HomePhabricator

build: Upgrade phan-taint-check-plugin from 1.5.x to 2.0.1

Authored by Jdforrester-WMF on Jul 10 2019, 11:31 PM.

Description

build: Upgrade phan-taint-check-plugin from 1.5.x to 2.0.1

The method ReplaceTextUtils::link (which is already complicated because
it tries to support ancient MediaWiki) can perform different levels of
escaping depending on whether the HtmlArmor class exists. This is confusing
for taint-check and for humans, and can inevitably lead to errors. Plus
it's bad practice to have a method returning something with a variable
level of taintedness, especially if that depends on something ephemeral
like if a class exists or not.

Thus, the HtmlArmor part is removed, the text is escaped for Linker::link,
and the method now requires non-escaped HTML to be passed in.

Change-Id: I6e2783827580e3d470d316f1d3879679eb67aeda

Details

Committed
DaimonaJul 11 2019, 2:36 PM
Parents
rERPTdddb12e32a43: Localisation updates from https://translatewiki.net.
Branches
Unknown
Tags
Unknown
ChangeId
I6e2783827580e3d470d316f1d3879679eb67aeda

Event Timeline