diff options
| author | Daimona Eaytoy <daimona.wiki@gmail.com> | 2023-03-23 13:37:02 +0100 |
|---|---|---|
| committer | Daimona Eaytoy <daimona.wiki@gmail.com> | 2023-05-20 11:39:55 +0200 |
| commit | 43fb8de8388e1f88ae06c0f3da90857f0e41a16d (patch) | |
| tree | b07a01c99c7718e6ada7490891873f9796c8a13f /includes/logging | |
| parent | ee166bc99af8396a44078fdade4158aeb6619074 (diff) | |
| download | mediawikicore-43fb8de8388e1f88ae06c0f3da90857f0e41a16d.tar.gz mediawikicore-43fb8de8388e1f88ae06c0f3da90857f0e41a16d.zip | |
language: Annotate list() methods as preserving taintedness
The $list parameter to the various *list() methods is not escaped by
these methods, so any taintedness in the argument is preserved by the
method and kept in the return value. taint-check has troubles figuring
this out on its own due to T274780, so annotate the parameters.
Note: once this is merged, taint-check could start failing on some
repos. Any errors would have a decent chance of being true positives.
Bug: T253879
Change-Id: I6cf56aca9760370cbeae19879e6b170b1cbd273f
Diffstat (limited to 'includes/logging')
| -rw-r--r-- | includes/logging/BlockLogFormatter.php | 33 |
1 files changed, 18 insertions, 15 deletions
diff --git a/includes/logging/BlockLogFormatter.php b/includes/logging/BlockLogFormatter.php index 1740b2c4a77e..70e7d209dd06 100644 --- a/includes/logging/BlockLogFormatter.php +++ b/includes/logging/BlockLogFormatter.php @@ -84,12 +84,14 @@ class BlockLogFormatter extends LogFormatter { // block restrictions if ( isset( $params[6] ) ) { $pages = $params[6]['pages'] ?? []; - $pages = array_map( function ( $page ) { - return $this->makePageLink( Title::newFromText( $page ) ); - }, $pages ); + $pageLinks = []; + foreach ( $pages as $page ) { + $pageLinks[] = $this->makePageLink( Title::newFromText( $page ) ); + } - $namespaces = $params[6]['namespaces'] ?? []; - $namespaces = array_map( function ( $ns ) { + $rawNamespaces = $params[6]['namespaces'] ?? []; + $namespaces = []; + foreach ( $rawNamespaces as $ns ) { $text = (int)$ns === NS_MAIN ? $this->msg( 'blanknamespace' )->escaped() : htmlspecialchars( $this->context->getLanguage()->getFormattedNsText( $ns ) ); @@ -97,26 +99,27 @@ class BlockLogFormatter extends LogFormatter { // Because the plaintext cannot link to the Special:AllPages // link that is linked to in non-plaintext mode, just return // the name of the namespace. - return $text; + $namespaces[] = $text; } else { - return $this->makePageLink( + $namespaces[] = $this->makePageLink( SpecialPage::getTitleFor( 'Allpages' ), [ 'namespace' => $ns ], $text ); } - }, $namespaces ); + } - $actions = $params[6]['actions'] ?? []; - $actions = array_map( function ( $actions ) { - return $this->msg( 'ipb-action-' . $actions )->escaped(); - }, $actions ); + $rawActions = $params[6]['actions'] ?? []; + $actions = []; + foreach ( $rawActions as $action ) { + $actions[] = $this->msg( 'ipb-action-' . $action )->escaped(); + } $restrictions = []; - if ( $pages ) { + if ( $pageLinks ) { $restrictions[] = $this->msg( 'logentry-partialblock-block-page' ) - ->numParams( count( $pages ) ) - ->rawParams( $this->context->getLanguage()->listToText( $pages ) )->escaped(); + ->numParams( count( $pageLinks ) ) + ->rawParams( $this->context->getLanguage()->listToText( $pageLinks ) )->escaped(); } if ( $namespaces ) { |