Update to MediaWiki 1.22.9

author: Pierre Schmitz <pierre@archlinux.de> 2014-07-31 06:43:27 +0200
committer: Pierre Schmitz <pierre@archlinux.de> 2014-07-31 06:43:27 +0200
commit: 027fc6e70f7f9ce8422d4798fb02e67ff271ae4c (patch)
tree: 8163dff509e80309c82051a1095faab9396e280f /includes/api/ApiFormatJson.php
parent: f80b2307028ed4d9231a0bd46496b241dcf4aa5c (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index 342a580f..4140583e 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -65,7 +65,9 @@ class ApiFormatJson extends ApiFormatBase {
 		$callback = $params['callback'];
 		if ( $callback !== null ) {
 			$callback = preg_replace( "/[^][.\\'\\\"_A-Za-z0-9]/", '', $callback );
-			$this->printText( "$callback($json)" );
+			# Prepend a comment to try to avoid attacks against content
+			# sniffers, such as bug 68187.
+			$this->printText( "/**/$callback($json)" );
 		} else {
 			$this->printText( $json );
 		}
author	Pierre Schmitz <pierre@archlinux.de>	2014-07-31 06:43:27 +0200
committer	Pierre Schmitz <pierre@archlinux.de>	2014-07-31 06:43:27 +0200
commit	027fc6e70f7f9ce8422d4798fb02e67ff271ae4c (patch)
tree	8163dff509e80309c82051a1095faab9396e280f /includes/api/ApiFormatJson.php
parent	f80b2307028ed4d9231a0bd46496b241dcf4aa5c (diff)