Additional changes:
* Removed phan-taint-check-plugin from extra, now inherited from mediawiki-phan-config.
Change-Id: I6748d2720884b7059224e614d686fd3a72d23202
The following sniffs now pass and were enabled:
* PSR12.Files.ImportStatement.LeadingSlash
Additional changes:
* Replaced "jakub-onderka" packages with "php-parallel-lint".
Change-Id: I6bcf27f48c26d9e130dbd1ee77bd3badb31805d5
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingDocumentationPrivate
Change-Id: I48607226707fcc6c30a194e741d367ddd0c2f27b
* grunt-stylelint: 0.9.0 → 0.13.0
* stylelint-config-wikimedia: 0.4.2 → 0.8.0
Additional changes:
* Remove direct "stylelint" dependency in favor of "grunt-stylelint".
* Also sorted "composer fix" command to run phpcbf last.
Change-Id: Ic0f66acde9ca9ebf2606b6f5afea25c562ceb828
composer:
* mediawiki/minus-x: 0.3.1 → 0.3.2
* mediawiki/mediawiki-codesniffer: 26.0.0 → 28.0.0
The following sniffs are failing and were disabled:
* PSR12.Files.ImportStatement.LeadingSlash
The following sniffs now pass and were enabled:
* MediaWiki.Usage.DeprecatedGlobalVariables.Deprecated$wgContLang
npm:
* grunt-banana-checker: 0.6.0 → 0.8.1
Additional changes:
* Added .eslintcache to .gitignore.
Change-Id: Ibdd18a68f35644e2a6abea849e47d6a1b284fbd4
The method ReplaceTextUtils::link (which is already complicated because
it tries to support ancient MediaWiki) can perform different levels of
escaping depending on whether the HtmlArmor class exists. This is confusing
for taint-check and for humans, and can inevitably lead to errors. Plus
it's bad practice to have a method returning something with a variable
level of taintedness, especially if that depends on something ephemeral
like if a class exists or not.
Thus, the HtmlArmor part is removed, the text is escaped for Linker::link,
and the method now requires non-escaped HTML to be passed in.
Change-Id: I6e2783827580e3d470d316f1d3879679eb67aeda
The following sniffs are failing and were disabled:
* MediaWiki.Usage.DeprecatedGlobalVariables.Deprecated$wgContLang
Change-Id: I56fb225b2f158ed69fed80fe9a1a2066f407064f
The plugin checks and flags potential security issues (XSS, SQLi, etc.)
using static analysis.
See <https://www.mediawiki.org/wiki/Phan-taint-check-plugin> for more
details.
Change-Id: Ibb8736ac41c05b4eed5655ee89627a8894df4dba
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.LicenseComment.InvalidLicenseTag
The following sniffs now pass and were enabled:
* MediaWiki.Commenting.FunctionComment.MissingParamComment
Change-Id: Id1c06f59d040ed42e06ae1cfddb40dff6159475f
The following sniffs are failing and were disabled:
* Squiz.Scope.MemberVarScope.Missing
* Squiz.Scope.MethodScope.Missing
Change-Id: I800d2343b5e7627f7d1442a5e95c3e30a4b9bfb1
The following sniffs are failing and were disabled:
* MediaWiki.Files.ClassMatchesFilename.NotMatch
Change-Id: I72657b149664e7136e91ccb5c3cdbe2bfaef847e
The following sniffs are failing and were disabled:
* MediaWiki.Commenting.FunctionComment.MissingParamTag
* MediaWiki.Commenting.FunctionComment.MissingReturn
* MediaWiki.FunctionComment.Missing.Protected
* MediaWiki.FunctionComment.Missing.Public
* MediaWiki.WhiteSpace.SpaceBeforeSingleLineComment.NewLineComment
Change-Id: Ic25b2569656fb1b30b759c920644c2d6f777a492