Cast paging variables to integer in MediaWiki's maintenance script SQL
For MediaWiki core, there is an experimental security checker script that is currently being worked on. That script is getting confused by some of the SQL paging queries in various maintenance scripts.
In order to help the script out, cast the $from, $to, $start and $end type
variables to ints before putting them into the SQL snippet.
For example, if you have
$res = $db->select(
'ipblocks',
[ 'ipb_user' ],
[
"ipb_user >= $from",
"ipb_user <= $to",
],
__METHOD__,
...
);
where $from and $to are integers that denote what part we are currently on, replace
them with
$res = $db->select(
'ipblocks',
[ 'ipb_user' ],
[
"ipb_user >= " . (int)$from,
"ipb_user <= " . (int)$to,
],
__METHOD__,
...
);
Similarly for BETWEEN conditions.
$cond = "page_id BETWEEN $blockStart AND $blockEnd";
Needs to be changed to
$cond = "page_id BETWEEN " . (int)$blockStart . " AND " . (int)$blockEnd;
You should of course only do this for the numeric range conditions. Other things in the query should not have this done to them.
To complete this task, choose 3 items that need replacing and replace them. The list of items to choose from is in https://phabricator.wikimedia.org/T182209 (because task here on the GCI website are limited to 1500 characters).
You are expected to provide a patch in Wikimedia Gerrit. See https://www.mediawiki.org/wiki/Gerrit/Tutorial for how to set up Git and Gerrit.
Task tags
Students who completed this task
Task type
- code Code