See T248630#6003883
Description
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
Fix edge case with prop access confusing other parts of phan | mediawiki/tools/phan/SecurityCheckPlugin | master | +82 -22 |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Open | None | T175865 CentralNotice banner goes behind of global user page's top menu buttons | |||
Declined | None | T254277 Proposal: Stop collapsing Vector menu items under more menu and removal associated code | |||
Resolved | Jdlrobson | T71729 [collapsibleTabs] If a tab's width changes after initial page load, endless animation loop can happen | |||
Resolved | BUG REPORT | ovasileva | T253819 Regression: Dancing Search Bar in MediaWiki when menu is hidden | ||
Resolved | Daimona | T254079 phan-seccheck typeerror | |||
Resolved | Jdforrester-WMF | T248630 Upgrade phan to 0.10.2 and remove phan-taint-check-plugin | |||
Resolved | Daimona | T248742 Weird interaction between phan and taint-check: PhanUndeclaredVariable |
Event Timeline
Fortunately this was an easy fix. The code analyzing property access (e.g. $foo->bar) has a special case for when $foo is a stdClass: in this case, accessing a $foo->bar would transfer foo's taintedness to bar. However, the code doing that didn't check whether the LHS of -> is a variable, hence it tried to parse a variable from the LHS even in cases like Foo::myFunc( 'myParam' )->bar. In turn, this would create a bogus variable named $Foo which phan wouldn't recognize.
Change 584121 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/tools/phan/SecurityCheckPlugin@master] Fix edge case with prop access confusing other parts of phan
Change 584121 merged by jenkins-bot:
[mediawiki/tools/phan/SecurityCheckPlugin@master] Fix edge case with prop access confusing other parts of phan