Mglaser has submitted this change and it was merged.
Change subject: API: Work around wfMangleFlashPolicy()
......................................................................
API: Work around wfMangleFlashPolicy()
The things wfMangleFlashPolicy() does to the output break things in the
API. For JSON we can work around it, while for PHP we just have to error
out. XML isn't affected because <> are escaped anyway (unless something
somehow uses 'cross-domain-policy' as a tag name), and the rest are
going away soon so they're not worth the trouble.
Backport, originally committed by Brad Jorsch
Bug: 66776
Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
---
M includes/api/ApiFormatJson.php
M includes/api/ApiFormatPhp.php
2 files changed, 27 insertions(+), 1 deletion(-)
Approvals:
Mglaser: Verified; Looks good to me, approved
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index 6c5ad38..d9f9d46 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -63,6 +63,16 @@
$this->getIsHtml(),
$params['utf8'] ? FormatJson::ALL_OK :
FormatJson::XMLMETA_OK
);
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API, so we
need to
+ // work around it.
+ if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $json ) ) {
+ $json = preg_replace(
+ '/\<(\s*cross-domain-policy\s*)\>/i',
'\\u003C$1\\u003E', $json
+ );
+ }
+
$callback = $params['callback'];
if ( $callback !== null ) {
$callback = preg_replace( "/[^][.\\'\\\"_A-Za-z0-9]/",
'', $callback );
diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php
index b2d1f04..73ce80e 100644
--- a/includes/api/ApiFormatPhp.php
+++ b/includes/api/ApiFormatPhp.php
@@ -35,7 +35,23 @@
}
public function execute() {
- $this->printText( serialize( $this->getResultData() ) );
+ $text = serialize( $this->getResultData() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API. There's
nothing
+ // we can do here that isn't actively broken in some manner, so
let's
+ // just be broken in a useful manner.
+ if ( $this->getConfig()->get( 'MangleFlashPolicy' ) &&
+ in_array( 'wfOutputHandler', ob_list_handlers(), true )
&&
+ preg_match( '/\<\s*cross-domain-policy\s*\>/i', $text )
+ ) {
+ $this->dieUsage(
+ 'This response cannot be represented using
format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776',
+ 'internalerror'
+ );
+ }
+
+ $this->printText( $text );
}
public function getDescription() {
--
To view, visit https://gerrit.wikimedia.org/r/175956
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_24
Gerrit-Owner: Mglaser <gla...@hallowelt.biz>
Gerrit-Reviewer: Anomie <bjor...@wikimedia.org>
Gerrit-Reviewer: Mglaser <gla...@hallowelt.biz>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
