Anomie has uploaded a new change for review.
https://gerrit.wikimedia.org/r/174496
Change subject: API: Work around wfMangleFlashPolicy()
......................................................................
API: Work around wfMangleFlashPolicy()
The things wfMangleFlashPolicy() does to the output break things in the
API. For JSON we can work around it, while for PHP we just have to error
out. XML isn't affected because <> are escaped anyway (unless something
somehow uses 'cross-domain-policy' as a tag name), and the rest are
going away soon so they're not worth the trouble.
Bug: 66776
Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
---
M includes/api/ApiFormatJson.php
M includes/api/ApiFormatPhp.php
2 files changed, 27 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/96/174496/1
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index ce8656e..966e82d 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -67,6 +67,16 @@
$this->getIsHtml(),
$params['utf8'] ? FormatJson::ALL_OK :
FormatJson::XMLMETA_OK
);
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API, so we
need to
+ // work around it.
+ if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $json ) ) {
+ $json = preg_replace(
+ '/\<(\s*cross-domain-policy\s*)\>/i',
'\\u003C$1\\u003E', $json
+ );
+ }
+
$callback = $params['callback'];
if ( $callback !== null ) {
$callback = preg_replace( "/[^][.\\'\\\"_A-Za-z0-9]/",
'', $callback );
diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php
index ae93812..a4b4a11 100644
--- a/includes/api/ApiFormatPhp.php
+++ b/includes/api/ApiFormatPhp.php
@@ -35,6 +35,22 @@
}
public function execute() {
- $this->printText( serialize( $this->getResultData() ) );
+ $text = serialize( $this->getResultData() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API. There's
nothing
+ // we can do here that isn't actively broken in some manner, so
let's
+ // just be broken in a useful manner.
+ if ( $this->getConfig()->get( 'MangleFlashPolicy' ) &&
+ in_array( 'wfOutputHandler', ob_list_handlers(), true )
&&
+ preg_match( '/\<\s*cross-domain-policy\s*\>/i', $text )
+ ) {
+ $this->dieUsage(
+ 'This response cannot be represented using
format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776',
+ 'internalerror'
+ );
+ }
+
+ $this->printText( $text );
}
}
--
To view, visit https://gerrit.wikimedia.org/r/174496
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Anomie <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
