.php +725; includes/page/ImagePage.php +701)" source="SecurityCheck-XSS"/>
189 </file>
190 <file name="includes/parser/PPFrame_DOM.php">
191 <error line="127" severity="warning" message="Calling method \wfEscapeWikiText() in \PPFrame_DOM::newChild that outputs using tainted argument $name. (Caused by: includes/GlobalFunctions.php +1549) (Caused by: includes/parser/PPFrame_DOM.php +125)" source="SecurityCheck-DoubleEscaped"/>
192 <error line="130" severity="warning" message="Calling method \wfEscapeWikiText() in \PPFrame_DOM::newChild that outputs using tainted argument $name. (Caused by: includes/GlobalFunctions.php +1549) (Caused by: includes/parser/PPFrame_DOM.php +125)" source="SecurityCheck-DoubleEscaped"/>
193 </file>
194 <file name="includes/parser/PPFrame_Hash.php">
195 <error line="119" severity="warning" message="Calling method \wfEscapeWikiText() in \PPFrame_Hash::newChild that outputs using tainted argument $name. (Caused by: includes/GlobalFunctions.php +1549) (Caused by: includes/parser/PPFrame_Hash.php +117)" source="SecurityCheck-DoubleEscaped"/>
196 <error line="122" severity="warning" message="Calling method \wfEscapeWikiText() in \PPFrame_Hash::newChild that outputs using tainted argument $name. (Caused by: includes/GlobalFunctions.php +1549) (Caused by: includes/parser/PPFrame_Hash.php +117)" source="SecurityCheck-DoubleEscaped"/>
197 </file>
198 <file name="includes/parser/Parser.php">
199 <error line="555" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +555)" source="SecurityCheck-DoubleEscaped"/>
200 <error line="762" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +762)" source="SecurityCheck-DoubleEscaped"/>
201 <error line="1428" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +1428)" source="SecurityCheck-DoubleEscaped"/>
202 <error line="1442" severity="warning" message="Calling method \Parser::doTableStuff() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1449) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442)" source="SecurityCheck-DoubleEscaped"/>
203 <error line="1442" severity="warning" message="Calling method \Parser::doTableStuff() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1449) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442)" source="SecurityCheck-DoubleEscaped"/>
204 <error line="1442" severity="warning" message="Calling method \Parser::doTableStuff() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1449) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442)" source="SecurityCheck-DoubleEscaped"/>
205 <error line="1442" severity="warning" message="Calling method \Parser::doTableStuff() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1449) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442)" source="SecurityCheck-DoubleEscaped"/>
206 <error line="1449" severity="warning" message="Calling method \Parser::replaceInternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +2239) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
207 <error line="1449" severity="warning" message="Calling method \Parser::replaceInternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +2239) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/parser/Parser.php +1449)" source="SecurityCheck-DoubleEscaped"/>
208 <error line="1449" severity="warning" message="Calling method \Parser::replaceInternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +2239) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/parser/Parser.php +1449)" source="SecurityCheck-DoubleEscaped"/>
209 <error line="1449" severity="warning" message="Calling method \Parser::replaceInternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +2239) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/parser/Parser.php +1449)" source="SecurityCheck-DoubleEscaped"/>
210 <error line="1449" severity="warning" message="Calling method \Parser::replaceInternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +2239) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/parser/Parser.php +1449)" source="SecurityCheck-DoubleEscaped"/>
211 <error line="1451" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1994) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
212 <error line="1451" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1994) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/parser/Parser.php +1449; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
213 <error line="1451" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1994) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/parser/Parser.php +1449; includes/parser/Parser.php +1451)" source="SecurityCheck-DoubleEscaped"/>
214 <error line="1451" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1994) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/parser/Parser.php +1449; includes/parser/Parser.php +1451)" source="SecurityCheck-DoubleEscaped"/>
215 <error line="1451" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::internalParse that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1994) (Caused by: includes/parser/Parser.php +1428; includes/parser/Parser.php +1442; includes/parser/Parser.php +1444; includes/parser/Parser.php +1449; includes/parser/Parser.php +1451)" source="SecurityCheck-DoubleEscaped"/>
216 <error line="1996" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +1994)" source="SecurityCheck-DoubleEscaped"/>
217 <error line="2018" severity="warning" message="Calling method \LanguageConverter::markNoConversion() in \Parser::replaceExternalLinks that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1728) (Caused by: includes/parser/Parser.php +1994; includes/parser/Parser.php +1996; includes/parser/Parser.php +2018)" source="SecurityCheck-DoubleEscaped"/>
218 <error line="2027" severity="warning" message="Calling method \Linker::makeExternalLink() in \Parser::replaceExternalLinks that outputs using tainted argument $text. (Caused by: includes/Linker.php +844) (Caused by: includes/parser/Parser.php +1994; includes/parser/Parser.php +1996; includes/parser/Parser.php +2018; includes/parser/Parser.php +2027)" source="SecurityCheck-DoubleEscaped"/>
219 <error line="2027" severity="warning" message="Calling method \Linker::makeExternalLink() in \Parser::replaceExternalLinks that outputs using tainted argument $text. (Caused by: includes/Linker.php +844) (Caused by: includes/parser/Parser.php +1994; includes/parser/Parser.php +1996; includes/parser/Parser.php +2027)" source="SecurityCheck-DoubleEscaped"/>
220 <error line="2238" severity="warning" message="Calling method \Parser::replaceInternalLinks2() in \Parser::replaceInternalLinks that outputs using tainted argument $s. (Caused by: includes/parser/Parser.php +2482) (Caused by: includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
221 <error line="2369" severity="warning" message="Calling method \Parser::maybeDoSubpageLink() in \Parser::replaceInternalLinks2 that outputs using tainted argument $text. (Caused by: includes/Linker.php +1384) (Caused by: includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
222 <error line="2421" severity="warning" message="Calling method \Parser::replaceInternalLinks2() in \Parser::replaceInternalLinks2 that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +2482) (Caused by: includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
223 <error line="2482" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +2482)" source="SecurityCheck-DoubleEscaped"/>
224 <error line="2482" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +2609; includes/parser/Parser.php +2609; includes/parser/Parser.php +2609; includes/parser/Parser.php +2609; includes/parser/Parser.php +2609; includes/parser/Parser.php +2609; includes/parser/Parser.php +2609; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
225 <error line="2482" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +3338; includes/parser/Parser.php +3338; includes/parser/Parser.php +3338; includes/parser/Parser.php +3338; includes/parser/Parser.php +2369; includes/parser/Parser.php +3338; includes/parser/Parser.php +3338; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
226 <error line="2482" severity="warning" message="Calling method \Parser::replaceExternalLinks() in \Parser::replaceInternalLinks2 that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1994) (Caused by: includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
227 <error line="2483" severity="warning" message="Calling method \Parser::replaceInternalLinks2() in \Parser::replaceInternalLinks2 that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +2482) (Caused by: includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/parser/Parser.php +2483; includes/parser/Parser.php +2482; includes/pa...)" source="SecurityCheck-DoubleEscaped"/>
228 <error line="3492" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +3489; includes/parser/Parser.php +3492)" source="SecurityCheck-DoubleEscaped"/>
229 <error line="3507" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +3489; includes/parser/Parser.php +3492; includes/parser/Parser.php +3500)" source="SecurityCheck-XSS"/>
230 <error line="6187" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Parser.php +6187)" source="SecurityCheck-DoubleEscaped"/>
231 </file>
232 <file name="includes/parser/Preprocessor_DOM.php">
233 <error line="99" severity="warning" message="Calling method \UtfNormal\Validator::cleanUp() in \Preprocessor_DOM::newPartNodeArray that outputs using tainted argument $xml. (Caused by: includes/media/DjVuImage.php +302) (Caused by: includes/parser/Preprocessor_DOM.php +83; includes/parser/Preprocessor_DOM.php +86; includes/parser/Preprocessor_DOM.php +91; includes/parser/Preprocessor_DOM.php +99)" source="SecurityCheck-DoubleEscaped"/>
234 <error line="176" severity="warning" message="Calling method \UtfNormal\Validator::cleanUp() in \Preprocessor_DOM::preprocessToObj that outputs using tainted argument $xml. (Caused by: includes/media/DjVuImage.php +302) (Caused by: includes/parser/Preprocessor_DOM.php +155)" source="SecurityCheck-DoubleEscaped"/>
235 </file>
236 <file name="includes/parser/Sanitizer.php">
237 <error line="1438" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/parser/Sanitizer.php +1438)" source="SecurityCheck-DoubleEscaped"/>
238 </file>
239 <file name="includes/preferences/DefaultPreferencesFactory.php">
240 <error line="351" severity="warning" message="HTMLForm label key escapes its input (Caused by: Builtin-\Message::parse; includes/language/Message.php +945)" source="SecurityCheck-DoubleEscaped"/>
241 <error line="707" severity="warning" message="HTMLForm option label needs escaping (Maybe false positive as could not determine if it was key or value that is unescaped) (Caused by: includes/preferences/DefaultPreferencesFactory.php +704)" source="SecurityCheck-XSS"/>
242 </file>
243 <file name="includes/specials/SpecialExpandTemplates.php">
244 <error line="130" severity="warning" message="Calling method \SpecialExpandTemplates::makeOutput() in \SpecialExpandTemplates::execute that outputs using tainted argument $rawhtml. (Caused by: includes/specials/SpecialExpandTemplates.php +227) (Caused by: includes/specials/SpecialExpandTemplates.php +128)" source="SecurityCheck-DoubleEscaped"/>
245 </file>
246 <file name="includes/specials/SpecialNewpages.php">
247 <error line="490" severity="warning" message="Calling method \FeedItem::__construct() in \SpecialNewpages::feedItem that outputs using tainted argument $[arg #2]. (Caused by: includes/changes/FeedItem.php +145) (Caused by: includes/specials/SpecialNewpages.php +519)" source="SecurityCheck-DoubleEscaped"/>
248 </file>
249 <file name="includes/specials/SpecialRecentChanges.php">
250 <error line="476" severity="warning" message="Calling method \Xml::tags() in \SpecialRecentChanges::doHeader that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Xml::tags) (Caused by: includes/specials/SpecialRecentChanges.php +469)" source="SecurityCheck-DoubleEscaped"/>
251 <error line="819" severity="warning" message="Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php +785)" source="SecurityCheck-DoubleEscaped"/>
252 <error line="916" severity="warning" message="Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php +785) (Caused by: Builtin-\Message::parse; includes/language/Message.php +945)" source="SecurityCheck-DoubleEscaped"/>
253 <error line="919" severity="warning" message="Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php +785) (Caused by: Builtin-\Message::parse; includes/language/Message.php +945)" source="SecurityCheck-DoubleEscaped"/>
254 </file>
255 <file name="includes/specials/SpecialStatistics.php">
256 <error line="277" severity="warning" message="Calling method \Language::formatNum() in \SpecialStatistics::getOtherStats that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstallerOptions.php +333)" source="SecurityCheck-DoubleEscaped"/>
257 <error line="279" severity="warning" message="Calling method \Language::formatNum() in \SpecialStatistics::getOtherStats that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstallerOptions.php +333)" source="SecurityCheck-DoubleEscaped"/>
258 </file>
259 <file name="includes/specials/SpecialVersion.php">
260 <error line="100" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/specials/SpecialVersion.php +100)" source="SecurityCheck-DoubleEscaped"/>
261 <error line="124" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/specials/SpecialVersion.php +124)" source="SecurityCheck-DoubleEscaped"/>
262 <error line="578" severity="warning" message="Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserTags that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +844) (Caused by: Builtin-\Message::parse; includes/language/Message.php +945)" source="SecurityCheck-DoubleEscaped"/>
263 <error line="584" severity="warning" message="Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserTags that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +844) (Caused by: Builtin-\Message::parse; includes/language/Message.php +945)" source="SecurityCheck-DoubleEscaped"/>
264 <error line="593" severity="warning" message="Assigning a tainted value to a variable that later does something unsafe with it (Caused by: includes/specials/SpecialVersion.php +593)" source="SecurityCheck-DoubleEscaped"/>
265 <error line="619" severity="warning" message="Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserFunctionHooks that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +844) (Caused by: Builtin-\Message::parse; includes/language/Message.php +945)" source="SecurityCheck-DoubleEscaped"/>
266 <error line="625" severity="warning" message="Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserFunctionHooks that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +844) (Caused by: Builtin-\Message::parse; includes/language/Message.php +945)" source="SecurityCheck-DoubleEscaped"/>
267 <error line="776" severity="warning" message="Calling method \Linker::makeExternalLink() in \SpecialVersion::getCreditsForExtension that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +844)" source="SecurityCheck-DoubleEscaped"/>
268 </file>
269 <file name="includes/specials/SpecialWhatLinksHere.php">
270 <error line="460" severity="warning" message="Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $prev. (Caused by: includes/specials/SpecialWhatLinksHere.php +442) (Caused by: includes/specials/SpecialWhatLinksHere.php +452)" source="SecurityCheck-DoubleEscaped"/>
271 <error line="464" severity="warning" message="Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $next. (Caused by: includes/specials/SpecialWhatLinksHere.php +442) (Caused by: includes/specials/SpecialWhatLinksHere.php +453)" source="SecurityCheck-DoubleEscaped"/>
272 <error line="472" severity="warning" message="Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $prettyLimit. (Caused by: includes/specials/SpecialWhatLinksHere.php +442) (Caused by: includes/specials/SpecialWhatLinksHere.php +470)" source="SecurityCheck-DoubleEscaped"/>
273 <error line="566" severity="warning" message="Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getFilterPanel that outputs using tainted argument $msg. (Caused by: includes/specials/SpecialWhatLinksHere.php +442) (Caused by: includes/specials/SpecialWhatLinksHere.php +564; includes/specials/SpecialWhatLinksHere.php +547; includes/specials/SpecialWhatLinksHere.php +548)" source="SecurityCheck-DoubleEscaped"/>
274 <error line="567" severity="warning" message="Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getFilterPanel that outputs using tainted argument $msg. (Caused by: includes/specials/SpecialWhatLinksHere.php +442) (Caused by: includes/specials/SpecialWhatLinksHere.php +564; includes/specials/SpecialWhatLinksHere.php +547; includes/specials/SpecialWhatLinksHere.php +548)" source="SecurityCheck-DoubleEscaped"/>
275 </file>
276 <file name="includes/specials/forms/UploadForm.php">
277 <error line="135" severity="warning" message="HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php +253)" source="SecurityCheck-XSS"/>
278 <error line="301" severity="warning" message="HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php +253)" source="SecurityCheck-XSS"/>
279 </file>
280 <file name="includes/specials/pagers/AllMessagesTablePager.php">
281 <error line="264" severity="warning" message="Calling method \MediaWiki\Linker\LinkRenderer::makeKnownLink() in \AllMessagesTablePager::formatValue that outputs using tainted argument $talkLink. (Caused by: Builtin-\MediaWiki\Linker\LinkRenderer::makeKnownLink) (Caused by: includes/specials/pagers/AllMessagesTablePager.php +253)" source="SecurityCheck-DoubleEscaped"/>
282 <error line="266" severity="warning" message="Calling method \MediaWiki\Linker\LinkRenderer::makeBrokenLink() in \AllMessagesTablePager::formatValue that outputs using tainted argument $talkLink. (Caused by: includes/linker/LinkRenderer.php +357) (Caused by: includes/specials/pagers/AllMessagesTablePager.php +253)" source="SecurityCheck-DoubleEscaped"/>
283 <error line="302" severity="warning" message="Calling method \Html::element() in \AllMessagesTablePager::formatRow that outputs using tainted argument $formatted. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/pagers/AllMessagesTablePager.php +296)" source="SecurityCheck-DoubleEscaped"/>
284 </file>
285 <file name="includes/specials/pagers/UsersPager.php">
286 <error line="177" severity="warning" message="Calling method \Linker::userLink() in \UsersPager::formatRow that outputs using tainted argument $userName. (Caused by: includes/Linker.php +918) (Caused by: includes/specials/pagers/UsersPager.php +175; includes/EditPage.php +3851; includes/EditPage.php +3878; includes/user/UserRightsProxy.php +130)" source="SecurityCheck-DoubleEscaped"/>
287 </file>
288 <file name="includes/user/User.php">
289 <error line="4519" severity="warning" message="Calling method \User::sendMail() in \User::sendConfirmationMail that outputs using tainted argument $[arg #4]. (Caused by: includes/user/User.php +4544) (Caused by: includes/user/User.php +4497)" source="SecurityCheck-XSS"/>
290 <error line="4776" severity="error" message="Calling method \Wikimedia\Rdbms\Database::selectField() in \User::getEditTimestamp that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::selectField) (Caused by: includes/user/User.php +4772)" source="SecurityCheck-SQLInjection"/>
291 <error line="5047" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::selectField() in \User::initEditCountInternal that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::selectField) (Caused by: includes/user/User.php +5046)" source="SecurityCheck-SQLInjection"/>
292 </file>
293 <file name="languages/Language.php">
294 <error line="4240" severity="warning" message="Calling method \htmlspecialchars() in \Language::convertHtml that outputs using tainted argument $[arg #1]. (Caused by: languages/Language.php +4185; languages/Language.php +4185; languages/Language.php +4240)" source="SecurityCheck-DoubleEscaped"/>
295 </file>
296 <file name="maintenance/convertLinks.php">
297 <error line="221" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \ConvertLinks::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/convertLinks.php +209; maintenance/convertLinks.php +205; maintenance/convertLinks.php +204; maintenance/convertLinks.php +158)" source="SecurityCheck-SQLInjection"/>
298 </file>
299 <file name="maintenance/populateContentTables.php">
300 <error line="219" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::select() in \PopulateContentTables::populateTable that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::select) (Caused by: maintenance/populateContentTables.php +218; maintenance/populateContentTables.php +217; maintenance/populateContentTables.php +201)" source="SecurityCheck-SQLInjection"/>
301 </file>
302 <file name="maintenance/refreshExternallinksIndex.php">
303 <error line="73" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RefreshExternallinksIndex::doDBUpdates that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance/refreshExternallinksIndex.php +71; maintenance/populateContentTables.php +201; maintenance/refreshExternallinksIndex.php +59)" source="SecurityCheck-SQLInjection"/>
304 </file>
305 <file name="maintenance/storage/compressOld.php">
306 <error line="331" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \CompressOld::compressWithConcat that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: includes/Title.php +3562; includes/Title.php +3562)" source="SecurityCheck-SQLInjection"/>
307 </file>
308</checkstyle>

It has 187 warnings, of which 165 are DoubleEscaped. This is way less than T216348#5185224.

Some of those are actual issues. However, I'd like to wait for seccheck 3.0 before starting to fix them.

Latest result with taint-check 3.0.1 (excluding roughly 120 DoubleEscaped warnings):

<checkstyle version="6.5">
  <file name="includes/OutputPage.php">
    <error line="2559" severity="warning" message="Echoing expression that was not html escaped (Caused by: includes/OutputPage.php +1611; includes/OutputPage.php +1589; includes/OutputPage.php +1598; includes/OutputPage.php +1970; includes/OutputPage.php +2559; includes/OutputPage.php +2653; includes/OutputPage.php +3981; includes/OutputPage.php +2843; i...)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/Revision/RevisionStore.php">
    <error line="2452" severity="error" message="Calling method \Wikimedia\Rdbms\DBConnRef::selectField() in \MediaWiki\Revision\RevisionStore::getRelativeRevision that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\DBConnRef::selectField)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="includes/export/WikiExporter.php">
    <error line="529" severity="warning" message="Calling method \DumpOutput::writeOpenPage() in \WikiExporter::outputPageStreamBatch that outputs using tainted argument $output. (Caused by: includes/export/DumpOutput.php +50) (Caused by: includes/export/WikiExporter.php +528)" source="SecurityCheck-XSS"/>
    <error line="532" severity="warning" message="Calling method \DumpOutput::writeRevision() in \WikiExporter::outputPageStreamBatch that outputs using tainted argument $output. (Caused by: includes/export/DumpOutput.php +65) (Caused by: includes/export/WikiExporter.php +531)" source="SecurityCheck-XSS"/>
    <error line="596" severity="warning" message="Calling method \DumpOutput::writeLogItem() in \WikiExporter::outputLogStream that outputs using tainted argument $output. (Caused by: includes/export/DumpOutput.php +73) (Caused by: includes/export/WikiExporter.php +595)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/installer/CliInstaller.php">
    <error line="233" severity="warning" message="Echoing expression that was not html escaped (Caused by: includes/installer/CliInstaller.php +253)" source="SecurityCheck-XSS"/>
    <error line="238" severity="warning" message="Echoing expression that was not html escaped (Caused by: includes/installer/CliInstaller.php +253)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/installer/PostgresUpdater.php">
    <error line="1113" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \PostgresUpdater::dropFkey that outputs using tainted argument $command. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/installer/PostgresUpdater.php +1112; includes/installer/PostgresUpdater.php +1108)" source="SecurityCheck-SQLInjection"/>
    <error line="1135" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \PostgresUpdater::changeFkeyDeferrable that outputs using tainted argument $command. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/installer/PostgresUpdater.php +1134; includes/installer/PostgresUpdater.php +1131)" source="SecurityCheck-SQLInjection"/>
    <error line="1144" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \PostgresUpdater::changeFkeyDeferrable that outputs using tainted argument $command. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/installer/PostgresUpdater.php +1134; includes/installer/PostgresUpdater.php +1131; includes/installer/PostgresUpdater.php +1141; includes/installer/PostgresUpdater.php +1133; includes/installer/PostgresUpdater.php +1131)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="includes/installer/WebInstallerOptions.php">
    <error line="217" severity="warning" message="Calling method \Message::rawParams() in \WebInstallerOptions::execute that outputs using tainted argument $ext. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/installer/WebInstallerOptions.php +160; includes/installer/WebInstallerOptions.php +175) (Param is raw)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/jobqueue/utils/BacklinkJobUtils.php">
    <error line="102" severity="error" message="Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument $[arg #1]. (Caused by: includes/cache/BacklinkCache.php +441) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)" source="SecurityCheck-SQLInjection"/>
    <error line="112" severity="error" message="Calling method \BacklinkCache::getLinks() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument $[arg #1]. (Caused by: includes/cache/BacklinkCache.php +172) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="includes/libs/rdbms/database/DatabasePostgres.php">
    <error line="835" severity="error" message="Calling method \Wikimedia\Rdbms\DatabasePostgres::query() in \Wikimedia\Rdbms\DatabasePostgres::resetSequencesForTable that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/libs/rdbms/database/DatabasePostgres.php +831)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="includes/libs/rdbms/database/DatabaseSqlite.php">
    <error line="1026" severity="error" message="Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Wikimedia\Rdbms\DatabaseSqlite::duplicateTableStructure that outputs using tainted argument $sql. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/libs/rdbms/database/DatabaseSqlite.php +1009; includes/libs/rdbms/database/DatabaseSqlite.php +1022)" source="SecurityCheck-SQLInjection"/>
    <error line="1052" severity="error" message="Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Wikimedia\Rdbms\DatabaseSqlite::duplicateTableStructure that outputs using tainted argument $sql. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/libs/rdbms/database/DatabaseSqlite.php +1042; includes/libs/rdbms/database/DatabaseSqlite.php +1041; includes/Storage/NameTableStore.php +384; includes/libs/rdbms/database/DatabaseSqlite.php +607; includes/libs/rdbms/database/DatabaseSqlite...)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="includes/logging/LogFormatter.php">
    <error line="255" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="260" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="273" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="277" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="304" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="310" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="314" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="320" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="335" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="348" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="353" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="372" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="376" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="383" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="406" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $duration. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +400) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="406" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="410" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="421" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $duration. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +414) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="421" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="430" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="434" severity="warning" message="Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/logging/LogPage.php">
    <error line="250" severity="warning" message="Calling method \Message::rawParams() in \LogPage::actionText that outputs using tainted argument $titleLink. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogPage.php +247) (Param is raw)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/page/ImagePage.php">
    <error line="165" severity="warning" message="Calling method \OutputPage::addHTML() in \ImagePage::view that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/page/ImagePage.php +733; includes/page/ImagePage.php +709)" source="SecurityCheck-XSS"/>
    <error line="510" severity="warning" message="Calling method \Message::rawParams() in \ImagePage::openShowImage that outputs using tainted argument $select. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/page/ImagePage.php +502) (Param is raw)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/parser/Parser.php">
    <error line="3511" severity="warning" message="Calling method \Parser::insertStripItem() in \Parser::braceSubstitution that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1230)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/preferences/DefaultPreferencesFactory.php">
    <error line="379" severity="warning" message="Calling method \Message::rawParams() in \MediaWiki\Preferences\DefaultPreferencesFactory::profilePreferences that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/preferences/DefaultPreferencesFactory.php +364; includes/preferences/DefaultPreferencesFactory.php +350; includes/preferences/DefaultPreferencesFactory.php +372) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="379" severity="warning" message="Calling method \Message::rawParams() in \MediaWiki\Preferences\DefaultPreferencesFactory::profilePreferences that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/preferences/DefaultPreferencesFactory.php +365; includes/preferences/DefaultPreferencesFactory.php +351; includes/preferences/DefaultPreferencesFactory.php +373) (Param is raw)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/resourceloader/ResourceLoader.php">
    <error line="917" severity="warning" message="Echoing expression that was not html escaped (Caused by: includes/resourceloader/ResourceLoader.php +870; includes/resourceloader/ResourceLoader.php +902)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/specials/SpecialContributions.php">
    <error line="579" severity="warning" message="HTMLForm option label needs escaping (for value 'associated') (Caused by: Builtin-\Message::text; includes/language/Message.php +952)" source="SecurityCheck-XSS"/>
    <error line="579" severity="warning" message="HTMLForm option label needs escaping (for value 'nsInvert') (Caused by: Builtin-\Message::text; includes/language/Message.php +952)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/specials/SpecialUserrights.php">
    <error line="677" severity="warning" message="Calling method \Message::rawParams() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/specials/SpecialUserrights.php +654; includes/specials/SpecialUserrights.php +650; includes/specials/SpecialUserrights.php +657; includes/specials/SpecialUserrights.php +650) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="677" severity="warning" message="Calling method \Message::rawParams() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/specials/SpecialUserrights.php +655; includes/specials/SpecialUserrights.php +651; includes/specials/SpecialUserrights.php +658; includes/specials/SpecialUserrights.php +651) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="682" severity="warning" message="Calling method \Message::rawParams() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/specials/SpecialUserrights.php +670) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="682" severity="warning" message="Calling method \Message::rawParams() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/specials/SpecialUserrights.php +671) (Param is raw)" source="SecurityCheck-XSS"/>
    <error line="757" severity="warning" message="Calling method \OutputPage::addHTML() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialUserrights.php +691; includes/specials/SpecialUserrights.php +695; includes/specials/SpecialUserrights.php +677; includes/specials/SpecialUserrights.php +704; includes/specials/SpecialUserrights.php +700; includes/specials/S...  includes/specials/SpecialUserrights.php +724)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/specials/SpecialVersion.php">
    <error line="153" severity="warning" message="Calling method \OutputPage::addHTML() in \SpecialVersion::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialVersion.php +495; includes/specials/SpecialVersion.php +483; includes/specials/SpecialVersion.php +491; includes/specials/SpecialVersion.php +493; includes/specials/SpecialVersion.php +469; includes/specials/SpecialVersion.php +436; includes/specials/SpecialVersion.php +460; includes/specials/SpecialVersion.php +465; includes/specials/SpecialVersion.php +467; includes/specials/SpecialVersion.php +600; includes/specials/SpecialVersion.php +642; includes/specials/SpecialVersion.php +671)" source="SecurityCheck-XSS"/>
  </file>
  <file name="includes/specials/forms/UploadForm.php">
    <error line="139" severity="warning" message="HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php +263)" source="SecurityCheck-XSS"/>
    <error line="306" severity="warning" message="HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php +263)" source="SecurityCheck-XSS"/>
  </file>
  <file name="maintenance/convertExtensionToRegistration.php">
    <error line="87" severity="warning" message="Argument to require, include or eval is user controlled (Caused by: maintenance/convertExtensionToRegistration.php +83)" source="SecurityCheck-OTHER"/>
  </file>
  <file name="maintenance/convertLinks.php">
    <error line="226" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \ConvertLinks::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/convertLinks.php +214; maintenance/convertLinks.php +210; maintenance/convertLinks.php +157; maintenance/convertLinks.php +206; maintenance/convertLinks.php +209; maintenance/convertLinks.php +162; includes/installer/MysqlUpdater.php +61...)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/fixTimestamps.php">
    <error line="54" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \FixTimestamps::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/fixTimestamps.php +48; maintenance/fixTimestamps.php +47)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/generateJsonI18n.php">
    <error line="71" severity="warning" message="Calling method \GenerateJsonI18n::transformI18nFile() in \GenerateJsonI18n::execute that outputs using tainted argument $phpfile. (Caused by: maintenance/generateJsonI18n.php +113) (Caused by: maintenance/generateJsonI18n.php +51; maintenance/generateJsonI18n.php +60; maintenance/generateJsonI18n.php +53)" source="SecurityCheck-OTHER"/>
    <error line="91" severity="warning" message="Calling method \GenerateJsonI18n::transformI18nFile() in \GenerateJsonI18n::execute that outputs using tainted argument $phpfile. (Caused by: maintenance/generateJsonI18n.php +113) (Caused by: maintenance/generateJsonI18n.php +51; maintenance/generateJsonI18n.php +60; maintenance/generateJsonI18n.php +53)" source="SecurityCheck-OTHER"/>
  </file>
  <file name="maintenance/includes/MigrateActors.php">
    <error line="316" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::update() in \MigrateActors::migrate that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::update) (Caused by: maintenance/includes/MigrateActors.php +306)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/mergeMessageFileList.php">
    <error line="170" severity="warning" message="Argument to require, include or eval is user controlled (Caused by: maintenance/mergeMessageFileList.php +159)" source="SecurityCheck-OTHER"/>
  </file>
  <file name="maintenance/migrateComments.php">
    <error line="105" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::insert() in \MigrateComments::loadCommentIDs that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::insert) (Caused by: maintenance/migrateComments.php +73)" source="SecurityCheck-SQLInjection"/>
    <error line="105" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::insert() in \MigrateComments::loadCommentIDs that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::insert) (Caused by: maintenance/migrateComments.php +73; maintenance/migrateComments.php +169; maintenance/migrateComments.php +97; maintenance/migrateComments.php +263; maintenance/migrateComments.php +97; maintenance/migrateComments.php +265; maintenance/migrateComme...)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/nukeNS.php">
    <error line="62" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukeNS::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukeNS.php +54)" source="SecurityCheck-SQLInjection"/>
    <error line="72" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukeNS::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukeNS.php +69)" source="SecurityCheck-SQLInjection"/>
    <error line="88" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukeNS::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukeNS.php +69)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/nukePage.php">
    <error line="63" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukePage::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukePage.php +56)" source="SecurityCheck-SQLInjection"/>
    <error line="74" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukePage::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukePage.php +56)" source="SecurityCheck-SQLInjection"/>
    <error line="77" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \NukePage::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/nukePage.php +56)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/populateContentModel.php">
    <error line="61" severity="error" message="Calling method \PopulateContentModel::populateRevisionOrArchive() in \PopulateContentModel::execute that outputs using tainted argument $table. (Caused by: maintenance/populateContentModel.php +229) (Caused by: maintenance/populateContentModel.php +57)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/populateContentTables.php">
    <error line="217" severity="error" message="Calling method \Wikimedia\Rdbms\IDatabase::select() in \PopulateContentTables::populateTable that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::select) (Caused by: maintenance/populateContentTables.php +216; maintenance/populateContentTables.php +215; maintenance/populateContentTables.php +199)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/recountCategories.php">
    <error line="126" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues() in \RecountCategories::doWork that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues) (Caused by: maintenance/recountCategories.php +117; maintenance/recountCategories.php +82)" source="SecurityCheck-SQLInjection"/>
    <error line="126" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues() in \RecountCategories::doWork that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues) (Caused by: maintenance/recountCategories.php +117; maintenance/recountCategories.php +82; maintenance/recountCategories.php +145)" source="SecurityCheck-SQLInjection"/>
    <error line="161" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::update() in \RecountCategories::doWork that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::update) (Caused by: includes/jobqueue/JobQueueDB.php +643; maintenance/recountCategories.php +160; maintenance/recountCategories.php +82)" source="SecurityCheck-SQLInjection"/>
    <error line="161" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::update() in \RecountCategories::doWork that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::update) (Caused by: maintenance/recountCategories.php +82; includes/jobqueue/JobQueueDB.php +643; maintenance/recountCategories.php +160; maintenance/recountCategories.php +160)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/refreshExternallinksIndex.php">
    <error line="73" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RefreshExternallinksIndex::doDBUpdates that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance/refreshExternallinksIndex.php +71; maintenance/populateContentTables.php +199; maintenance/refreshExternallinksIndex.php +59)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/runBatchedQuery.php">
    <error line="80" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RunBatchedQuery::execute that outputs using tainted argument $key. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance/runBatchedQuery.php +51)" source="SecurityCheck-SQLInjection"/>
    <error line="80" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RunBatchedQuery::execute that outputs using tainted argument $table. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance/runBatchedQuery.php +50)" source="SecurityCheck-SQLInjection"/>
    <error line="81" severity="error" message="ORDER BY clause is user controlled (Caused by: maintenance/runBatchedQuery.php +51) (Originally at: maintenance/runBatchedQuery.php:80)" source="SecurityCheck-SQLInjection"/>
    <error line="97" severity="error" message="IDatabase::makeList with LIST_AND, LIST_OR or LIST_SET must sql escape string key names and values of numeric keys (Caused by: maintenance/runBatchedQuery.php +87; maintenance/runBatchedQuery.php +92)" source="SecurityCheck-SQLInjection"/>
    <error line="99" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \RunBatchedQuery::execute that outputs using tainted argument $query. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/runBatchedQuery.php +95; maintenance/runBatchedQuery.php +52)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/runScript.php">
    <error line="64" severity="warning" message="Argument to require, include or eval is user controlled (Caused by: maintenance/runScript.php +57)" source="SecurityCheck-OTHER"/>
  </file>
  <file name="maintenance/sql.php">
    <error line="112" severity="error" message="Calling method \MwSql::sqlDoQuery() in \MwSql::execute that outputs using tainted argument $query. (Caused by: maintenance/sql.php +174) (Caused by: maintenance/sql.php +111)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/sqlite.inc">
    <error line="80" severity="error" message="Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Sqlite::checkSqlSyntax that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/Storage/NameTableStore.php +384; includes/libs/rdbms/database/DatabaseSqlite.php +607; includes/libs/rdbms/database/DatabaseSqlite.php +783; includes/libs/rdbms/database/DatabaseSqlite.php +1030; includes/libs/rdbms/database/DatabaseSqlite....)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/storage/compressOld.php">
    <error line="328" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \CompressOld::compressWithConcat that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: includes/resourceloader/ResourceLoaderWikiModule.php +440; maintenance/checkBadRedirects.php +49; maintenance/deleteOldRevisions.php +64; maintenance/orphans.php +160; includes/CategoryFinder.php +216; includes/CategoryFinder.php +248; includes/api/ApiQueryInfo.php +755; includes/api/ApiQueryAllPages.php +217; includes/api/ApiQueryAllPages.php +226; includes/api/ApiQueryBacklinks.php +182; includes/api/ApiQueryBac...)" source="SecurityCheck-SQLInjection"/>
  </file>
  <file name="maintenance/uppercaseTitlesForUnicodeTransition.php">
    <error line="153" severity="warning" message="Argument to require, include or eval is user controlled (Caused by: maintenance/uppercaseTitlesForUnicodeTransition.php +146)" source="SecurityCheck-OTHER"/>
  </file>
</checkstyle>

Change 589891 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/core@master] maintenance: Add @return-taint none to getArg and getOption

https://gerrit.wikimedia.org/r/589891

Change 589891 merged by jenkins-bot:
[mediawiki/core@master] maintenance: Add @return-taint none to getArg and getOption

https://gerrit.wikimedia.org/r/589891

It is possible that the new version of taint check taking mixed different as before? I seeing some false positive where mixed return type of functions seems to be involved.

<file name="maintenance\refreshExternallinksIndex.php">
  <error line="76" severity="error" message="Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RefreshExternallinksIndex::doDBUpdates that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance\refreshExternallinksIndex.php +74; maintenance\populateContentTables.php +199; maintenance\refreshExternallinksIndex.php +61)" source="SecurityCheck-SQLInjection"/>
</file>
		$start = $minmax->min - 1;
		$last = $minmax->max;
		$lbFactory = MediaWikiServices::getInstance()->getDBLoadBalancerFactory();
		while ( $start < $last ) {
			$end = min( $start + $this->mBatchSize, $last );      // <!-- php.net document min() as mixed return type - I hope that phan can see that this would return always an int as real type
			$this->output( "el_id $start - $end of $last\n" );
			$res = $dbw->select( 'externallinks', [ 'el_id', 'el_to', 'el_index' ],
				[
					"el_id > $start",
					"el_id <= $end",
				],
				__METHOD__,
				[ 'ORDER BY' => 'el_id' ]
			);

Or it is a issue with objects as $minmax is a object with two int fields.

<file name="includes\specials\pagers\ImageListPager.php">
  <error line="503" severity="warning" message="Calling method \MediaWiki\Linker\LinkRenderer::makeLink() in \ImageListPager::formatValue that outputs using tainted argument $name. (Caused by: Builtin-\MediaWiki\Linker\LinkRenderer::makeLink) (Caused by: includes\specials\pagers\ImageListPager.php +502)" source="SecurityCheck-DoubleEscaped"/>
</file>
					$name = User::whoIs( $this->mCurrentRow->img_user );
					$link = $linkRenderer->makeLink(
						Title::makeTitle( NS_USER, $name ),
						$name
					);

The $name seems save and correct as there is no escaping involved. User::whoIs takes it data from UserCache::getProp which is documented as mixed

Change 595234 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Avoid reuse of local variable in RevisionStore

https://gerrit.wikimedia.org/r/595234

Change 595237 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Use db abstraction layer in nukePage and nukeNS maintenance script

https://gerrit.wikimedia.org/r/595237

It is possible that the new version of taint check taking mixed different as before? I seeing some false positive where mixed return type of functions seems to be involved.

Not in taint-check directly, as it doesn't care about types, except for a very small part.

The call to min() isn't clearing the taint from its arguments, and that's indeed because the function returns mixed. Taint-check handles internal funcs that return min as if they just preserve the taint of the arguments, and that's what it does here. However, it's always been like this AFAIK.

The $name seems save and correct as there is no escaping involved.

I can't tell for sure. Taint-check does have several false positives, but it also analyzes things very deeply, and lots of times I have found it to be right even when it didn't seem so at first.

User::whoIs takes it data from UserCache::getProp which is documented as mixed

It might or might not be related. Unlike built-in PHP functions, method are analyzed thoroughly, and the return type only plays a tiny part.


As a side note, I suggest not to worry about taint-check issues for core. Many of those are false positives, and I'm focusing on them for the next release.

It is possible that the new version of taint check taking mixed different as before? I seeing some false positive where mixed return type of functions seems to be involved.

Not in taint-check directly, as it doesn't care about types, except for a very small part.

The call to min() isn't clearing the taint from its arguments, and that's indeed because the function returns mixed. Taint-check handles internal funcs that return min as if they just preserve the taint of the arguments, and that's what it does here. However, it's always been like this AFAIK.

But than it takes the taint of the arguments of min() different as in release before, but that looks all like int for me. Maybe needs a deeper check.

The $name seems save and correct as there is no escaping involved.

I can't tell for sure. Taint-check does have several false positives, but it also analyzes things very deeply, and lots of times I have found it to be right even when it didn't seem so at first.

User::whoIs takes it data from UserCache::getProp which is documented as mixed

It might or might not be related. Unlike built-in PHP functions, method are analyzed thoroughly, and the return type only plays a tiny part.

It seems that all user names are unsafe as seeing many places with users from the UserCache or from User::getName, very confusing. Seems also needs a deeper check.


As a side note, I suggest not to worry about taint-check issues for core. Many of those are false positives, and I'm focusing on them for the next release.

Not all, I just looking around and try to fix some of them.

It is possible that the new version of taint check taking mixed different as before? I seeing some false positive where mixed return type of functions seems to be involved.

Not in taint-check directly, as it doesn't care about types, except for a very small part.

The call to min() isn't clearing the taint from its arguments, and that's indeed because the function returns mixed. Taint-check handles internal funcs that return min as if they just preserve the taint of the arguments, and that's what it does here. However, it's always been like this AFAIK.

But than it takes the taint of the arguments of min() different as in release before

This is possible, but the current is intended behaviour.

, but that looks all like int for me. Maybe needs a deeper check.

Phan hardcodes min() as returning mixed, there's nothing we can do about that -- except add a special case, like "if all arguments to min() are integers, then the return value is an integer", but that should really live inside phan, not taint-check. There's no other "deeper check" that would work, take the following:

$min = min( ['<script>alert()</script>'], [42]);
echo $min[0];

It seems that all user names are unsafe as seeing many places with users from the UserCache or from User::getName, very confusing. Seems also needs a deeper check.

User names *are* unsafe, so nothing wrong here.

As a side note, I suggest not to worry about taint-check issues for core. Many of those are false positives, and I'm focusing on them for the next release.

Not all, I just looking around and try to fix some of them.

Yeah, I was just suggesting to wait for a release or two, because many issues are false positives, and there are many other false negatives that still don't show up.

It seems that all user names are unsafe as seeing many places with users from the UserCache or from User::getName, very confusing. Seems also needs a deeper check.

User names *are* unsafe, so nothing wrong here.

It seems is the other way round. User names are treated as safe and using it in places where escaping is known (as LinkRenderer::makeLink as second argument) it is reported as DoubleEscaped.
Also pass an user name to wfEscapeWikiText reports DoubleEscaped

It seems that all user names are unsafe as seeing many places with users from the UserCache or from User::getName, very confusing. Seems also needs a deeper check.

User names *are* unsafe, so nothing wrong here.

It seems is the other way round. User names are treated as safe and using it in places where escaping is known (as LinkRenderer::makeLink as second argument) it is reported as DoubleEscaped.
Also pass an user name to wfEscapeWikiText reports DoubleEscaped

Taint for User::mName is polluted by Wikimedia\IPUtils::sanitizeIP.
When comment out that statement in User::getName then many issues go away (including the one listed above from ImageListPager)

Change 595255 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Improve some message escaping on special pages

https://gerrit.wikimedia.org/r/595255

Change 595234 merged by jenkins-bot:
[mediawiki/core@master] Avoid reuse of local variable in RevisionStore

https://gerrit.wikimedia.org/r/595234

Change 595237 merged by jenkins-bot:
[mediawiki/core@master] Use db abstraction layer in nukePage and nukeNS maintenance script

https://gerrit.wikimedia.org/r/595237

Change 595255 abandoned by Umherirrender:
[mediawiki/core@master] Improve some message escaping on special pages

Reason:
Outdated and seems unneeded/unwanted

https://gerrit.wikimedia.org/r/595255

With mw-phan 0.10.4 we have 157 errors, 100 of which are DoubleEscaped:

phan 0.10.4
13:49:09 includes/AjaxDispatcher.php:112 UnusedSuppression Element \AjaxDispatcher::performAction suppresses issue SecurityCheck-XSS but does not use it
13:49:09 includes/CategoryViewer.php:193 SecurityCheck-DoubleEscaped Calling method \CategoryViewer::generateLink() in \CategoryViewer::addSubcategoryObject that outputs using tainted argument $[arg #4]. (Caused by: includes/CategoryViewer.php +212)
13:49:09 includes/GlobalFunctions.php:913 PhanRedundantCondition Redundant attempt to cast $wgDebugRawPage of type true to truthy
13:49:09 includes/GlobalFunctions.php:1310 PhanRedundantCondition Redundant attempt to cast $wgShowHostnames of type true to truthy
13:49:09 includes/OutputPage.php:2607 SecurityCheck-XSS Echoing expression that was not html escaped (Caused by: includes/OutputPage.php +1631; includes/OutputPage.php +1609; includes/OutputPage.php +1618; includes/OutputPage.php +2607; includes/OutputPage.php +2699; includes/OutputPage.php +4063; includes/OutputPage.php +2889; includes/OutputPage.php +2777; i...)
13:49:09 includes/actions/RawAction.php:127 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \RawAction::onView that outputs using tainted argument $msg. (Caused by: includes/exception/HttpError.php +125) (Caused by: includes/actions/RawAction.php +126)
13:49:09 includes/actions/RawAction.php:152 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \RawAction::onView that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php +125) (Caused by: includes/GlobalFunctions.php +1228)
13:49:09 includes/api/ApiCSPReport.php:190 SecurityCheck-DoubleEscaped Calling method \ApiCSPReport::error() in \ApiCSPReport::getReport that outputs using tainted argument $msg. (Caused by: includes/api/ApiCSPReport.php +254) (Caused by: includes/api/ApiCSPReport.php +186)
13:49:09 includes/api/ApiFormatPhp.php:36 UnusedSuppression Element \ApiFormatPhp::execute suppresses issue SecurityCheck-XSS but does not use it
13:49:09 includes/api/ApiHelp.php:311 SecurityCheck-DoubleEscaped Calling method \Html::element() in \ApiHelp::getHelpInternal that outputs using tainted argument $headerContent. (Caused by: Builtin-\Html::element) (Caused by: includes/api/ApiHelp.php +278; includes/api/ApiHelp.php +287)
13:49:09 includes/api/ApiTokens.php:42 PhanParamTooManyCallable Call with 1 arg(s) to Closure() (As a provided callable) which only takes 0 arg(s) defined at includes/api/ApiTokens.php:78
13:49:09 includes/config/EtcdConfig.php:110 PhanTypeArraySuspiciousNullable Suspicious array access to $this->procCache of nullable type array|null
13:49:09 includes/config/EtcdConfig.php:116 PhanTypeArraySuspiciousNullable Suspicious array access to $this->procCache of nullable type array|null
13:49:09 includes/config/EtcdConfig.php:125 PhanTypeArraySuspiciousNullable Suspicious array access to $this->procCache of nullable type array|array<string,non-empty-mixed>|null
13:49:09 includes/exception/HttpError.php:125 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \HttpError::getHTML that outputs using tainted argument $[arg #1]. (Caused by: includes/exception/HttpError.php +125; includes/actions/RawAction.php +127)
13:49:09 includes/exception/HttpError.php:125 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \HttpError::getHTML that outputs using tainted argument $[arg #1]. (Caused by: includes/exception/HttpError.php +125; includes/actions/RawAction.php +127; includes/actions/RawAction.php +152; includes/linkeddata/PageDataRequestHandler.php +76; includes/linkeddata/PageDataRequestHandler.php +93; includes/linkeddata/PageDataRequ...)
13:49:09 includes/exception/MWException.php:115 PhanRedundantCondition Redundant attempt to cast $wgShowExceptionDetails of type true to truthy
13:49:09 includes/exception/MWException.php:152 PhanRedundantCondition Redundant attempt to cast $wgShowExceptionDetails of type true to truthy
13:49:09 includes/export/WikiExporter.php:601 SecurityCheck-XSS Calling method \DumpOutput::writeLogItem() in \WikiExporter::outputLogStream that outputs using tainted argument $output. (Caused by: includes/export/DumpOutput.php +73) (Caused by: includes/export/WikiExporter.php +600)
13:49:09 includes/htmlform/fields/HTMLFormFieldCloner.php:400 SecurityCheck-DoubleEscaped Calling method \Html::rawElement() in \HTMLFormFieldCloner::getInputHTML that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::rawElement) (Caused by: includes/htmlform/fields/HTMLFormFieldCloner.php +399)
13:49:09 includes/htmlform/fields/HTMLFormFieldCloner.php:472 SecurityCheck-DoubleEscaped Calling method \Html::rawElement() in \HTMLFormFieldCloner::getInputOOUI that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::rawElement) (Caused by: includes/htmlform/fields/HTMLFormFieldCloner.php +471)
13:49:09 includes/installer/CliInstaller.php:246 SecurityCheck-XSS Echoing expression that was not html escaped (Caused by: includes/installer/CliInstaller.php +266)
13:49:09 includes/installer/CliInstaller.php:251 SecurityCheck-XSS Echoing expression that was not html escaped (Caused by: includes/installer/CliInstaller.php +266)
13:49:09 includes/installer/DatabaseInstaller.php:688 SecurityCheck-DoubleEscaped Calling method \DatabaseInstaller::getPasswordBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +589) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/DatabaseInstaller.php:688 SecurityCheck-DoubleEscaped Calling method \DatabaseInstaller::getTextBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +562) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/DatabaseInstaller.php:690 SecurityCheck-DoubleEscaped Calling method \DatabaseInstaller::getTextBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +562) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/DatabaseInstaller.php:696 SecurityCheck-DoubleEscaped Calling method \DatabaseInstaller::getPasswordBox() in \DatabaseInstaller::getInstallUserBox that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/DatabaseInstaller.php +589) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/Installer.php:1534 UnusedSuppression Element \Installer::includeExtensions suppresses issue SecurityCheck-OTHER but does not use it
13:49:09 includes/installer/Installer.php:1566 UnusedSuppression Element \Installer::getAutoExtensionLegacyHooks suppresses issue SecurityCheck-OTHER but does not use it
13:49:09 includes/installer/MysqlInstaller.php:82 SecurityCheck-DoubleEscaped Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/MysqlInstaller.php:90 SecurityCheck-DoubleEscaped Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/MysqlInstaller.php:92 SecurityCheck-DoubleEscaped Calling method \MysqlInstaller::getTextBox() in \MysqlInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/PostgresInstaller.php:65 SecurityCheck-DoubleEscaped Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/PostgresInstaller.php:74 SecurityCheck-DoubleEscaped Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/PostgresInstaller.php:80 SecurityCheck-DoubleEscaped Calling method \PostgresInstaller::getTextBox() in \PostgresInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/SqliteInstaller.php:90 SecurityCheck-DoubleEscaped Calling method \SqliteInstaller::getTextBox() in \SqliteInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/SqliteInstaller.php:95 SecurityCheck-DoubleEscaped Calling method \SqliteInstaller::getTextBox() in \SqliteInstaller::getConnectForm that outputs using tainted argument $[arg #4]. (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:58 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:58 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680; includes/installer/WebInstallerName.php +53; includes/installer/WebInstallerName.php +56)
13:49:09 includes/installer/WebInstallerName.php:58 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +958) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:58 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +793) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:59 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:59 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680; includes/installer/WebInstallerName.php +53; includes/installer/WebInstallerName.php +56)
13:49:09 includes/installer/WebInstallerName.php:59 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +958) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:59 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +793) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:67 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getRadioSet() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +958) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:82 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +793) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:95 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +793) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:103 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerName.php:108 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerName::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680; includes/installer/WebInstallerName.php +53; includes/installer/WebInstallerName.php +56)
13:49:09 includes/installer/WebInstallerOptions.php:117 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getRadioElements() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +1015) (Caused by: includes/installer/WebInstallerOptions.php +114; includes/installer/WebInstallerOptions.php +113)
13:49:09 includes/installer/WebInstallerOptions.php:126 SecurityCheck-DoubleEscaped Calling method \WebInstallerOptions::makeScreenshotsLink() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #2]. (Caused by: includes/installer/WebInstallerOptions.php +353) (Caused by: includes/installer/WebInstallerOptions.php +124)
13:49:09 includes/installer/WebInstallerOptions.php:128 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \WebInstallerOptions::execute that outputs using tainted argument $skin. (Caused by: includes/installer/WebInstallerOptions.php +124)
13:49:09 includes/installer/WebInstallerOptions.php:130 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstallerOptions.php +126; includes/installer/WebInstallerOptions.php +128; includes/installer/WebInstallerOptions.php +124)
13:49:09 includes/installer/WebInstallerOptions.php:131 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstallerOptions.php +126; includes/installer/WebInstallerOptions.php +128; includes/installer/WebInstallerOptions.php +124)
13:49:09 includes/installer/WebInstallerOptions.php:132 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstallerOptions.php +126; includes/installer/WebInstallerOptions.php +128; includes/installer/WebInstallerOptions.php +124)
13:49:09 includes/installer/WebInstallerOptions.php:178 SecurityCheck-DoubleEscaped Calling method \Html::element() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::element) (Caused by: includes/installer/WebInstallerOptions.php +124; includes/installer/WebInstallerOptions.php +124; includes/installer/WebInstallerOptions.php +160; includes/installer/WebInstallerOptions.php +175)
13:49:09 includes/installer/WebInstallerOptions.php:200 SecurityCheck-DoubleEscaped Calling method \Html::element() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::element) (Caused by: includes/installer/WebInstallerOptions.php +199)
13:49:09 includes/installer/WebInstallerOptions.php:200 SecurityCheck-DoubleEscaped Calling method \Html::element() in \WebInstallerOptions::execute that outputs using tainted argument $name. (Caused by: Builtin-\Html::element) (Caused by: includes/installer/WebInstallerOptions.php +199)
13:49:09 includes/installer/WebInstallerOptions.php:209 SecurityCheck-DoubleEscaped Calling method \Html::element() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Html::element) (Caused by: includes/installer/WebInstallerOptions.php +199; includes/installer/WebInstallerOptions.php +208)
13:49:09 includes/installer/WebInstallerOptions.php:209 SecurityCheck-DoubleEscaped Calling method \Html::element() in \WebInstallerOptions::execute that outputs using tainted argument $name. (Caused by: Builtin-\Html::element) (Caused by: includes/installer/WebInstallerOptions.php +199; includes/installer/WebInstallerOptions.php +208)
13:49:09 includes/installer/WebInstallerOptions.php:217 SecurityCheck-XSS Calling method \Message::rawParams() in \WebInstallerOptions::execute that outputs using tainted argument $ext. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/installer/WebInstallerOptions.php +160; includes/installer/WebInstallerOptions.php +175) (Param is raw)
13:49:09 includes/installer/WebInstallerOptions.php:223 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstallerOptions.php +180; includes/installer/WebInstallerOptions.php +160; includes/installer/WebInstallerOptions.php +175; includes/installer/WebInstallerOptions.php +217; includes/installer/WebInstallerOptions.php +221; includes/installer/WebInstallerOptions.php +160; includes/installer/WebInstallerOptions.php +175; includes/installer/WebInstallerOptions.php +160; includes/installer/WebInstallerOptions.php +175)
13:49:09 includes/installer/WebInstallerOptions.php:236 SecurityCheck-DoubleEscaped Calling method \Xml::encodeJsVar() in \WebInstallerOptions::execute that outputs using tainted argument $dependencyMap. (Caused by: Builtin-\Xml::encodeJsVar) (Caused by: includes/installer/WebInstallerOptions.php +187; includes/installer/WebInstallerOptions.php +124; includes/installer/WebInstallerOptions.php +124; includes/installer/WebInstallerOptions.php +160; includes/installer/WebInstallerOptions.php +175; incl...)
13:49:09 includes/installer/WebInstallerOptions.php:237 SecurityCheck-DoubleEscaped Calling method \Xml::encodeJsVar() in \WebInstallerOptions::execute that outputs using tainted argument $dependencyMap. (Caused by: Builtin-\Xml::encodeJsVar) (Caused by: includes/installer/WebInstallerOptions.php +187; includes/installer/WebInstallerOptions.php +124; includes/installer/WebInstallerOptions.php +124; includes/installer/WebInstallerOptions.php +160; includes/installer/WebInstallerOptions.php +175; incl...)
13:49:09 includes/installer/WebInstallerOptions.php:250 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:250 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +793) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:252 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:252 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +793) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:253 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:260 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +793) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:267 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +793) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:274 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:275 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getCheckBox() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +922; includes/installer/WebInstaller.php +920) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:302 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +840) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:304 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +840) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/installer/WebInstallerOptions.php:318 SecurityCheck-DoubleEscaped Calling method \WebInstaller::getTextArea() in \WebInstallerOptions::execute that outputs using tainted argument $[arg #1]. (Caused by: includes/installer/WebInstaller.php +840) (Caused by: includes/installer/WebInstaller.php +680)
13:49:09 includes/jobqueue/utils/BacklinkJobUtils.php:102 SecurityCheck-SQLInjection Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument $[arg #1]. (Caused by: includes/cache/BacklinkCache.php +443) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)
13:49:09 includes/language/Message.php:916 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \Message::__toString that outputs using tainted argument $[arg #1]. (Caused by: includes/language/Message.php +272)
13:49:09 includes/language/Message.php:916 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \Message::__toString that outputs using tainted argument $[arg #1]. (Caused by: includes/language/Message.php +272; includes/language/Message.php +1299; includes/language/Message.php +1290)
13:49:09 includes/language/Message.php:1377 SecurityCheck-DoubleEscaped Calling method \Message::extractParam() in \Message::formatListParam that outputs using tainted argument $[arg #1]. (Caused by: includes/language/Message.php +1190; includes/language/Message.php +1226)
13:49:09 includes/libs/rdbms/database/DatabaseSqlite.php:1030 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Wikimedia\Rdbms\DatabaseSqlite::duplicateTableStructure that outputs using tainted argument $sql. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/libs/rdbms/database/DatabaseSqlite.php +1013; includes/libs/rdbms/database/DatabaseSqlite.php +1026)
13:49:09 includes/libs/rdbms/database/DatabaseSqlite.php:1064 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Wikimedia\Rdbms\DatabaseSqlite::duplicateTableStructure that outputs using tainted argument $sql. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/libs/rdbms/database/DatabaseSqlite.php +1050; includes/libs/rdbms/database/DatabaseSqlite.php +1049; includes/Storage/NameTableStore.php +384; includes/libs/rdbms/database/DatabaseSqlite.php +606; includes/libs/rdbms/database/DatabaseSqlite...)
13:49:09 includes/libs/rdbms/database/resultwrapper/FakeResultWrapper.php:42 PhanTypeArraySuspiciousNullable Suspicious array access to $this->result of nullable type \stdClass[]|array[]|null
13:49:09 includes/libs/rdbms/lbfactory/LBFactory.php:455 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleConditionInLoop on this line but this suppression is unused or suppressed elsewhere
13:49:09 includes/libs/stats/BufferingStatsdDataFactory.php:79 PhanUndeclaredMethod Call to undeclared method \Liuggio\StatsdClient\Entity\StatsdDataInterface::setKey (Did you mean expr->getKey())
13:49:09 includes/libs/stats/BufferingStatsdDataFactory.php:82 PhanUndeclaredMethod Call to undeclared method \Liuggio\StatsdClient\Entity\StatsdDataInterface::setValue (Did you mean expr->getValue())
13:49:09 includes/libs/stats/BufferingStatsdDataFactory.php:85 PhanUndeclaredMethod Call to undeclared method \Liuggio\StatsdClient\Entity\StatsdDataInterface::setMetric (Did you mean expr->getMetric())
13:49:09 includes/linkeddata/PageDataRequestHandler.php:76 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php +125) (Caused by: includes/GlobalFunctions.php +1228)
13:49:09 includes/linkeddata/PageDataRequestHandler.php:93 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php +125) (Caused by: includes/GlobalFunctions.php +1228; includes/linkeddata/PageDataRequestHandler.php +85)
13:49:09 includes/linkeddata/PageDataRequestHandler.php:99 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \PageDataRequestHandler::handleRequest that outputs using tainted argument $[arg #2]. (Caused by: includes/exception/HttpError.php +125) (Caused by: includes/GlobalFunctions.php +1228; includes/linkeddata/PageDataRequestHandler.php +97)
13:49:09 includes/linkeddata/PageDataRequestHandler.php:150 SecurityCheck-DoubleEscaped Calling method \HttpError::__construct() in \PageDataRequestHandler::httpContentNegotiation that outputs using tainted argument $msg. (Caused by: includes/exception/HttpError.php +125) (Caused by: includes/linkeddata/PageDataRequestHandler.php +149)
13:49:09 includes/logging/BlockLogFormatter.php:98 SecurityCheck-XSS Calling method \Message::rawParams() in \BlockLogFormatter::getMessageParameters that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/BlockLogFormatter.php +82) (Param is raw)
13:49:09 includes/logging/BlockLogFormatter.php:104 SecurityCheck-XSS Calling method \Message::rawParams() in \BlockLogFormatter::getMessageParameters that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/BlockLogFormatter.php +87) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:263 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:268 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:281 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:285 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:308 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:314 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:318 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:324 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:339 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:352 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:357 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:376 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:380 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:387 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:410 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $duration. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +404) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:410 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:414 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:425 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $duration. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +418) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:425 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:434 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogFormatter.php:438 SecurityCheck-XSS Calling method \Message::rawParams() in \LogFormatter::getIRCActionText that outputs using tainted argument $target. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogFormatter.php +255) (Param is raw)
13:49:09 includes/logging/LogPage.php:255 SecurityCheck-XSS Calling method \Message::rawParams() in \LogPage::actionText that outputs using tainted argument $titleLink. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/logging/LogPage.php +252) (Param is raw)
13:49:09 includes/media/ExifBitmapHandler.php:75 SecurityCheck-DoubleEscaped Calling method \FormatMetadata::flattenArrayReal() in \ExifBitmapHandler::convertMetadataVersion that outputs using tainted argument $val. (Caused by: includes/media/FormatMetadata.php +1205) (Caused by: includes/media/ExifBitmapHandler.php +73)
13:49:09 includes/page/ImagePage.php:172 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \ImagePage::view that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/page/ImagePage.php +724; includes/page/ImagePage.php +700)
13:49:09 includes/page/ImagePage.php:449 SecurityCheck-DoubleEscaped Calling method \Linker::makeThumbLinkObj() in \ImagePage::openShowImage that outputs using tainted argument $link. (Caused by: includes/Linker.php +504) (Caused by: includes/page/ImagePage.php +443)
13:49:09 includes/page/ImagePage.php:469 SecurityCheck-DoubleEscaped Calling method \Linker::makeThumbLinkObj() in \ImagePage::openShowImage that outputs using tainted argument $link. (Caused by: includes/Linker.php +504) (Caused by: includes/page/ImagePage.php +463)
13:49:09 includes/parser/CoreTagHooks.php:58 UnusedSuppression Element \CoreTagHooks::pre suppresses issue SecurityCheck-XSS but does not use it
13:49:09 includes/parser/PPTemplateFrame_Hash.php:65 PhanTypeMismatchForeach float|int passed to foreach instead of array
13:49:09 includes/parser/Parser.php:3246 SecurityCheck-XSS Calling method \Parser::insertStripItem() in \Parser::braceSubstitution that outputs using tainted argument $text. (Caused by: includes/parser/Parser.php +1304) (Caused by: includes/parser/Parser.php +2995; includes/parser/Parser.php +3089; includes/parser/Parser.php +2995; includes/parser/Parser.php +3191; includes/parser/Parser.php +3170; includes/parser/Parser.php +3080; includes/parser/Parser.php +3133; includes/pa...)
13:49:09 includes/parser/Parser.php:3249 SecurityCheck-DoubleEscaped Calling method \wfEscapeWikiText() in \Parser::braceSubstitution that outputs using tainted argument $text. (Caused by: includes/GlobalFunctions.php +1494) (Caused by: includes/parser/Parser.php +2995; includes/parser/Parser.php +3089; includes/parser/Parser.php +2995; includes/parser/Parser.php +3191; includes/parser/Parser.php +3170; includes/parser/Parser.php +3080; includes/parser/Parser.php +3133; includes/pa...)
13:49:09 includes/preferences/DefaultPreferencesFactory.php:806 SecurityCheck-XSS HTMLForm option label needs escaping (Maybe false positive as could not determine if it was key or value that is unescaped) (Caused by: includes/preferences/DefaultPreferencesFactory.php +803)
13:49:09 includes/resourceloader/ResourceLoader.php:1137 PhanRedundantCondition Redundant attempt to cast $wgShowExceptionDetails of type true to truthy
13:49:09 includes/skins/Skin.php:2028 UnusedSuppression Element \Skin::doEditSectionLink suppresses issue SecurityCheck-XSS but does not use it
13:49:09 includes/specials/SpecialChangeCredentials.php:179 SecurityCheck-DoubleEscaped Calling method \Html::element() in \SpecialChangeCredentials::getAuthForm that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/SpecialChangeCredentials.php +177)
13:49:09 includes/specials/SpecialChangeCredentials.php:180 SecurityCheck-DoubleEscaped Calling method \Html::element() in \SpecialChangeCredentials::getAuthForm that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/SpecialChangeCredentials.php +177)
13:49:09 includes/specials/SpecialChangeCredentials.php:182 SecurityCheck-DoubleEscaped Calling method \Html::element() in \SpecialChangeCredentials::getAuthForm that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/SpecialChangeCredentials.php +177)
13:49:09 includes/specials/SpecialChangeCredentials.php:184 SecurityCheck-DoubleEscaped Calling method \Html::element() in \SpecialChangeCredentials::getAuthForm that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/SpecialChangeCredentials.php +177)
13:49:09 includes/specials/SpecialChangeCredentials.php:237 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Linker\LinkRenderer::makeLink() in \SpecialChangeCredentials::showSubpageList that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\MediaWiki\Linker\LinkRenderer::makeLink) (Caused by: includes/specials/SpecialChangeCredentials.php +236)
13:49:09 includes/specials/SpecialChangeCredentials.php:238 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Linker\LinkRenderer::makeLink() in \SpecialChangeCredentials::showSubpageList that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\MediaWiki\Linker\LinkRenderer::makeLink) (Caused by: includes/specials/SpecialChangeCredentials.php +236)
13:49:09 includes/specials/SpecialExpandTemplates.php:149 SecurityCheck-DoubleEscaped Calling method \SpecialExpandTemplates::makeOutput() in \SpecialExpandTemplates::execute that outputs using tainted argument $rawhtml. (Caused by: includes/specials/SpecialExpandTemplates.php +246) (Caused by: includes/specials/SpecialExpandTemplates.php +147)
13:49:09 includes/specials/SpecialRecentChanges.php:502 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \SpecialRecentChanges::outputChangesList that outputs using tainted argument $rclistOutput. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialRecentChanges.php +443; includes/specials/SpecialRecentChanges.php +443; includes/specials/SpecialRecentChanges.php +443; includes/specials/SpecialRecentChanges.php +490; includes/specials/SpecialRecentChanges.php +494)
13:49:09 includes/specials/SpecialRecentChanges.php:538 SecurityCheck-DoubleEscaped Calling method \Xml::tags() in \SpecialRecentChanges::doHeader that outputs using tainted argument $[arg #2]. (Caused by: Builtin-\Xml::tags) (Caused by: includes/specials/SpecialRecentChanges.php +531)
13:49:09 includes/specials/SpecialRecentChanges.php:814 SecurityCheck-DoubleEscaped Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php +780)
13:49:09 includes/specials/SpecialRecentChanges.php:911 SecurityCheck-DoubleEscaped Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php +780) (Caused by: Builtin-\Message::parse; includes/language/Message.php +929)
13:49:09 includes/specials/SpecialRecentChanges.php:914 SecurityCheck-DoubleEscaped Calling method \SpecialRecentChanges::makeOptionsLink() in \SpecialRecentChanges::optionsPanel that outputs using tainted argument $[arg #1]. (Caused by: includes/specials/SpecialRecentChanges.php +780) (Caused by: Builtin-\Message::parse; includes/language/Message.php +929)
13:49:09 includes/specials/SpecialUndelete.php:1137 SecurityCheck-XSS Calling method \Message::rawParams() in \SpecialUndelete::formatRevisionRow that outputs using tainted argument $pageLink. (Caused by: Builtin-\Message::rawParams) (Caused by: includes/specials/SpecialUndelete.php +1088; includes/specials/SpecialUndelete.php +1091; includes/specials/SpecialUndelete.php +1103; includes/specials/SpecialUndelete.php +1107) (Param is raw)
13:49:09 includes/specials/SpecialUserrights.php:776 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \UserrightsPage::showEditUserGroupsForm that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialUserrights.php +710; includes/specials/SpecialUserrights.php +714; includes/specials/SpecialUserrights.php +696; includes/specials/SpecialUserrights.php +723; includes/specials/SpecialUserrights.php +719; includes/specials/S...  includes/specials/SpecialUserrights.php +743)
13:49:09 includes/specials/SpecialVersion.php:642 SecurityCheck-DoubleEscaped Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserTags that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +846) (Caused by: Builtin-\Message::parse; includes/language/Message.php +929)
13:49:09 includes/specials/SpecialVersion.php:648 SecurityCheck-DoubleEscaped Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserTags that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +846) (Caused by: Builtin-\Message::parse; includes/language/Message.php +929)
13:49:09 includes/specials/SpecialVersion.php:683 SecurityCheck-DoubleEscaped Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserFunctionHooks that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +846) (Caused by: Builtin-\Message::parse; includes/language/Message.php +929)
13:49:09 includes/specials/SpecialVersion.php:689 SecurityCheck-DoubleEscaped Calling method \Linker::makeExternalLink() in \SpecialVersion::getParserFunctionHooks that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +846) (Caused by: Builtin-\Message::parse; includes/language/Message.php +929)
13:49:09 includes/specials/SpecialVersion.php:839 SecurityCheck-DoubleEscaped Calling method \Linker::makeExternalLink() in \SpecialVersion::getCreditsForExtension that outputs using tainted argument $[arg #2]. (Caused by: includes/Linker.php +846)
13:49:09 includes/specials/SpecialWatchlist.php:603 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \SpecialWatchlist::outputChangesList that outputs using tainted argument $s. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialWatchlist.php +558; includes/specials/SpecialWatchlist.php +558; includes/specials/SpecialWatchlist.php +558; includes/specials/SpecialWatchlist.php +598; includes/specials/SpecialWatchlist.php +601)
13:49:09 includes/specials/SpecialWatchlist.php:764 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \SpecialWatchlist::doHeader that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: Builtin-\Html::rawElement; Builtin-\Html::rawElement; Builtin-\Html::rawElement; Builtin-\Html::rawElement; includes/api/ApiFormatBase.php +276; includes/api/ApiFormatBase.php +283; includes/EditPage.php +3660; includes/EditPage.php +3020; includes/EditPage.php +3170; includes/EditPage.php +3173; includes/page/ImagePage.php +932...  includes/specials/SpecialWatchlist.php +748; includes/specials/SpecialWatchlist.php +628; includes/specials/SpecialWatchlist.php +633; includes/specials/SpecialWatchlist.php +634; includes/specials/SpecialWatchlist.php +638; includes/specials/SpecialWatchlist.php +628; includes/specials/Specia...)
13:49:09 includes/specials/SpecialWatchlist.php:776 SecurityCheck-XSS Calling method \OutputPage::addHTML() in \SpecialWatchlist::doHeader that outputs using tainted argument $form. (Caused by: Builtin-\OutputPage::addHTML) (Caused by: includes/specials/SpecialWatchlist.php +628; includes/specials/SpecialWatchlist.php +633; includes/specials/SpecialWatchlist.php +634; includes/specials/SpecialWatchlist.php +638; includes/specials/SpecialWatchlist.php +628; includes/specials/Specia...)
13:49:09 includes/specials/SpecialWhatLinksHere.php:444 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::wlhLink() in \SpecialWhatLinksHere::listItem that outputs using tainted argument $[arg #2]. (Caused by: includes/specials/SpecialWhatLinksHere.php +473) (Caused by: includes/specials/SpecialWhatLinksHere.php +400)
13:49:09 includes/specials/SpecialWhatLinksHere.php:444 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::wlhLink() in \SpecialWhatLinksHere::listItem that outputs using tainted argument $[arg #3]. (Caused by: includes/specials/SpecialWhatLinksHere.php +493) (Caused by: includes/specials/SpecialWhatLinksHere.php +400)
13:49:09 includes/specials/SpecialWhatLinksHere.php:528 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $prev. (Caused by: includes/specials/SpecialWhatLinksHere.php +510) (Caused by: includes/specials/SpecialWhatLinksHere.php +520)
13:49:09 includes/specials/SpecialWhatLinksHere.php:532 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $next. (Caused by: includes/specials/SpecialWhatLinksHere.php +510) (Caused by: includes/specials/SpecialWhatLinksHere.php +521)
13:49:09 includes/specials/SpecialWhatLinksHere.php:540 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getPrevNext that outputs using tainted argument $prettyLimit. (Caused by: includes/specials/SpecialWhatLinksHere.php +510) (Caused by: includes/specials/SpecialWhatLinksHere.php +538)
13:49:09 includes/specials/SpecialWhatLinksHere.php:634 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getFilterPanel that outputs using tainted argument $msg. (Caused by: includes/specials/SpecialWhatLinksHere.php +510) (Caused by: includes/specials/SpecialWhatLinksHere.php +632; includes/specials/SpecialWhatLinksHere.php +615; includes/specials/SpecialWhatLinksHere.php +616)
13:49:09 includes/specials/SpecialWhatLinksHere.php:635 SecurityCheck-DoubleEscaped Calling method \SpecialWhatLinksHere::makeSelfLink() in \SpecialWhatLinksHere::getFilterPanel that outputs using tainted argument $msg. (Caused by: includes/specials/SpecialWhatLinksHere.php +510) (Caused by: includes/specials/SpecialWhatLinksHere.php +632; includes/specials/SpecialWhatLinksHere.php +615; includes/specials/SpecialWhatLinksHere.php +616)
13:49:09 includes/specials/forms/UploadForm.php:177 SecurityCheck-XSS HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php +290)
13:49:09 includes/specials/forms/UploadForm.php:344 SecurityCheck-XSS HTMLForm info field in raw mode needs to escape default key (Caused by: includes/specials/SpecialUpload.php +290)
13:49:09 includes/specials/pagers/AllMessagesTablePager.php:301 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Linker\LinkRenderer::makeKnownLink() in \AllMessagesTablePager::formatValue that outputs using tainted argument $talkLink. (Caused by: Builtin-\MediaWiki\Linker\LinkRenderer::makeKnownLink) (Caused by: includes/specials/pagers/AllMessagesTablePager.php +291)
13:49:09 includes/specials/pagers/AllMessagesTablePager.php:303 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Linker\LinkRenderer::makeBrokenLink() in \AllMessagesTablePager::formatValue that outputs using tainted argument $talkLink. (Caused by: includes/linker/LinkRenderer.php +293) (Caused by: includes/specials/pagers/AllMessagesTablePager.php +291)
13:49:09 includes/specials/pagers/AllMessagesTablePager.php:339 SecurityCheck-DoubleEscaped Calling method \Html::element() in \AllMessagesTablePager::formatRow that outputs using tainted argument $formatted. (Caused by: Builtin-\Html::element) (Caused by: includes/specials/pagers/AllMessagesTablePager.php +333)
13:49:09 includes/user/User.php:316 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:338 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:494 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:775 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleCondition on this line but this suppression is unused or suppressed elsewhere
13:49:09 includes/user/User.php:824 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue PhanRedundantCondition on this line but this suppression is unused or suppressed elsewhere
13:49:09 includes/user/User.php:1489 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 languages/Language.php:4130 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \Language::translateBlockExpiry that outputs using tainted argument $[arg #1]. (Caused by: languages/Language.php +4128)
13:49:09 languages/Language.php:4137 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \Language::translateBlockExpiry that outputs using tainted argument $[arg #1]. (Caused by: languages/Language.php +4128; languages/Language.php +4135)
13:49:09 languages/LanguageConverter.php:1289 SecurityCheck-DoubleEscaped Calling method \htmlspecialchars() in \LanguageConverter::convertHtml that outputs using tainted argument $[arg #1]. (Caused by: languages/LanguageConverter.php +710; languages/LanguageConverter.php +710)
13:49:09 maintenance/Sqlite.php:81 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\DatabaseSqlite::query() in \Sqlite::checkSqlSyntax that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\Database::query) (Caused by: includes/Storage/NameTableStore.php +384; includes/libs/rdbms/database/DatabaseSqlite.php +606; includes/libs/rdbms/database/DatabaseSqlite.php +782; includes/libs/rdbms/database/DatabaseSqlite.php +1038; includes/libs/rdbms/database/DatabaseSqlite....)
13:49:09 maintenance/convertLinks.php:227 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\IMaintainableDatabase::query() in \ConvertLinks::execute that outputs using tainted argument $[arg #1]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::query) (Caused by: maintenance/convertLinks.php +215; maintenance/convertLinks.php +211; maintenance/convertLinks.php +158; maintenance/convertLinks.php +207; maintenance/convertLinks.php +210; maintenance/convertLinks.php +163; includes/installer/MysqlUpdater.php +68...)
13:49:09 maintenance/eval.php:78 SecurityCheck-OTHER Argument to require, include or eval is user controlled (Caused by: maintenance/eval.php +64)
13:49:09 maintenance/populateContentTables.php:217 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\IDatabase::select() in \PopulateContentTables::populateTable that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IDatabase::select) (Caused by: maintenance/populateContentTables.php +216; maintenance/populateContentTables.php +215; maintenance/populateContentTables.php +199)
13:49:09 maintenance/recountCategories.php:126 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues() in \RecountCategories::doWork that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::selectFieldValues) (Caused by: maintenance/recountCategories.php +117; maintenance/recountCategories.php +145)
13:49:09 maintenance/refreshExternallinksIndex.php:76 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \RefreshExternallinksIndex::doDBUpdates that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: maintenance/refreshExternallinksIndex.php +74; maintenance/populateContentTables.php +199; maintenance/refreshExternallinksIndex.php +61)
13:49:09 maintenance/runScript.php:64 SecurityCheck-OTHER Argument to require, include or eval is user controlled (Caused by: maintenance/runScript.php +57)
13:49:09 maintenance/storage/compressOld.php:330 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\IMaintainableDatabase::select() in \CompressOld::compressWithConcat that outputs using tainted argument $[arg #3]. (Caused by: Builtin-\Wikimedia\Rdbms\IMaintainableDatabase::select) (Caused by: includes/resourceloader/ResourceLoaderWikiModule.php +443; includes/page/PageArchive.php +569; includes/cache/MessageCache.php +535; includes/cache/MessageCache.php +535; includes/cache/MessageCache.php +580; maintenance/checkBadRedirects.php +55; m...  includes/cache/LinkCache.php +278; includes/cache/LinkCache.php +297; includes/Title.php +3460; includes/api/ApiQueryInfo.php +740; includes/api/ApiQueryAllPages.php +221; includes/api/ApiQueryAllPages.php +230; includes/api/ApiQueryBacklinks.php +1...)

Instead, if I use taint-check master, I get 218 errors, 125 of which are double-escaped. This is more similar to T216348#6007521, but I don't really know what caused it.

Guess we'll have to wait another bit.

13:49:09 includes/GlobalFunctions.php:913 PhanRedundantCondition Redundant attempt to cast $wgDebugRawPage of type true to truthy
13:49:09 includes/GlobalFunctions.php:1310 PhanRedundantCondition Redundant attempt to cast $wgShowHostnames of type true to truthy
13:49:09 includes/user/User.php:316 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:338 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:494 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy
13:49:09 includes/user/User.php:775 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue PhanImpossibleCondition on this line but this suppression is unused or suppressed elsewhere
13:49:09 includes/user/User.php:824 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue PhanRedundantCondition on this line but this suppression is unused or suppressed elsewhere
13:49:09 includes/user/User.php:1489 PhanImpossibleCondition Impossible attempt to cast $wgFullyInitialised of type ?''|?'0'|?0|?0.0|?array{}|?false to truthy

The globals are set by Installer and Maintenance and Setup, that seems to "leak" into the type check for all classes/files and results in the issues reports. Seems odd to suppress.

Is there a way to not leak types from one class to another?
Without taint phan does not have a problem with it.

Change 643978 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Add some int casts for queries in maintenance scripts

https://gerrit.wikimedia.org/r/643978

Change 643981 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Improve code around internal queries in sqlite database class

https://gerrit.wikimedia.org/r/643981

13:49:09 includes/jobqueue/utils/BacklinkJobUtils.php:102 SecurityCheck-SQLInjection Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument #1 (`$params['table']`). (Caused by: includes/cache/BacklinkCache.php +443) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)

This could be a false positive: Variable $params has taintedness: YES

Change 643978 merged by jenkins-bot:
[mediawiki/core@master] Add some int casts for queries in maintenance scripts

https://gerrit.wikimedia.org/r/643978

13:49:09 includes/jobqueue/utils/BacklinkJobUtils.php:102 SecurityCheck-SQLInjection Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument #1 (`$params['table']`). (Caused by: includes/cache/BacklinkCache.php +443) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)

This could be a false positive: Variable $params has taintedness: YES

The annotation still doesn't print the whole taintedness object. Could you please tryapplying the following hack to vendor/mediawiki/phan-taint-check-plugin/src/SecurityCheckPlugin.php

$msg = "Variable {CODE} has taintedness: {DETAILS}"; // Line 246
echo "\n\n$taint\n\n"; // Add this line

and then re-running phan. It should print the whole shape.

Change 643993 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/tools/phan/SecurityCheckPlugin@master] Don't leak global variables in global scope

https://gerrit.wikimedia.org/r/643993

13:49:09 includes/jobqueue/utils/BacklinkJobUtils.php:102 SecurityCheck-SQLInjection Calling method \BacklinkCache::partition() in \BacklinkJobUtils::partitionBacklinkJob that outputs using tainted argument #1 (`$params['table']`). (Caused by: includes/cache/BacklinkCache.php +443) (Caused by: includes/jobqueue/utils/BacklinkJobUtils.php +90)

This could be a false positive: Variable $params has taintedness: YES

The annotation still doesn't print the whole taintedness object. Could you please tryapplying the following hack to vendor/mediawiki/phan-taint-check-plugin/src/SecurityCheckPlugin.php

$msg = "Variable {CODE} has taintedness: {DETAILS}"; // Line 246
echo "\n\n$taint\n\n"; // Add this line

and then re-running phan. It should print the whole shape.

$taint is equal to {DETAILS}, but what about var_export( $var->taintedness )?

SecurityCheckPlugin\Taintedness::__set_state(array(
   'flags' => 43688,
   'dimTaint' =>
  array (
    'namespace' =>
    SecurityCheckPlugin\Taintedness::__set_state(array(
       'flags' => 0,
       'dimTaint' =>
      array (
      ),
       'unknownDimsTaint' => 0,
    )),
    'title' =>
    SecurityCheckPlugin\Taintedness::__set_state(array(
       'flags' => 0,
       'dimTaint' =>
      array (
      ),
       'unknownDimsTaint' => 0,
    )),
    'requestId' =>
    SecurityCheckPlugin\Taintedness::__set_state(array(
       'flags' => 43688,
       'dimTaint' =>
      array (
      ),
       'unknownDimsTaint' => 0,
    )),
  ),
   'unknownDimsTaint' => 0,
))

In Job.php:

$this->params = $params + [ 'requestId' => WebRequest::getRequestId() ];

When comment out that line, everything is fine ...

$taint is equal to {DETAILS}, but what about var_export( $var->taintedness )?

Oh yes, I meant $var->taintedness. No need to var_export it though, it has a __toString() which pretty-prints the object.

[ object snip ]

Seems like it's picking up taintedness in an offset it can't resolve.

In Job.php:

$this->params = $params + [ 'requestId' => WebRequest::getRequestId() ];

When comment out that line, everything is fine ...

I'd have to investigate, could you please copy these comments to a new task while I take a look?

Change 643996 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Add int casts/htmlspecialchars for prints in maintenance scripts

https://gerrit.wikimedia.org/r/643996

Change 644005 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Suppress taint-check in UploadForm

https://gerrit.wikimedia.org/r/644005

Change 644006 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Suppress taint-check in DefaultPreferencesFactory

https://gerrit.wikimedia.org/r/644006

Change 644017 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Annotate File::getDescriptionText to return safe html for taint-check

https://gerrit.wikimedia.org/r/644017

Change 644019 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Suppress taint-check issues in Parser

https://gerrit.wikimedia.org/r/644019

Change 644020 had a related patch set uploaded (by Umherirrender; owner: Umherirrender):
[mediawiki/core@master] Suppress taint-check issues in LogFormatter/LogPage

https://gerrit.wikimedia.org/r/644020

False positive:

13:49:09 includes/export/WikiExporter.php:601 SecurityCheck-XSS Calling method \DumpOutput::writeLogItem() in \WikiExporter::outputLogStream that outputs using tainted argument $output. (Caused by: includes/export/DumpOutput.php +73) (Caused by: includes/export/WikiExporter.php +600)

\Xml::elementClean needs to be part of taint-check similar to \Xml::element to fix this

The static Message::rawParam is not part of the taint-check. It is possible to rewrite ->rawParams() with ->params( Message:rawParam() ) to bypass the checks.

\Xml::elementClean needs to be part of taint-check similar to \Xml::element to fix this

! In T216348#6654152, @Umherirrender wrote:
The static Message::rawParam is not part of the taint-check. It is possible to rewrite ->rawParams() with ->params( Message:rawParam() ) to bypass the checks.

These can, and probably should, be annotated directly in MW core. I think we were moving away from hardcoded taint data.

Change 644006 merged by jenkins-bot:
[mediawiki/core@master] Suppress taint-check in DefaultPreferencesFactory

https://gerrit.wikimedia.org/r/644006

Change 644020 merged by jenkins-bot:
[mediawiki/core@master] Suppress taint-check issues in LogFormatter/LogPage

https://gerrit.wikimedia.org/r/644020