diff options
| author | Luke Shumaker <lukeshu@sbcglobal.net> | 2015-02-25 23:38:25 -0500 |
|---|---|---|
| committer | Luke Shumaker <lukeshu@sbcglobal.net> | 2015-02-25 23:38:25 -0500 |
| commit | b0e5922cdadff2b394100dc8977bc2d526c04595 (patch) | |
| tree | f1c19b1aaf0988cdef72f978b9f16c5d631d3727 /includes/api/ApiFormatJson.php | |
| parent | ad2b9dc3e492af9d550532817f34f865a97a8f63 (diff) | |
| parent | b88ab0086858470dd1f644e64cb4e4f62bb2be9b (diff) | |
Merge commit 'b88ab'
Diffstat (limited to 'includes/api/ApiFormatJson.php')
| -rw-r--r-- | includes/api/ApiFormatJson.php | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index 342a580f..47d82124 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -62,10 +62,22 @@ class ApiFormatJson extends ApiFormatBase { $this->getIsHtml(), $params['utf8'] ? FormatJson::ALL_OK : FormatJson::XMLMETA_OK ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API, so we need to + // work around it. + if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $json ) ) { + $json = preg_replace( + '/\<(\s*cross-domain-policy\s*)\>/i', '\\u003C$1\\u003E', $json + ); + } + $callback = $params['callback']; if ( $callback !== null ) { $callback = preg_replace( "/[^][.\\'\\\"_A-Za-z0-9]/", '', $callback ); - $this->printText( "$callback($json)" ); + # Prepend a comment to try to avoid attacks against content + # sniffers, such as bug 68187. + $this->printText( "/**/$callback($json)" ); } else { $this->printText( $json ); } |