[MediaWiki-commits] [Gerrit] mediawiki...Echo[master]: ContainmentSet: Use strict comparison for array_search()

Mon, 16 Oct 2017 08:26:04 -0700 

Dbarratt has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/384536 )

Change subject: ContainmentSet: Use strict comparison for array_search()
......................................................................

ContainmentSet: Use strict comparison for array_search()

Otherwise, if $list->getValues() contains the number 0,
any non-numerical string will match, because 'foo'==0 is true.

This, in combination with a broken maintenance script that had
inserted 0s into some users' blacklist, broke all notifications
for those users.

Bug: T177825
Change-Id: Ibf78635dc5d6f70ae77958d6b972c87bfef0c267
---
M includes/ContainmentSet.php
M tests/phpunit/ContainmentSetTest.php
2 files changed, 5 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/Echo 
refs/changes/36/384536/1

diff --git a/includes/ContainmentSet.php b/includes/ContainmentSet.php
index d5cfff5..0803da0 100644
--- a/includes/ContainmentSet.php
+++ b/includes/ContainmentSet.php
@@ -111,7 +111,8 @@
         */
        public function contains( $value ) {
                foreach ( $this->lists as $list ) {
-                       if ( array_search( $value, $list->getValues() ) !== 
false ) {
+                       // Use strict comparison to prevent the number 0 from 
matching all strings (T177825)
+                       if ( array_search( $value, $list->getValues(), true ) 
!== false ) {
                                return true;
                        }
                }
diff --git a/tests/phpunit/ContainmentSetTest.php 
b/tests/phpunit/ContainmentSetTest.php
index 077e235..5971c81 100644
--- a/tests/phpunit/ContainmentSetTest.php
+++ b/tests/phpunit/ContainmentSetTest.php
@@ -15,6 +15,9 @@
 
                $list->addArray( [ 'whammo' ] );
                $this->assertTrue( $list->contains( 'whammo' ) );
+
+               $list->addArray( [ 0 ] );
+               $this->assertFalse( $list->contains( 'baz' ) );
        }
 
        public function testCachedListInnerListIsOnlyCalledOnce() {

-- 
To view, visit https://gerrit.wikimedia.org/r/384536
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibf78635dc5d6f70ae77958d6b972c87bfef0c267
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/Echo
Gerrit-Branch: master
Gerrit-Owner: Dbarratt <dbarr...@wikimedia.org>
Gerrit-Reviewer: Catrope <r...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to