dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge "media: Do not pass unused parameter"
[lhc/web/wiklou.git] / includes / htmlform / HTMLFormField.php
diff --git a/includes/htmlform/HTMLFormField.php b/includes/htmlform/HTMLFormField.php
index f5d6e8c..5f99aa0 100644 (file)
--- a/includes/htmlform/HTMLFormField.php
+++ b/includes/htmlform/HTMLFormField.php
@@ -607,17 +607,11 @@ abstract class HTMLFormField {
                        $error = new OOUI\HtmlSnippet( $error );
                }
 
-               $notices = $this->getNotices();
-               foreach ( $notices as &$notice ) {
-                       $notice = new OOUI\HtmlSnippet( $notice );
-               }
-
                $config = [
                        'classes' => [ "mw-htmlform-field-$fieldType", $this->mClass ],
                        'align' => $this->getLabelAlignOOUI(),
                        'help' => ( $help !== null && $help !== '' ) ? new OOUI\HtmlSnippet( $help ) : null,
                        'errors' => $errors,
-                       'notices' => $notices,
                        'infusable' => $infusable,
                        'helpInline' => $this->isHelpInline(),
                ];
@@ -861,15 +855,20 @@ abstract class HTMLFormField {
         * @return bool
         */
        public function isHelpInline() {
-               return isset( $this->mParams['help-inline'] ) ? $this->mParams['help-inline'] : true;
+               return $this->mParams['help-inline'] ?? true;
        }
 
        /**
         * Determine form errors to display and their classes
         * @since 1.20
         *
+        * phan-taint-check gets confused with returning both classes
+        * and errors and thinks double escaping is happening, so specify
+        * that return value has no taint.
+        *
         * @param string $value The value of the input
         * @return array array( $errors, $errorClass )
+        * @return-taint none
         */
        public function getErrorsAndErrorClass( $value ) {
                $errors = $this->validate( $value, $this->mParent->mFieldData );
@@ -911,30 +910,6 @@ abstract class HTMLFormField {
                return $errors;
        }
 
-       /**
-        * Determine notices to display for the field.
-        *
-        * @since 1.28
-        * @return string[]
-        */
-       public function getNotices() {
-               $notices = [];
-
-               if ( isset( $this->mParams['notice-message'] ) ) {
-                       $notices[] = $this->getMessage( $this->mParams['notice-message'] )->parse();
-               }
-
-               if ( isset( $this->mParams['notice-messages'] ) ) {
-                       foreach ( $this->mParams['notice-messages'] as $msg ) {
-                               $notices[] = $this->getMessage( $msg )->parse();
-                       }
-               } elseif ( isset( $this->mParams['notice'] ) ) {
-                       $notices[] = $this->mParams['notice'];
-               }
-
-               return $notices;
-       }
-
        /**
         * @return string HTML
         */
@@ -1132,6 +1107,12 @@ abstract class HTMLFormField {
         * Formats one or more errors as accepted by field validation-callback.
         *
         * @param string|Message|array $errors Array of strings or Message instances
+        * To work around limitations in phan-taint-check the calling
+        * class has taintedness disabled. So instead we pretend that
+        * this method outputs html, since the result is eventually
+        * outputted anyways without escaping and this allows us to verify
+        * stuff is safe even though the caller has taintedness cleared.
+        * @param-taint $errors exec_html
         * @return string HTML
         * @since 1.18
         */
Wiklou, le Wiki du Wiklou