I'm getting a bunch of phan unneeded suppression errors on an unrelated patch:
15:56:59 includes/GlobalRename/GlobalRenameLogFormatter.php:23 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-DoubleEscaped on this line but this suppression is unused or suppressed elsewhere 15:56:59 includes/GlobalRename/GlobalRenameLogFormatter.php:27 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-DoubleEscaped on this line but this suppression is unused or suppressed elsewhere 15:56:59 includes/GlobalRename/GlobalRenameLogFormatter.php:30 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-DoubleEscaped on this line but this suppression is unused or suppressed elsewhere 15:56:59 includes/LogFormatter/GlobalUserMergeLogFormatter.php:19 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-XSS on this line but this suppression is unused or suppressed elsewhere 15:56:59 includes/LogFormatter/WikiSetLogFormatter.php:61 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-DoubleEscaped on this line but this suppression is unused or suppressed elsewhere 15:56:59 includes/LogFormatter/WikiSetLogFormatter.php:71 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-DoubleEscaped on this line but this suppression is unused or suppressed elsewhere 15:56:59 includes/LogFormatter/WikiSetLogFormatter.php:88 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-DoubleEscaped on this line but this suppression is unused or suppressed elsewhere 15:56:59 includes/LogFormatter/WikiSetLogFormatter.php:100 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-DoubleEscaped on this line but this suppression is unused or suppressed elsewhere 15:56:59 includes/LogFormatter/WikiSetLogFormatter.php:110 UnusedPluginSuppression Plugin BuiltinSuppressionPlugin suppresses issue SecurityCheck-DoubleEscaped on this line but this suppression is unused or suppressed elsewhere
If I try to remove the suppressions, I get errors about them not being there:
15:23:08 includes/GlobalRename/GlobalRenameLogFormatter.php:23 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getLocalWikiLink() in \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getMessageParameters that outputs using tainted argument #1 (`$params[3]`). (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +58; ../../includes/WikiMap/WikiMap.php +140; ../../includes/WikiMap/WikiMap.php +161; ../../includes/WikiMap/WikiMap.php +153; ../../includes/linker/Linker.php +1146; includes/GlobalRename/GlobalRenameLogFormatter.php +53; ../../includes/WikiMap/WikiMap.php +140; ../../includes/WikiMap/WikiMap.php +161; ../../includes/WikiMap/WikiMap.php +153; ../../includes/linker/Linker.php +1146) (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +20; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097) 15:23:08 includes/GlobalRename/GlobalRenameLogFormatter.php:23 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getLocalWikiLink() in \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getMessageParameters that outputs using tainted argument #2 (`$params[5]`). (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +58; includes/GlobalRename/GlobalRenameLogFormatter.php +53; ../../includes/WikiMap/WikiMap.php +140; ../../includes/WikiMap/WikiMap.php +161; ../../includes/WikiMap/WikiMap.php +153; ../../includes/linker/Linker.php +1146) (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +20; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097) 15:23:08 includes/GlobalRename/GlobalRenameLogFormatter.php:23 SecurityCheck-XSS Calling method \Message::rawParam() in \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getMessageParameters that outputs using tainted argument #1. (Caused by: ../../includes/language/Message.php +1145) (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +20; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +647; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +650; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +657; ../../includes/user/User.php +1598; ../../includes/user/User.php +424; ../../includes/user/User.php +415; ../../includes/libs/rdbms/querybuilder/SelectQueryBuilder.php +769; ../../includes/user/User.php +1607; ../../includes/logging/LogFormatter.php +665; ../../includes/language/Message.php +1060; includes/GlobalRename/GlobalRenameLogFormatter.php +55; includes/GlobalRename/GlobalRenameLogFormatter.php +53) 15:23:08 includes/GlobalRename/GlobalRenameLogFormatter.php:26 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getCentralAuthLink() in \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getMessageParameters that outputs using tainted argument #1 (`$params[3]`). (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +44; ../../includes/linker/LinkRenderer.php +179) (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +20; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097) 15:23:08 includes/GlobalRename/GlobalRenameLogFormatter.php:28 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getCentralAuthLink() in \MediaWiki\Extension\CentralAuth\GlobalRename\GlobalRenameLogFormatter::getMessageParameters that outputs using tainted argument #1 (`$params[4]`). (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +44; ../../includes/linker/LinkRenderer.php +179) (Caused by: includes/GlobalRename/GlobalRenameLogFormatter.php +20; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097) 15:23:08 includes/LogFormatter/GlobalUserMergeLogFormatter.php:19 SecurityCheck-XSS Calling method \Message::rawParam() in \MediaWiki\Extension\CentralAuth\LogFormatter\GlobalUserMergeLogFormatter::extractParameters that outputs using tainted argument #1. (Caused by: ../../includes/language/Message.php +1145) (Caused by: includes/LogFormatter/GlobalUserMergeLogFormatter.php +16; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +647; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +650; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +657; ../../includes/user/User.php +1598; ../../includes/user/User.php +424; ../../includes/user/User.php +415; ../../includes/libs/rdbms/querybuilder/SelectQueryBuilder.php +769; ../../includes/user/User.php +1607; ../../includes/logging/LogFormatter.php +665; ../../includes/language/Message.php +1060; ../../includes/language/Language.php +3310) 15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:61 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::formatWikiSetLink() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1 (`$params[3]`). (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +26) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097) 15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:61 SecurityCheck-XSS Calling method \Message::rawParam() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1. (Caused by: ../../includes/language/Message.php +1145) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +647; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +650; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +657; ../../includes/user/User.php +1598; ../../includes/user/User.php +424; ../../includes/user/User.php +415; ../../includes/libs/rdbms/querybuilder/SelectQueryBuilder.php +769; ../../includes/user/User.php +1607; ../../includes/logging/LogFormatter.php +665; ../../includes/language/Message.php +1060; includes/LogFormatter/WikiSetLogFormatter.php +28) 15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:70 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::formatWikiSetLink() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1 (`$params[3]`). (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +26) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097) 15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:70 SecurityCheck-XSS Calling method \Message::rawParam() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1. (Caused by: ../../includes/language/Message.php +1145) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +647; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +650; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +657; ../../includes/user/User.php +1598; ../../includes/user/User.php +424; ../../includes/user/User.php +415; ../../includes/libs/rdbms/querybuilder/SelectQueryBuilder.php +769; ../../includes/user/User.php +1607; ../../includes/logging/LogFormatter.php +665; ../../includes/language/Message.php +1060; includes/LogFormatter/WikiSetLogFormatter.php +28) 15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:86 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::formatWikiSetLink() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1 (`$params[3]`). (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +26) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097) 15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:86 SecurityCheck-XSS Calling method \Message::rawParam() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1. (Caused by: ../../includes/language/Message.php +1145) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +647; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +650; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +657; ../../includes/user/User.php +1598; ../../includes/user/User.php +424; ../../includes/user/User.php +415; ../../includes/libs/rdbms/querybuilder/SelectQueryBuilder.php +769; ../../includes/user/User.php +1607; ../../includes/logging/LogFormatter.php +665; ../../includes/language/Message.php +1060; includes/LogFormatter/WikiSetLogFormatter.php +28) 15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:97 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::formatWikiSetLink() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1 (`$params[3]`). (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +26) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097) 15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:97 SecurityCheck-XSS Calling method \Message::rawParam() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1. (Caused by: ../../includes/language/Message.php +1145) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +647; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +650; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +657; ../../includes/user/User.php +1598; ../../includes/user/User.php +424; ../../includes/user/User.php +415; ../../includes/libs/rdbms/querybuilder/SelectQueryBuilder.php +769; ../../includes/user/User.php +1607; ../../includes/logging/LogFormatter.php +665; ../../includes/language/Message.php +1060; includes/LogFormatter/WikiSetLogFormatter.php +28) 15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:106 SecurityCheck-DoubleEscaped Calling method \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::formatWikiSetLink() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1 (`$params[3]`). (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +26) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +644; ../../includes/language/Language.php +3311; ../../includes/language/Message.php +1097) 15:23:08 includes/LogFormatter/WikiSetLogFormatter.php:106 SecurityCheck-XSS Calling method \Message::rawParam() in \MediaWiki\Extension\CentralAuth\LogFormatter\WikiSetLogFormatter::extractParameters that outputs using tainted argument #1. (Caused by: ../../includes/language/Message.php +1145) (Caused by: includes/LogFormatter/WikiSetLogFormatter.php +50; ../../includes/logging/LogFormatter.php +572; ../../includes/logging/LogFormatter.php +554; ../../includes/logging/LogFormatter.php +685; ../../includes/logging/LogFormatter.php +647; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +650; ../../includes/language/Message.php +1060; ../../includes/logging/LogFormatter.php +657; ../../includes/user/User.php +1598; ../../includes/user/User.php +424; ../../includes/user/User.php +415; ../../includes/libs/rdbms/querybuilder/SelectQueryBuilder.php +769; ../../includes/user/User.php +1607; ../../includes/logging/LogFormatter.php +665; ../../includes/language/Message.php +1060; includes/LogFormatter/WikiSetLogFormatter.php +28)