Bug#971985: marked as done ($validFooterLinks flattened without checking it is non-empty)

Thu, 17 Dec 2020 18:51:18 -0800 

Your message dated Fri, 18 Dec 2020 02:49:57 +0000
with message-id <[email protected]>
and subject line Bug#971985: fixed in mediawiki 1:1.35.1-1
has caused the Debian Bug report #971985,
regarding $validFooterLinks flattened without checking it is non-empty
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
971985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971985
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: mediawiki
Version: 1:1.31.10-1~deb10u1

Hi,
In /usr/share/mediawiki/includes/skins/BaseTemplate.php after line 601, the $validFooterLinks is "flattened" without checking that it is non-empty. 

This results in an unsightly warning in the web server log:
[Sun Oct 11 09:19:03.631271 2020] [proxy_fcgi:error] [pid 27294:tid 139621082044160] [client 114.119.136.128:13642] AH01071: Got error 'PHP message: PHP Warning: array_merge() expects at least 1 parameter, 0 given in /usr/share/mediawiki/includes/skins/BaseTemplate.php on line 603PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/share/mediawiki/skins/MonoBook/includes/MonoBookTemplate.php on line 527' 

Bracketing the infringing code with count() as follows fixes the issue:

        if(count($validFooterLinks) > 0) {
                $validFooterLinks = call_user_func_array(
                        'array_merge',
                        array_values( $validFooterLinks )
                );
        }

(i.e. don't flatten the array if it is empty)

Thanks,

Alain

--- End Message ---
--- Begin Message --- 
Source: mediawiki
Source-Version: 1:1.35.1-1
Done: Kunal Mehta <[email protected]>

We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kunal Mehta <[email protected]> (supplier of updated mediawiki package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 17 Dec 2020 17:53:57 -0800
Source: mediawiki
Architecture: source
Version: 1:1.35.1-1
Distribution: unstable
Urgency: medium
Maintainer: Kunal Mehta <[email protected]>
Changed-By: Kunal Mehta <[email protected]>
Closes: 971985 971986
Changes:
 mediawiki (1:1.35.1-1) unstable; urgency=medium
 .
   * New upstream version 1.35.1, fixing CVE-2020-35474, CVE-2020-35475,
     CVE-2020-35477, CVE-2020-35478, CVE-2020-35479, CVE-2020-35480.
   * Respect $wgRedirectOnLogin configuration setting (Closes: #971986).
   * Flatten footer links without triggering a PHP warning (Closes: #971985).
   * Drop patches merged upstream
Checksums-Sha1:
 103a969e1f6ba78627a05034f5ba990f94bc84ec 2377 mediawiki_1.35.1-1.dsc
 01634609cce582b78a0a865141dadb90d512c0fe 48046673 mediawiki_1.35.1.orig.tar.gz
 1d77529a1bd4d5beb93094180b12750530a41dce 195 mediawiki_1.35.1.orig.tar.gz.asc
 1f0e9bddc1ca2594aba464d5692592c27b5c2bb7 100416 
mediawiki_1.35.1-1.debian.tar.xz
 a2a00cf9993b33afd530f15f395821b8efa3c68d 7024 
mediawiki_1.35.1-1_amd64.buildinfo
Checksums-Sha256:
 5f2bdbd34f3725eb15c9847a730afc098b06881e4a55476f71d7d60b06669f36 2377 
mediawiki_1.35.1-1.dsc
 8e65a61d4a16ea6f3e60a2828483f8d50047b89f94f1313fcc2da113fdabe315 48046673 
mediawiki_1.35.1.orig.tar.gz
 24655ab349c7a61c9ccc138557bbfb10f7e20a24b297992014b2674a256db9e5 195 
mediawiki_1.35.1.orig.tar.gz.asc
 f7e523dd121053e778a21cc9340883127d6c401e54feb22b9c6c80c0c1b5852d 100416 
mediawiki_1.35.1-1.debian.tar.xz
 98f1f8156a22b325180020f19e017acdf22ecbec58a72c459a3288cf817517cf 7024 
mediawiki_1.35.1-1_amd64.buildinfo
Files:
 af3cefd8c551b161ae76b4dfd44ebab8 2377 web optional mediawiki_1.35.1-1.dsc
 dd8b40d01a626757e939ea1abaa1bf4a 48046673 web optional 
mediawiki_1.35.1.orig.tar.gz
 2291427bd9c518c41d67222bb2607031 195 web optional 
mediawiki_1.35.1.orig.tar.gz.asc
 cfed8b53dfa68a6dce1828613424a4cd 100416 web optional 
mediawiki_1.35.1-1.debian.tar.xz
 b27725b41dca78a44765fbbf1e277b5e 7024 web optional 
mediawiki_1.35.1-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEE2MtZ8F27ngU4xIGd8QX4EBsFJpsFAl/cFDcTHGxlZ29rdG1A
cmlzZXVwLm5ldAAKCRDxBfgQGwUmm6clD/9YWroumiV4W7Us19WA0+Km+KSdL9yh
N6m9vaFvEIR+Roj81CyfttLSjWHDN/ecQXafPa8rzUNHyc5x54ABiQOM7h4/g+2j
qfR74UIB8Cg3e14t5p3hfEsHtrPFQbn782YW4mvhn2TFVVHdcR+r4lHVyVQaIR7x
pf07aGJpwAG4XUx92XiXDTANY1E9dUsVY4VkQQtNnG263hsIfIH2VKQSHFFKAUKl
kVknHk2h168cQGsAC8cfgvfYAAr3+1RE96a3uw16iUBaJdLQhMtGlV9XBUkxotxg
8QwtuGE/IiqiaFMJy03m4ZqVHf9iDsnbakha490OvXpfKBGlBJ13g3o1g2qYMyrh
iQOSRvDxQIjHyvNwFOBXe9Buz0dj7JsIDe6k/MalM/sVNDGXjCddFdPQTVnyAcDp
9/TeXCXL4WWbVvuCDqS37uMM25PBZG0k1lJNXkokq9y5KCcyYJl6S9Q7iZDL9qOx
7QV8tOGYGjserU75H9AATeQVO0MaXUZ4/rrXeFL2JGoRqNHNbTK9UGWGYoFlpIr6
JLZ9ESflXV+H5NoF+1ce84y1XlQpMPAJg60BdcB5nhOHKBA8NzPHBcCCshf3+yvY
frwEPwxjYdOo+8Iq3d12UyVCusY4lK/djNP4TNdv4p1vQV0r7CnL+f8CxYjq+Y9Q
kwn+TWLo5EedGg==
=wUhP
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to