Bug#971985: marked as done ($validFooterLinks flattened without checking it is non-empty)

Sun, 20 Dec 2020 06:00:18 -0800 

Your message dated Sun, 20 Dec 2020 13:57:54 +0000
with message-id <[email protected]>
and subject line Bug#971985: fixed in mediawiki 1:1.31.12-1~deb10u1
has caused the Debian Bug report #971985,
regarding $validFooterLinks flattened without checking it is non-empty
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
971985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971985
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: mediawiki
Version: 1:1.31.10-1~deb10u1

Hi,
In /usr/share/mediawiki/includes/skins/BaseTemplate.php after line 601, the $validFooterLinks is "flattened" without checking that it is non-empty. 

This results in an unsightly warning in the web server log:
[Sun Oct 11 09:19:03.631271 2020] [proxy_fcgi:error] [pid 27294:tid 139621082044160] [client 114.119.136.128:13642] AH01071: Got error 'PHP message: PHP Warning: array_merge() expects at least 1 parameter, 0 given in /usr/share/mediawiki/includes/skins/BaseTemplate.php on line 603PHP message: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /usr/share/mediawiki/skins/MonoBook/includes/MonoBookTemplate.php on line 527' 

Bracketing the infringing code with count() as follows fixes the issue:

        if(count($validFooterLinks) > 0) {
                $validFooterLinks = call_user_func_array(
                        'array_merge',
                        array_values( $validFooterLinks )
                );
        }

(i.e. don't flatten the array if it is empty)

Thanks,

Alain

--- End Message ---
--- Begin Message --- 
Source: mediawiki
Source-Version: 1:1.31.12-1~deb10u1
Done: Kunal Mehta <[email protected]>

We believe that the bug you reported is fixed in the latest version of
mediawiki, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kunal Mehta <[email protected]> (supplier of updated mediawiki package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 17 Dec 2020 15:30:11 -0800
Source: mediawiki
Binary: mediawiki mediawiki-classes
Architecture: source all
Version: 1:1.31.12-1~deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Kunal Mehta <[email protected]>
Changed-By: Kunal Mehta <[email protected]>
Description:
 mediawiki  - website engine for collaborative work
 mediawiki-classes - website engine for collaborative work - standalone classes
Closes: 971985 971986
Changes:
 mediawiki (1:1.31.12-1~deb10u1) buster-security; urgency=medium
 .
   * New upstream version 1.31.12, fixing CVE-2020-35475, CVE-2020-35477,
     CVE-2020-35479, CVE-2020-35480.
     This version is not affected by CVE-2020-35474 nor CVE-2020-35478.
   * Respect $wgRedirectOnLogin configuration setting (Closes: #971986).
   * Flatten footer links without triggering a PHP warning (Closes: #971985).
Checksums-Sha1:
 c01d894942d48127fa2c2b261c73edb4370002f0 2415 mediawiki_1.31.12-1~deb10u1.dsc
 2dd153b88aa0793187446f63f4e1edd22e6b4a66 35650061 mediawiki_1.31.12.orig.tar.gz
 e22d0daadf20362cd731bc7b3bd313c1d615f628 195 mediawiki_1.31.12.orig.tar.gz.asc
 51b64b779e5df6e58597fde71694151925ee7281 112484 
mediawiki_1.31.12-1~deb10u1.debian.tar.xz
 87a26d9caef97ea5ea44566cb8a9a8c7ad57d8e1 669812 
mediawiki-classes_1.31.12-1~deb10u1_all.deb
 da49118def3c676cf44cc85335e5de81769a25b9 23222264 
mediawiki_1.31.12-1~deb10u1_all.deb
 7c9c2fb32896b94fb8beeca839ddbfd61e912c4b 6564 
mediawiki_1.31.12-1~deb10u1_amd64.buildinfo
Checksums-Sha256:
 ed861d5ecabf0e2255b229eb0b3f95a1380e749772c128f5cf7c8d51e4c80115 2415 
mediawiki_1.31.12-1~deb10u1.dsc
 bdcb68294dadcbf26118614a1c54121f6d4d6bd69fa3fa7dcc957be2452152d6 35650061 
mediawiki_1.31.12.orig.tar.gz
 df07d68e7bbfbf29ad7a2b022391d6523108b7138caa35c3495ca2dc68d526ca 195 
mediawiki_1.31.12.orig.tar.gz.asc
 0c629e805589eb2389864cc514459052766a468cd352fcc43c1bb474d8c7d975 112484 
mediawiki_1.31.12-1~deb10u1.debian.tar.xz
 a13e52658c591d33c09e545a9ca213099d35b1e0d86fb72da76b49919ac26aa3 669812 
mediawiki-classes_1.31.12-1~deb10u1_all.deb
 08031c710fbfed6989f3e08cd3c64e9c3ad50aed05222865bca4313a944a1119 23222264 
mediawiki_1.31.12-1~deb10u1_all.deb
 0ff174fdc9d01852771842b7040a355530c39587d2d613e529c25d19fa78054e 6564 
mediawiki_1.31.12-1~deb10u1_amd64.buildinfo
Files:
 3f2ae586aa12bfef89e329a92e8f02ec 2415 web optional 
mediawiki_1.31.12-1~deb10u1.dsc
 29cebc9bdf6f790cea0fe3a8c4968d1e 35650061 web optional 
mediawiki_1.31.12.orig.tar.gz
 4d69f5009551d8c179cebcde65d95bb1 195 web optional 
mediawiki_1.31.12.orig.tar.gz.asc
 60e59223ffdb8fa5b1e017abdbd8a83b 112484 web optional 
mediawiki_1.31.12-1~deb10u1.debian.tar.xz
 1c49306046c829e5f71d510fc1538975 669812 web optional 
mediawiki-classes_1.31.12-1~deb10u1_all.deb
 0ee6452d56a8df3bd7583374e4278934 23222264 web optional 
mediawiki_1.31.12-1~deb10u1_all.deb
 a4456e850b2dc28c51248eb2156d5938 6564 web optional 
mediawiki_1.31.12-1~deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEE2MtZ8F27ngU4xIGd8QX4EBsFJpsFAl/cSboTHGxlZ29rdG1A
cmlzZXVwLm5ldAAKCRDxBfgQGwUmm9z5EAC8L+rhhV+7zgTZVxGwyNYtLf1SBT9k
sit6RmeJI/XKxBt4zcBl7Ydgg/KaShrGIcXxCCBoQo/P/e5CZRalaIrezZ++Xqzj
AHqFZztixr+Xq6sQYS4+yLuaspplE4alw6J2PL508gnEs/ny2yyHZ4OmYjFZDHe0
Dk8BFE2h2sXJYVkC/v/yuC7tmd+TUUFKXMo0vX/Np3u9iCrsrjnqCBTQVhXmY9fz
hQPWz+mnv95Y19LGu8ORPultg5wu1gCeHbGRepmxQc1KK32kzbpB4jLEeQiU/F7A
AFvyKPI0OG8PSbeqk1EskSEG6sv24Uh4E87AtvLeO9vR94QzK7rTss+wKWk+Z+lo
fSWm9rPoRua87FbhpH02HRs+rfCk1gp3DkAoUPrOXX7Ga/g4fMXvpmpplOA96+KC
Tr4KeB4tGPxn6imv2kZJ+ZVPGaGti8X7m9LU/hPUQViwOmVbG8+pV5wgCyLi12Vu
KgGS4o2U5g+oteQ1QUvpfU2kuozWkUAE/92B1dfh/2JBGeFMP5t5S3DOtUEoTkyn
bzJvlh3GOughe/YvaIMNm7SR1/6w6esnW/t1hwzN4tEhYyid832UeDYFw8OyG9Ag
oYUxwdS9xgBBaXj/JkrIsp/XXEw+0z9Gg9cfTIX9VX60BZ4UTUkR8aGTGAZJ1n/Y
KSSf+1SRAhTIbw==
=4rN4
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to