X-Git-Url: https://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2FAjaxDispatcher.php;h=f6c907513681de41803f365310fc46498facb83a;hb=2c35b5be5f8fc477cdd7e4d832de58de3a6ca3d9;hp=75fcff3654a10b34d8db41872d3deae7443e75db;hpb=587d08c5a626f8195def9f82ee83e17c85824db8;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/AjaxDispatcher.php b/includes/AjaxDispatcher.php
index 75fcff3654..f6c9075136 100644
--- a/includes/AjaxDispatcher.php
+++ b/includes/AjaxDispatcher.php
@@ -23,6 +23,9 @@
 
 use MediaWiki\MediaWikiServices;
 
+// Use superglobals, but since it's deprecated, it's not worth fixing
+// phpcs:disable MediaWiki.Usage.SuperGlobalsUsage.SuperGlobals
+
 /**
  * @defgroup Ajax Ajax
  */
@@ -73,7 +76,7 @@ class AjaxDispatcher {
 
 		switch ( $this->mode ) {
 			case 'get':
-				$this->func_name = isset( $_GET["rs"] ) ? $_GET["rs"] : '';
+				$this->func_name = $_GET["rs"] ?? '';
 				if ( !empty( $_GET["rsargs"] ) ) {
 					$this->args = $_GET["rsargs"];
 				} else {
@@ -81,7 +84,7 @@ class AjaxDispatcher {
 				}
 				break;
 			case 'post':
-				$this->func_name = isset( $_POST["rs"] ) ? $_POST["rs"] : '';
+				$this->func_name = $_POST["rs"] ?? '';
 				if ( !empty( $_POST["rsargs"] ) ) {
 					$this->args = $_POST["rsargs"];
 				} else {
@@ -101,6 +104,9 @@ class AjaxDispatcher {
 	 * they should be carefully handled in the function processing the
 	 * request.
 	 *
+	 * phan-taint-check triggers as it is not smart enough to understand
+	 * the early return if func_name not in AjaxExportList.
+	 * @suppress SecurityCheck-XSS
 	 * @param User $user
 	 */
 	function performAction( User $user ) {