Issues in SpecialAllPages.php (master) - Issues in master - wikimedia/mediawiki - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4122)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/specials/SpecialAllPages.php (6 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Implements Special:Allpages
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 * @ingroup SpecialPage
 */

/**
 * Implements Special:Allpages
 *
 * @ingroup SpecialPage
 * @todo Rewrite using IndexPager
 */
class SpecialAllPages extends IncludableSpecialPage {

	/**
	 * Maximum number of pages to show on single subpage.
	 *
	 * @var int $maxPerPage
	 */
	protected $maxPerPage = 345;

	/**
	 * Determines, which message describes the input field 'nsfrom'.
	 *
	 * @var string $nsfromMsg
	 */
	protected $nsfromMsg = 'allpagesfrom';

	/**
	 * Constructor
	 *
	 * @param string $name Name of the special page, as seen in links and URLs (default: 'Allpages')
	 */
	function __construct( $name = 'Allpages' ) {
		parent::__construct( $name );
	}

	/**
	 * Entry point : initialise variables and call subfunctions.
	 *
	 * @param string $par Becomes "FOO" when called like Special:Allpages/FOO (default null)
	 */
	function execute( $par ) {
		$request = $this->getRequest();
		$out = $this->getOutput();

		$this->setHeaders();
		$this->outputHeader();
		$out->allowClickjacking();

		# GET values
		$from = $request->getVal( 'from', null );
		$to = $request->getVal( 'to', null );
		$namespace = $request->getInt( 'namespace' );
		$hideredirects = $request->getBool( 'hideredirects', false );

		$namespaces = $this->getLanguage()->getNamespaces();

		$out->setPageTitle(
			( $namespace > 0 && array_key_exists( $namespace, $namespaces ) ) ?
				$this->msg( 'allinnamespace', str_replace( '_', ' ', $namespaces[$namespace] ) ) :
				$this->msg( 'allarticles' )
		);
		$out->addModuleStyles( 'mediawiki.special' );

		if ( $par !== null ) {
			$this->showChunk( $namespace, $par, $to, $hideredirects );
		} elseif ( $from !== null && $to === null ) {
			$this->showChunk( $namespace, $from, $to, $hideredirects );
		} else {
			$this->showToplevel( $namespace, $from, $to, $hideredirects );
		}
	}

	/**
	 * Outputs the HTMLForm used on this page
	 *
	 * @param int $namespace A namespace constant (default NS_MAIN).
	 * @param string $from DbKey we are starting listing at.
	 * @param string $to DbKey we are ending listing at.
	 * @param bool $hideRedirects Dont show redirects  (default false)
	 */
	protected function outputHTMLForm( $namespace = NS_MAIN,
		$from = '', $to = '', $hideRedirects = false
	) {
		$fields = [
			'from' => [
				'type' => 'text',
				'name' => 'from',
				'id' => 'nsfrom',
				'size' => 30,
				'label-message' => 'allpagesfrom',
				'default' => str_replace( '_', ' ', $from ),
			],
			'to' => [
				'type' => 'text',
				'name' => 'to',
				'id' => 'nsto',
				'size' => 30,
				'label-message' => 'allpagesto',
				'default' => str_replace( '_', ' ', $to ),
			],
			'namespace' => [
				'type' => 'namespaceselect',
				'name' => 'namespace',
				'id' => 'namespace',
				'label-message' => 'namespace',
				'all' => null,
				'value' => $namespace,
			],
			'hideredirects' => [
				'type' => 'check',
				'name' => 'hideredirects',
				'id' => 'hidredirects',
				'label-message' => 'allpages-hide-redirects',
				'value' => $hideRedirects,
			],
		];
		$form = HTMLForm::factory( 'table', $fields, $this->getContext() );
		$form->setMethod( 'get' )
			->setWrapperLegendMsg( 'allpages' )
			->setSubmitTextMsg( 'allpagessubmit' )
			->prepareForm()
			->displayForm( false );
	}

	/**
	 * @param int $namespace (default NS_MAIN)
	 * @param string $from List all pages from this name
	 * @param string $to List all pages to this name
	 * @param bool $hideredirects Dont show redirects (default false)
	 */
	function showToplevel( $namespace = NS_MAIN, $from = '', $to = '', $hideredirects = false ) {
		$from = Title::makeTitleSafe( $namespace, $from );
		$to = Title::makeTitleSafe( $namespace, $to );
		$from = ( $from && $from->isLocal() ) ? $from->getDBkey() : null;
		$to = ( $to && $to->isLocal() ) ? $to->getDBkey() : null;

		$this->showChunk( $namespace, $from, $to, $hideredirects );
	}

	/**
	 * @param int $namespace Namespace (Default NS_MAIN)
	 * @param string $from List all pages from this name (default false)
	 * @param string $to List all pages to this name (default false)
	 * @param bool $hideredirects Dont show redirects (default false)
	 */
	function showChunk( $namespace = NS_MAIN, $from = false, $to = false, $hideredirects = false ) {
		$output = $this->getOutput();

		$fromList = $this->getNamespaceKeyAndText( $namespace, $from );

		$toList = $this->getNamespaceKeyAndText( $namespace, $to );

		$namespaces = $this->getContext()->getLanguage()->getNamespaces();
		$n = 0;
		$prevTitle = null;

		if ( !$fromList || !$toList ) {
			$out = $this->msg( 'allpagesbadtitle' )->parseAsBlock();
		} elseif ( !array_key_exists( $namespace, $namespaces ) ) {
			// Show errormessage and reset to NS_MAIN
			$out = $this->msg( 'allpages-bad-ns', $namespace )->parse();
			$namespace = NS_MAIN;
		} else {
			list( $namespace, $fromKey, $from ) = $fromList;
			list( , $toKey, $to ) = $toList;

			$dbr = wfGetDB( DB_REPLICA );
			$filterConds = [ 'page_namespace' => $namespace ];
			if ( $hideredirects ) {
				$filterConds['page_is_redirect'] = 0;
			}

			$conds = $filterConds;
			$conds[] = 'page_title >= ' . $dbr->addQuotes( $fromKey );
			if ( $toKey !== "" ) {
				$conds[] = 'page_title <= ' . $dbr->addQuotes( $toKey );
			}

			$res = $dbr->select( 'page',
				[ 'page_namespace', 'page_title', 'page_is_redirect', 'page_id' ],
				$conds,
				__METHOD__,
				[
					'ORDER BY' => 'page_title',
					'LIMIT' => $this->maxPerPage + 1,
					'USE INDEX' => 'name_title',
				]
			);

			if ( $res->numRows() > 0 ) {
				$out = Html::openElement( 'ul', [ 'class' => 'mw-allpages-chunk' ] );

				while ( ( $n < $this->maxPerPage ) && ( $s = $res->fetchObject() ) ) {
					$t = Title::newFromRow( $s );
					if ( $t ) {
						$out .= '<li' .
							( $s->page_is_redirect ? ' class="allpagesredirect"' : '' ) .
							'>' .
							Linker::link( $t ) .
							"</li>\n";
					} else {
						$out .= '<li>[[' . htmlspecialchars( $s->page_title ) . "]]</li>\n";
					}
					$n++;
				}
				$out .= Html::closeElement( 'ul' );

				if ( $res->numRows() > 2 ) {
					// Only apply CSS column styles if there's more than 2 entries.
					// Otherwise, rendering is broken as "mw-allpages-body"'s CSS column count is 3.
					$out = Html::rawElement( 'div', [ 'class' => 'mw-allpages-body' ], $out );
				}
			} else {
				$out = '';
			}

			if ( $fromKey !== '' && !$this->including() ) {
				# Get the first title from previous chunk
				$prevConds = $filterConds;
				$prevConds[] = 'page_title < ' . $dbr->addQuotes( $fromKey );
				$prevKey = $dbr->selectField(
					'page',
					'page_title',
					$prevConds,
					__METHOD__,
					[ 'ORDER BY' => 'page_title DESC', 'OFFSET' => $this->maxPerPage - 1 ]
				);

				if ( $prevKey === false ) {
					# The previous chunk is not complete, need to link to the very first title
					# available in the database
					$prevKey = $dbr->selectField(
						'page',
						'page_title',
						$prevConds,
						__METHOD__,
						[ 'ORDER BY' => 'page_title' ]
					);
				}

				if ( $prevKey !== false ) {
					$prevTitle = Title::makeTitle( $namespace, $prevKey );
				}
			}
		}

		if ( $this->including() ) {
			$output->addHTML( $out );
			return;
		}

		$navLinks = [];
		$self = $this->getPageTitle();

		// Generate a "previous page" link if needed
		if ( $prevTitle ) {
			$query = [ 'from' => $prevTitle->getText() ];

			if ( $namespace ) {
				$query['namespace'] = $namespace;
			}

			if ( $hideredirects ) {
				$query['hideredirects'] = $hideredirects;
			}

			$navLinks[] = Linker::linkKnown(
				$self,
				$this->msg( 'prevpage', $prevTitle->getText() )->escaped(),
				[],
				$query
			);

		}

		// Generate a "next page" link if needed
		if ( $n == $this->maxPerPage && $s = $res->fetchObject() ) {
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
			# $s is the first link of the next chunk
			$t = Title::makeTitle( $namespace, $s->page_title );
			$query = [ 'from' => $t->getText() ];

			if ( $namespace ) {
				$query['namespace'] = $namespace;
			}

			if ( $hideredirects ) {
				$query['hideredirects'] = $hideredirects;
			}

			$navLinks[] = Linker::linkKnown(
				$self,
				$this->msg( 'nextpage', $t->getText() )->escaped(),
				[],
				$query
			);
		}

		$this->outputHTMLForm( $namespace, $from, $to, $hideredirects );


		if ( count( $navLinks ) ) {
			// Add pagination links
			$pagination = Html::rawElement( 'div',
				[ 'class' => 'mw-allpages-nav' ],
				$this->getLanguage()->pipeList( $navLinks )
			);

			$output->addHTML( $pagination );
			$out .= Html::element( 'hr' ) . $pagination; // Footer
		}

		$output->addHTML( $out );
	}

	/**
	 * @param int $ns The namespace of the article
	 * @param string $text The name of the article
	 * @return array( int namespace, string dbkey, string pagename ) or null on error

	 */
	protected function getNamespaceKeyAndText( $ns, $text ) {
		if ( $text == '' ) {
			# shortcut for common case
			return [ $ns, '', '' ];
		}

		$t = Title::makeTitleSafe( $ns, $text );
		if ( $t && $t->isLocal() ) {
			return [ $t->getNamespace(), $t->getDBkey(), $t->getText() ];
		} elseif ( $t ) {
			return null;
		}

		# try again, in case the problem was an empty pagename
		$text = preg_replace( '/(#|$)/', 'X$1', $text );
		$t = Title::makeTitleSafe( $ns, $text );
		if ( $t && $t->isLocal() ) {
			return [ $t->getNamespace(), '', '' ];
		} else {
			return null;
		}
	}

	/**
	 * Return an array of subpages beginning with $search that this special page will accept.
	 *
	 * @param string $search Prefix to search for
	 * @param int $limit Maximum number of results to return (usually 10)
	 * @param int $offset Number of results to skip (usually 0)
	 * @return string[] Matching subpages
	 */
	public function prefixSearchSubpages( $search, $limit, $offset ) {
		return $this->prefixSearchString( $search, $limit, $offset );
	}

	protected function getGroupName() {
		return 'pages';
	}
}


Issues (4122)

Security Analysis not enabled

includes/specials/SpecialAllPages.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

1		<?php
2		/**
3		* Implements Special:Allpages
4		*
5		* This program is free software; you can redistribute it and/or modify
6		* it under the terms of the GNU General Public License as published by
7		* the Free Software Foundation; either version 2 of the License, or
8		* (at your option) any later version.
9		*
10		* This program is distributed in the hope that it will be useful,
11		* but WITHOUT ANY WARRANTY; without even the implied warranty of
12		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13		* GNU General Public License for more details.
14		*
15		* You should have received a copy of the GNU General Public License along
16		* with this program; if not, write to the Free Software Foundation, Inc.,
17		* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18		* http://www.gnu.org/copyleft/gpl.html
19		*
20		* @file
21		* @ingroup SpecialPage
22		*/
23
24		/**
25		* Implements Special:Allpages
26		*
27		* @ingroup SpecialPage
28		* @todo Rewrite using IndexPager
29		*/
30		class SpecialAllPages extends IncludableSpecialPage {
31
32		/**
33		* Maximum number of pages to show on single subpage.
34		*
35		* @var int $maxPerPage
36		*/
37		protected $maxPerPage = 345;
38
39		/**
40		* Determines, which message describes the input field 'nsfrom'.
41		*
42		* @var string $nsfromMsg
43		*/
44		protected $nsfromMsg = 'allpagesfrom';
45
46		/**
47		* Constructor
48		*
49		* @param string $name Name of the special page, as seen in links and URLs (default: 'Allpages')
50		*/
51		function __construct( $name = 'Allpages' ) {
52		parent::__construct( $name );
53		}
54
55		/**
56		* Entry point : initialise variables and call subfunctions.
57		*
58		* @param string $par Becomes "FOO" when called like Special:Allpages/FOO (default null)
59		*/
60		function execute( $par ) {
61		$request = $this->getRequest();
62		$out = $this->getOutput();
63
64		$this->setHeaders();
65		$this->outputHeader();
66		$out->allowClickjacking();
67
68		# GET values
69		$from = $request->getVal( 'from', null );
70		$to = $request->getVal( 'to', null );
71		$namespace = $request->getInt( 'namespace' );
72		$hideredirects = $request->getBool( 'hideredirects', false );
73
74		$namespaces = $this->getLanguage()->getNamespaces();
75
76		$out->setPageTitle(
77		( $namespace > 0 && array_key_exists( $namespace, $namespaces ) ) ?
78		$this->msg( 'allinnamespace', str_replace( '_', ' ', $namespaces[$namespace] ) ) :
79		$this->msg( 'allarticles' )
80		);
81		$out->addModuleStyles( 'mediawiki.special' );
82
83		if ( $par !== null ) {
84		$this->showChunk( $namespace, $par, $to, $hideredirects );
85		} elseif ( $from !== null && $to === null ) {
86		$this->showChunk( $namespace, $from, $to, $hideredirects );
87		} else {
88		$this->showToplevel( $namespace, $from, $to, $hideredirects );
89		}
90		}
91
92		/**
93		* Outputs the HTMLForm used on this page
94		*
95		* @param int $namespace A namespace constant (default NS_MAIN).
96		* @param string $from DbKey we are starting listing at.
97		* @param string $to DbKey we are ending listing at.
98		* @param bool $hideRedirects Dont show redirects (default false)
99		*/
100		protected function outputHTMLForm( $namespace = NS_MAIN,
101		$from = '', $to = '', $hideRedirects = false
102		) {
103		$fields = [
104		'from' => [
105		'type' => 'text',
106		'name' => 'from',
107		'id' => 'nsfrom',
108		'size' => 30,
109		'label-message' => 'allpagesfrom',
110		'default' => str_replace( '_', ' ', $from ),
111		],
112		'to' => [
113		'type' => 'text',
114		'name' => 'to',
115		'id' => 'nsto',
116		'size' => 30,
117		'label-message' => 'allpagesto',
118		'default' => str_replace( '_', ' ', $to ),
119		],
120		'namespace' => [
121		'type' => 'namespaceselect',
122		'name' => 'namespace',
123		'id' => 'namespace',
124		'label-message' => 'namespace',
125		'all' => null,
126		'value' => $namespace,
127		],
128		'hideredirects' => [
129		'type' => 'check',
130		'name' => 'hideredirects',
131		'id' => 'hidredirects',
132		'label-message' => 'allpages-hide-redirects',
133		'value' => $hideRedirects,
134		],
135		];
136		$form = HTMLForm::factory( 'table', $fields, $this->getContext() );
137		$form->setMethod( 'get' )
138		->setWrapperLegendMsg( 'allpages' )
139		->setSubmitTextMsg( 'allpagessubmit' )
140		->prepareForm()
141		->displayForm( false );
142		}
143
144		/**
145		* @param int $namespace (default NS_MAIN)
146		* @param string $from List all pages from this name
147		* @param string $to List all pages to this name
148		* @param bool $hideredirects Dont show redirects (default false)
149		*/
150		function showToplevel( $namespace = NS_MAIN, $from = '', $to = '', $hideredirects = false ) {
151		$from = Title::makeTitleSafe( $namespace, $from );
152		$to = Title::makeTitleSafe( $namespace, $to );
153		$from = ( $from && $from->isLocal() ) ? $from->getDBkey() : null;
154		$to = ( $to && $to->isLocal() ) ? $to->getDBkey() : null;
155
156		$this->showChunk( $namespace, $from, $to, $hideredirects );
157		}
158
159		/**
160		* @param int $namespace Namespace (Default NS_MAIN)
161		* @param string $from List all pages from this name (default false)
162		* @param string $to List all pages to this name (default false)
163		* @param bool $hideredirects Dont show redirects (default false)
164		*/
165		function showChunk( $namespace = NS_MAIN, $from = false, $to = false, $hideredirects = false ) {
166		$output = $this->getOutput();
167
168		$fromList = $this->getNamespaceKeyAndText( $namespace, $from );
		0 ignored issues – show Bug introduced 2016-02-23 18:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$from` defined by parameter `$from` on line 165 can also be of type `false`; however, `SpecialAllPages::getNamespaceKeyAndText()` does only seem to accept `string`, maybe add an additional type check? This check looks at variables that have been passed in as parameters and are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
169		$toList = $this->getNamespaceKeyAndText( $namespace, $to );
		0 ignored issues – show Bug introduced 2016-02-23 18:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$to` defined by parameter `$to` on line 165 can also be of type `false`; however, `SpecialAllPages::getNamespaceKeyAndText()` does only seem to accept `string`, maybe add an additional type check? This check looks at variables that have been passed in as parameters and are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
170		$namespaces = $this->getContext()->getLanguage()->getNamespaces();
171		$n = 0;
172		$prevTitle = null;
173
174		if ( !$fromList \|\| !$toList ) {
175		$out = $this->msg( 'allpagesbadtitle' )->parseAsBlock();
176	View Code Duplication	} elseif ( !array_key_exists( $namespace, $namespaces ) ) {
177		// Show errormessage and reset to NS_MAIN
178		$out = $this->msg( 'allpages-bad-ns', $namespace )->parse();
179		$namespace = NS_MAIN;
180		} else {
181		list( $namespace, $fromKey, $from ) = $fromList;
182		list( , $toKey, $to ) = $toList;
183
184		$dbr = wfGetDB( DB_REPLICA );
185		$filterConds = [ 'page_namespace' => $namespace ];
186		if ( $hideredirects ) {
187		$filterConds['page_is_redirect'] = 0;
188		}
189
190		$conds = $filterConds;
191		$conds[] = 'page_title >= ' . $dbr->addQuotes( $fromKey );
192		if ( $toKey !== "" ) {
193		$conds[] = 'page_title <= ' . $dbr->addQuotes( $toKey );
194		}
195
196		$res = $dbr->select( 'page',
197		[ 'page_namespace', 'page_title', 'page_is_redirect', 'page_id' ],
198		$conds,
199		__METHOD__,
200		[
201		'ORDER BY' => 'page_title',
202		'LIMIT' => $this->maxPerPage + 1,
203		'USE INDEX' => 'name_title',
204		]
205		);
206
207		if ( $res->numRows() > 0 ) {
208		$out = Html::openElement( 'ul', [ 'class' => 'mw-allpages-chunk' ] );
209
210		while ( ( $n < $this->maxPerPage ) && ( $s = $res->fetchObject() ) ) {
211		$t = Title::newFromRow( $s );
212		if ( $t ) {
213		$out .= '<li' .
214		( $s->page_is_redirect ? ' class="allpagesredirect"' : '' ) .
215		'>' .
216		Linker::link( $t ) .
217		"</li>\n";
218		} else {
219		$out .= '<li>[[' . htmlspecialchars( $s->page_title ) . "]]</li>\n";
220		}
221		$n++;
222		}
223		$out .= Html::closeElement( 'ul' );
224
225		if ( $res->numRows() > 2 ) {
226		// Only apply CSS column styles if there's more than 2 entries.
227		// Otherwise, rendering is broken as "mw-allpages-body"'s CSS column count is 3.
228		$out = Html::rawElement( 'div', [ 'class' => 'mw-allpages-body' ], $out );
229		}
230		} else {
231		$out = '';
232		}
233
234		if ( $fromKey !== '' && !$this->including() ) {
235		# Get the first title from previous chunk
236		$prevConds = $filterConds;
237		$prevConds[] = 'page_title < ' . $dbr->addQuotes( $fromKey );
238		$prevKey = $dbr->selectField(
239		'page',
240		'page_title',
241		$prevConds,
242		__METHOD__,
243		[ 'ORDER BY' => 'page_title DESC', 'OFFSET' => $this->maxPerPage - 1 ]
244		);
245
246		if ( $prevKey === false ) {
247		# The previous chunk is not complete, need to link to the very first title
248		# available in the database
249		$prevKey = $dbr->selectField(
250		'page',
251		'page_title',
252		$prevConds,
253		__METHOD__,
254		[ 'ORDER BY' => 'page_title' ]
255		);
256		}
257
258		if ( $prevKey !== false ) {
259		$prevTitle = Title::makeTitle( $namespace, $prevKey );
260		}
261		}
262		}
263
264		if ( $this->including() ) {
265		$output->addHTML( $out );
266		return;
267		}
268
269		$navLinks = [];
270		$self = $this->getPageTitle();
271
272		// Generate a "previous page" link if needed
273		if ( $prevTitle ) {
274		$query = [ 'from' => $prevTitle->getText() ];
275
276		if ( $namespace ) {
277		$query['namespace'] = $namespace;
278		}
279
280		if ( $hideredirects ) {
281		$query['hideredirects'] = $hideredirects;
282		}
283
284		$navLinks[] = Linker::linkKnown(
285		$self,
286		$this->msg( 'prevpage', $prevTitle->getText() )->escaped(),
287		[],
288		$query
289		);
290
291		}
292
293		// Generate a "next page" link if needed
294		if ( $n == $this->maxPerPage && $s = $res->fetchObject() ) {
		0 ignored issues – show Bug introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$res` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
295		# $s is the first link of the next chunk
296		$t = Title::makeTitle( $namespace, $s->page_title );
297		$query = [ 'from' => $t->getText() ];
298
299		if ( $namespace ) {
300		$query['namespace'] = $namespace;
301		}
302
303		if ( $hideredirects ) {
304		$query['hideredirects'] = $hideredirects;
305		}
306
307		$navLinks[] = Linker::linkKnown(
308		$self,
309		$this->msg( 'nextpage', $t->getText() )->escaped(),
310		[],
311		$query
312		);
313		}
314
315		$this->outputHTMLForm( $namespace, $from, $to, $hideredirects );
		0 ignored issues – show Security Bug introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$from` can also be of type `false`; however, `SpecialAllPages::outputHTMLForm()` does only seem to accept `string`, did you maybe forget to handle an error condition? Loading history... Security Bug introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$to` can also be of type `false`; however, `SpecialAllPages::outputHTMLForm()` does only seem to accept `string`, did you maybe forget to handle an error condition? Loading history...
316
317		if ( count( $navLinks ) ) {
318		// Add pagination links
319		$pagination = Html::rawElement( 'div',
320		[ 'class' => 'mw-allpages-nav' ],
321		$this->getLanguage()->pipeList( $navLinks )
322		);
323
324		$output->addHTML( $pagination );
325		$out .= Html::element( 'hr' ) . $pagination; // Footer
326		}
327
328		$output->addHTML( $out );
329		}
330
331		/**
332		* @param int $ns The namespace of the article
333		* @param string $text The name of the article
334		* @return array( int namespace, string dbkey, string pagename ) or null on error
		0 ignored issues – show Documentation introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `array(` could not be parsed: Expected "\|" or "end of type", but got "(" at position 5. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
335		*/
336		protected function getNamespaceKeyAndText( $ns, $text ) {
337		if ( $text == '' ) {
338		# shortcut for common case
339		return [ $ns, '', '' ];
340		}
341
342		$t = Title::makeTitleSafe( $ns, $text );
343		if ( $t && $t->isLocal() ) {
344		return [ $t->getNamespace(), $t->getDBkey(), $t->getText() ];
345		} elseif ( $t ) {
346		return null;
347		}
348
349		# try again, in case the problem was an empty pagename
350		$text = preg_replace( '/(#\|$)/', 'X$1', $text );
351		$t = Title::makeTitleSafe( $ns, $text );
352		if ( $t && $t->isLocal() ) {
353		return [ $t->getNamespace(), '', '' ];
354		} else {
355		return null;
356		}
357		}
358
359		/**
360		* Return an array of subpages beginning with $search that this special page will accept.
361		*
362		* @param string $search Prefix to search for
363		* @param int $limit Maximum number of results to return (usually 10)
364		* @param int $offset Number of results to skip (usually 0)
365		* @return string[] Matching subpages
366		*/
367		public function prefixSearchSubpages( $search, $limit, $offset ) {
368		return $this->prefixSearchString( $search, $limit, $offset );
369		}
370
371		protected function getGroupName() {
372		return 'pages';
373		}
374		}
375

wikimedia / mediawiki

Issues (4122)

Security Analysis not enabled

includes/specials/SpecialAllPages.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like