Remove taint support

Venema's taint feature was apparently never publicised beyond the
php-dev mailing list, and now there is a PECL taint extension which is
incompatible with the interface assumed here.

Grep confirms that wfArrayMap() is not used in any extensions.

Change-Id: I17d8d302947443262474c608829c7c7504bef589

diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 51c67a6..5c45577 100644 (file)
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -93,26 +93,6 @@ if ( !function_exists( 'mb_strrpos' ) ) {
                return Fallback::mb_strrpos( $haystack, $needle, $offset, $encoding );
        }
 }
-
-// Support for Wietse Venema's taint feature
-if ( !function_exists( 'istainted' ) ) {
-       /**
-        * @codeCoverageIgnore
-        * @return int
-        */
-       function istainted( $var ) {
-               return 0;
-       }
-       /** @codeCoverageIgnore */
-       function taint( $var, $level = 0 ) {}
-       /** @codeCoverageIgnore */
-       function untaint( $var, $level = 0 ) {}
-       define( 'TC_HTML', 1 );
-       define( 'TC_SHELL', 1 );
-       define( 'TC_MYSQL', 1 );
-       define( 'TC_PCRE', 1 );
-       define( 'TC_SELF', 1 );
-}
 /// @endcond
 
 /**
@@ -276,24 +256,6 @@ function wfObjectToArray( $objOrArray, $recursive = true ) {
        return $array;
 }
 
-/**
- * Wrapper around array_map() which also taints variables
- *
- * @param  $function Callback
- * @param  $input Array
- * @return Array
- */
-function wfArrayMap( $function, $input ) {
-       $ret = array_map( $function, $input );
-       foreach ( $ret as $key => $value ) {
-               $taint = istainted( $input[$key] );
-               if ( $taint ) {
-                       taint( $ret[$key], $taint );
-               }
-       }
-       return $ret;
-}
-
 /**
  * Get a random decimal value between 0 and 1, in a way
  * not likely to give duplicate values for any realistic

diff --git a/includes/WebRequest.php b/includes/WebRequest.php
index e85bf9c..20ee5e5 100644 (file)
--- a/includes/WebRequest.php
+++ b/includes/WebRequest.php
@@ -347,7 +347,6 @@ class WebRequest {
                        $data = $this->normalizeUnicode( $data );
                        return $data;
                } else {
-                       taint( $default );
                        return $default;
                }
        }

diff --git a/includes/db/Database.php b/includes/db/Database.php
index 1cbffd8..f9d5407 100644 (file)
--- a/includes/db/Database.php
+++ b/includes/db/Database.php
@@ -946,14 +946,6 @@ abstract class DatabaseBase implements DatabaseType {
                        wfDebug( "Query {$this->mDBname} ($cnt) ($master): $sqlx\n" );
                }
 
-               if ( istainted( $sql ) & TC_MYSQL ) {
-                       if ( !Profiler::instance()->isStub() ) {
-                               wfProfileOut( $queryProf );
-                               wfProfileOut( $totalProf );
-                       }
-                       throw new MWException( 'Tainted query found' );
-               }
-
                $queryId = MWDebug::query( $sql, $fname, $isMaster );
 
                # Do the query and handle errors

diff --git a/includes/installer/Installer.php b/includes/installer/Installer.php
index e35719d..084f198 100644 (file)
--- a/includes/installer/Installer.php
+++ b/includes/installer/Installer.php
@@ -1003,7 +1003,7 @@ abstract class Installer {
                        return true;
                }
 
-               $lines = wfArrayMap( 'trim', explode( "\n", $lines ) );
+               $lines = array_map( 'trim', explode( "\n", $lines ) );
                $candidatesByLocale = array();
                $candidatesByLang = array();