```
<checkstyle version="6.5">
<file name="./maintenance/renameUserCleanup.php">
<error line="320" severity="error" message="Calling method \Wikimedia\Rdbms\Database::update() in \RenameUserCleanup::updateTable that outputs using tainted argument $updateCondsWithTime. (Caused by: ./maintenance/renameUserCleanup.php +319)" source="SecurityCheck-SQLInjection"/>
</file>
</checkstyle>
```
>>! In T182599#3975418, @Bawolff wrote:
> However, Renameuser has a bunch of additional failures when run against the master branch of phan-taint-check. Basically RenameUserJob takes the table name and various column names for the sql queries from the job parameters, and since phan has no way of knowing if the job parameters are sane, this triggers sql injection warnings. Could probably be fixed by adding much `$dbw->addIdentifierQuotes`, or maybe we should just suppress errors on that method.