CI output: https://integration.wikimedia.org/ci/job/mwext-php74-phan/18524/console
Relevant portion:
15:41:58 includes/Pages/CreatePage.php:123 SecurityCheck-XSS Calling method \MediaWiki\Linker\Linker::makeExternalLink() in \MediaWiki\Extension\SecurePoll\Pages\CreatePage::execute that outputs using tainted argument #2 (`$wiki`). (Caused by: ../../includes/linker/Linker.php +1150; annotations in \HtmlArmor::__construct) (Caused by: includes/Pages/CreatePage.php +118; annotations in \MediaWiki\Message\Message::text) 15:41:58 includes/Pages/TranslatePage.php:101 SecurityCheck-XSS Calling method \MediaWiki\Linker\Linker::makeExternalLink() in \MediaWiki\Extension\SecurePoll\Pages\TranslatePage::execute that outputs using tainted argument #2 (`$wiki`). (Caused by: ../../includes/linker/Linker.php +1150; annotations in \HtmlArmor::__construct) (Caused by: includes/Pages/TranslatePage.php +96; annotations in \MediaWiki\Message\Message::text) 15:41:58 includes/Pages/VoterEligibilityPage.php:127 SecurityCheck-XSS Calling method \MediaWiki\Linker\Linker::makeExternalLink() in \MediaWiki\Extension\SecurePoll\Pages\VoterEligibilityPage::execute that outputs using tainted argument #2 (`$wiki`). (Caused by: ../../includes/linker/Linker.php +1150; annotations in \HtmlArmor::__construct) (Caused by: includes/Pages/VoterEligibilityPage.php +122; annotations in \MediaWiki\Message\Message::text)
Relevant part of the code:
... $wiki = $this->election->getProperty( 'main-wiki' ); if ( $wiki ) { $wiki = WikiMap::getWikiName( $wiki ); } else { $wiki = $this->msg( 'securepoll-edit-redirect-otherwiki' )->text(); } $out->addWikiMsg( 'securepoll-edit-redirect', Message::rawParam( Linker::makeExternalLink( $jumpUrl, $wiki ) ) ); ...