CI fails for ULS and is blocking patches from being merged. See: https://integration.wikimedia.org/ci/job/mwext-php72-phan-docker/145858/console
Full error message:
13:13:37 includes/api/ApiULSSetLanguage.php:75 SecurityCheck-SQLInjection Calling method \MediaWiki\User\UserOptionsManager::setOption() in \ApiULSSetLanguage::execute that outputs using tainted argument #3 (`$languageCode`). (Caused by: ../../includes/user/UserOptionsManager.php +465; ../../includes/user/UserOptionsManager.php +204; Builtin-\Wikimedia\Rdbms\IDatabase::insert; ../../includes/user/UserOptionsManager.php +436; ../../includes/user/UserOptionsManager.php +428; ../../includes/user/UserOptionsManager.php +420; ../../includes/user/UserOptionsManager.php +204; ../../includes/language/LanguageCode.php +162; ../../includes/user/UserOptionsManager.php +565; ../../includes/user/UserOptionsManager.php +564; ../../includes/user/UserOptionsManager.php +540; ../../includes/user/UserOptionsManager.php +539; ...) (Caused by: includes/api/ApiULSSetLanguage.php +50; Builtin-\WebRequest::getText)
Same error appears for the following patches:
- 734888: Use HookHandlers | https://gerrit.wikimedia.org/r/c/mediawiki/extensions/UniversalLanguageSelector/+/734888
- 734766: MW 1.35: Re-add class attribute for ULS | https://gerrit.wikimedia.org/r/c/mediawiki/extensions/UniversalLanguageSelector/+/734766