Issues in RollbackAction.php (master) - Issues in master - wikimedia/mediawiki - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4122)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/actions/RollbackAction.php (3 issues)

Labels

Bug 3

Severity

Major 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Edit rollback user interface
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
 *
 * @file
 * @ingroup Actions
 */

/**
 * User interface for the rollback action
 *
 * @ingroup Actions
 */
class RollbackAction extends FormlessAction {

	public function getName() {
		return 'rollback';
	}

	public function getRestriction() {
		return 'rollback';
	}

	/**
	 * Temporarily unused message keys due to T88044/T136375:
	 * - confirm-rollback-top
	 * - confirm-rollback-button
	 * - rollbackfailed
	 * - rollback-missingparam
	 */

	/**
	 * @throws ErrorPageError
	 */
	public function onView() {
		// TODO: use $this->useTransactionalTimeLimit(); when POST only
		wfTransactionalTimeLimit();

		$request = $this->getRequest();
		$user = $this->getUser();
		$from = $request->getVal( 'from' );
		$rev = $this->page->getRevision();
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
		if ( $from === null ) {
			throw new ErrorPageError( 'rollbackfailed', 'rollback-missingparam' );
		}
		if ( !$rev ) {
			throw new ErrorPageError( 'rollbackfailed', 'rollback-missingrevision' );
		}
		if ( $from !== $rev->getUserText() ) {
			throw new ErrorPageError( 'rollbackfailed', 'alreadyrolled', [
				$this->getTitle()->getPrefixedText(),
				$from,
				$rev->getUserText()
			] );
		}

		$data = null;
		$errors = $this->page->doRollback(
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
			$from,
			$request->getText( 'summary' ),
			$request->getVal( 'token' ),
			$request->getBool( 'bot' ),
			$data,
			$this->getUser()
		);

		if ( in_array( [ 'actionthrottledtext' ], $errors ) ) {
			throw new ThrottledError;
		}

		if ( isset( $errors[0][0] ) &&
			( $errors[0][0] == 'alreadyrolled' || $errors[0][0] == 'cantrollback' )
		) {
			$this->getOutput()->setPageTitle( $this->msg( 'rollbackfailed' ) );
			$errArray = $errors[0];
			$errMsg = array_shift( $errArray );
			$this->getOutput()->addWikiMsgArray( $errMsg, $errArray );

			if ( isset( $data['current'] ) ) {
				/** @var Revision $current */
				$current = $data['current'];

				if ( $current->getComment() != '' ) {
					$this->getOutput()->addHTML( $this->msg( 'editcomment' )->rawParams(
						Linker::formatComment( $current->getComment() ) )->parse() );
				}
			}

			return;
		}

		# NOTE: Permission errors already handled by Action::checkExecute.
		if ( $errors == [ [ 'readonlytext' ] ] ) {
			throw new ReadOnlyError;
		}

		# XXX: Would be nice if ErrorPageError could take multiple errors, and/or a status object.
		#      Right now, we only show the first error
		foreach ( $errors as $error ) {
			throw new ErrorPageError( 'rollbackfailed', $error[0], array_slice( $error, 1 ) );
		}

		/** @var Revision $current */
		$current = $data['current'];
		$target = $data['target'];
		$newId = $data['newid'];
		$this->getOutput()->setPageTitle( $this->msg( 'actioncomplete' ) );
		$this->getOutput()->setRobotPolicy( 'noindex,nofollow' );

		$old = Linker::revUserTools( $current );
		$new = Linker::revUserTools( $target );
		$this->getOutput()->addHTML( $this->msg( 'rollback-success' )->rawParams( $old, $new )
			->parseAsBlock() );

		if ( $user->getBoolOption( 'watchrollback' ) ) {
			$user->addWatch( $this->page->getTitle(), User::IGNORE_USER_RIGHTS );
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
		}

		$this->getOutput()->returnToMain( false, $this->getTitle() );

		if ( !$request->getBool( 'hidediff', false ) &&
			!$this->getUser()->getBoolOption( 'norollbackdiff' )
		) {
			$contentHandler = $current->getContentHandler();
			$de = $contentHandler->createDifferenceEngine(
				$this->getContext(),
				$current->getId(),
				$newId,
				false,
				true
			);
			$de->showDiff( '', '' );
		}
		return;
	}

	protected function getDescription() {
		return '';
	}

	public function doesWrites() {
		return true;
	}
}


Issues (4122)

Security Analysis not enabled

includes/actions/RollbackAction.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Available Fixes

1			<?php
2			/**
3			* Edit rollback user interface
4			*
5			* This program is free software; you can redistribute it and/or modify
6			* it under the terms of the GNU General Public License as published by
7			* the Free Software Foundation; either version 2 of the License, or
8			* (at your option) any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU General Public License for more details.
14			*
15			* You should have received a copy of the GNU General Public License
16			* along with this program; if not, write to the Free Software
17			* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
18			*
19			* @file
20			* @ingroup Actions
21			*/
22
23			/**
24			* User interface for the rollback action
25			*
26			* @ingroup Actions
27			*/
28			class RollbackAction extends FormlessAction {
29
30			public function getName() {
31			return 'rollback';
32			}
33
34			public function getRestriction() {
35			return 'rollback';
36			}
37
38			/**
39			* Temporarily unused message keys due to T88044/T136375:
40			* - confirm-rollback-top
41			* - confirm-rollback-button
42			* - rollbackfailed
43			* - rollback-missingparam
44			*/
45
46			/**
47			* @throws ErrorPageError
48			*/
49			public function onView() {
50			// TODO: use $this->useTransactionalTimeLimit(); when POST only
51			wfTransactionalTimeLimit();
52
53			$request = $this->getRequest();
54			$user = $this->getUser();
55			$from = $request->getVal( 'from' );
56			$rev = $this->page->getRevision();
			0 ignored issues – show Bug introduced 2016-05-24 17:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getRevision` does only exist in `Article and CategoryPage... ImagePage and WikiPage`, but not in `Page`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
57			if ( $from === null ) {
58			throw new ErrorPageError( 'rollbackfailed', 'rollback-missingparam' );
59			}
60			if ( !$rev ) {
61			throw new ErrorPageError( 'rollbackfailed', 'rollback-missingrevision' );
62			}
63			if ( $from !== $rev->getUserText() ) {
64			throw new ErrorPageError( 'rollbackfailed', 'alreadyrolled', [
65			$this->getTitle()->getPrefixedText(),
66			$from,
67			$rev->getUserText()
68			] );
69			}
70
71			$data = null;
72			$errors = $this->page->doRollback(
			0 ignored issues – show Bug introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `doRollback` does only exist in `Article and CategoryPage... ImagePage and WikiPage`, but not in `Page`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
73			$from,
74			$request->getText( 'summary' ),
75			$request->getVal( 'token' ),
76			$request->getBool( 'bot' ),
77			$data,
78			$this->getUser()
79			);
80
81			if ( in_array( [ 'actionthrottledtext' ], $errors ) ) {
82			throw new ThrottledError;
83			}
84
85			if ( isset( $errors[0][0] ) &&
86			( $errors[0][0] == 'alreadyrolled' \|\| $errors[0][0] == 'cantrollback' )
87			) {
88			$this->getOutput()->setPageTitle( $this->msg( 'rollbackfailed' ) );
89			$errArray = $errors[0];
90			$errMsg = array_shift( $errArray );
91			$this->getOutput()->addWikiMsgArray( $errMsg, $errArray );
92
93			if ( isset( $data['current'] ) ) {
94			/** @var Revision $current */
95			$current = $data['current'];
96
97			if ( $current->getComment() != '' ) {
98			$this->getOutput()->addHTML( $this->msg( 'editcomment' )->rawParams(
99			Linker::formatComment( $current->getComment() ) )->parse() );
100			}
101			}
102
103			return;
104			}
105
106			# NOTE: Permission errors already handled by Action::checkExecute.
107			if ( $errors == [ [ 'readonlytext' ] ] ) {
108			throw new ReadOnlyError;
109			}
110
111			# XXX: Would be nice if ErrorPageError could take multiple errors, and/or a status object.
112			# Right now, we only show the first error
113			foreach ( $errors as $error ) {
114			throw new ErrorPageError( 'rollbackfailed', $error[0], array_slice( $error, 1 ) );
115			}
116
117			/** @var Revision $current */
118			$current = $data['current'];
119			$target = $data['target'];
120			$newId = $data['newid'];
121			$this->getOutput()->setPageTitle( $this->msg( 'actioncomplete' ) );
122			$this->getOutput()->setRobotPolicy( 'noindex,nofollow' );
123
124			$old = Linker::revUserTools( $current );
125			$new = Linker::revUserTools( $target );
126			$this->getOutput()->addHTML( $this->msg( 'rollback-success' )->rawParams( $old, $new )
127			->parseAsBlock() );
128
129			if ( $user->getBoolOption( 'watchrollback' ) ) {
130			$user->addWatch( $this->page->getTitle(), User::IGNORE_USER_RIGHTS );
			0 ignored issues – show Bug introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getTitle` does only exist in `Article and CategoryPage... ImagePage and WikiPage`, but not in `Page`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
131			}
132
133			$this->getOutput()->returnToMain( false, $this->getTitle() );
134
135			if ( !$request->getBool( 'hidediff', false ) &&
136			!$this->getUser()->getBoolOption( 'norollbackdiff' )
137			) {
138			$contentHandler = $current->getContentHandler();
139			$de = $contentHandler->createDifferenceEngine(
140			$this->getContext(),
141			$current->getId(),
142			$newId,
143			false,
144			true
145			);
146			$de->showDiff( '', '' );
147			}
148			return;
149			}
150
151			protected function getDescription() {
152			return '';
153			}
154
155			public function doesWrites() {
156			return true;
157			}
158			}
159

wikimedia / mediawiki

Issues (4122)

Security Analysis not enabled

includes/actions/RollbackAction.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Available Fixes

Duplication Side-by-Side

Filter issues like