[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Mglaser has uploaded a new change for review. https://gerrit.wikimedia.org/r/175956 Change subject: API: Work around wfMangleFlashPolicy() .. API: Work around wfMangleFlashPolicy() The things wfMangleFlashPolicy() does to the output break things in the API. For JSON we can work around it, while for PHP we just have to error out. XML isn't affected because are escaped anyway (unless something somehow uses 'cross-domain-policy' as a tag name), and the rest are going away soon so they're not worth the trouble. Backport, originally committed by Brad Jorsch Bug: 66776 Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 --- M includes/api/ApiFormatJson.php M includes/api/ApiFormatPhp.php 2 files changed, 27 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/56/175956/1 diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index 6c5ad38..d9f9d46 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -63,6 +63,16 @@ $this-getIsHtml(), $params['utf8'] ? FormatJson::ALL_OK : FormatJson::XMLMETA_OK ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API, so we need to + // work around it. + if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) { + $json = preg_replace( + '/\(\s*cross-domain-policy\s*)\/i', '\\u003C$1\\u003E', $json + ); + } + $callback = $params['callback']; if ( $callback !== null ) { $callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/, '', $callback ); diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php index b2d1f04..73ce80e 100644 --- a/includes/api/ApiFormatPhp.php +++ b/includes/api/ApiFormatPhp.php @@ -35,7 +35,23 @@ } public function execute() { - $this-printText( serialize( $this-getResultData() ) ); + $text = serialize( $this-getResultData() ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API. There's nothing + // we can do here that isn't actively broken in some manner, so let's + // just be broken in a useful manner. + if ( $this-getConfig()-get( 'MangleFlashPolicy' ) + in_array( 'wfOutputHandler', ob_list_handlers(), true ) + preg_match( '/\\s*cross-domain-policy\s*\/i', $text ) + ) { + $this-dieUsage( + 'This response cannot be represented using format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776', + 'internalerror' + ); + } + + $this-printText( $text ); } public function getDescription() { -- To view, visit https://gerrit.wikimedia.org/r/175956 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_24 Gerrit-Owner: Mglaser gla...@hallowelt.biz ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Mglaser has uploaded a new change for review. https://gerrit.wikimedia.org/r/175957 Change subject: API: Work around wfMangleFlashPolicy() .. API: Work around wfMangleFlashPolicy() The things wfMangleFlashPolicy() does to the output break things in the API. For JSON we can work around it, while for PHP we just have to error out. XML isn't affected because are escaped anyway (unless something somehow uses 'cross-domain-policy' as a tag name), and the rest are going away soon so they're not worth the trouble. Backport, originally committed by Brad Jorsch Bug: 66776 Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 --- M includes/api/ApiFormatJson.php M includes/api/ApiFormatPhp.php 2 files changed, 27 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/57/175957/1 diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index 9673d6f..b222f74 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -63,6 +63,16 @@ $this-getIsHtml(), $params['utf8'] ? FormatJson::ALL_OK : FormatJson::XMLMETA_OK ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API, so we need to + // work around it. + if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) { + $json = preg_replace( + '/\(\s*cross-domain-policy\s*)\/i', '\\u003C$1\\u003E', $json + ); + } + $callback = $params['callback']; if ( $callback !== null ) { $callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/, '', $callback ); diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php index b2d1f04..73ce80e 100644 --- a/includes/api/ApiFormatPhp.php +++ b/includes/api/ApiFormatPhp.php @@ -35,7 +35,23 @@ } public function execute() { - $this-printText( serialize( $this-getResultData() ) ); + $text = serialize( $this-getResultData() ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API. There's nothing + // we can do here that isn't actively broken in some manner, so let's + // just be broken in a useful manner. + if ( $this-getConfig()-get( 'MangleFlashPolicy' ) + in_array( 'wfOutputHandler', ob_list_handlers(), true ) + preg_match( '/\\s*cross-domain-policy\s*\/i', $text ) + ) { + $this-dieUsage( + 'This response cannot be represented using format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776', + 'internalerror' + ); + } + + $this-printText( $text ); } public function getDescription() { -- To view, visit https://gerrit.wikimedia.org/r/175957 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_23 Gerrit-Owner: Mglaser gla...@hallowelt.biz ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Mglaser has uploaded a new change for review. https://gerrit.wikimedia.org/r/175958 Change subject: API: Work around wfMangleFlashPolicy() .. API: Work around wfMangleFlashPolicy() The things wfMangleFlashPolicy() does to the output break things in the API. For JSON we can work around it, while for PHP we just have to error out. XML isn't affected because are escaped anyway (unless something somehow uses 'cross-domain-policy' as a tag name), and the rest are going away soon so they're not worth the trouble. Backport, originally committed by Brad Jorsch Bug: 66776 Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 --- M includes/api/ApiFormatJson.php M includes/api/ApiFormatPhp.php 2 files changed, 28 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/58/175958/1 diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index 4140583..47d8212 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -62,6 +62,16 @@ $this-getIsHtml(), $params['utf8'] ? FormatJson::ALL_OK : FormatJson::XMLMETA_OK ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API, so we need to + // work around it. + if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) { + $json = preg_replace( + '/\(\s*cross-domain-policy\s*)\/i', '\\u003C$1\\u003E', $json + ); + } + $callback = $params['callback']; if ( $callback !== null ) { $callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/, '', $callback ); diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php index b2d1f04..bda1c18 100644 --- a/includes/api/ApiFormatPhp.php +++ b/includes/api/ApiFormatPhp.php @@ -35,7 +35,24 @@ } public function execute() { - $this-printText( serialize( $this-getResultData() ) ); + global $wgMangleFlashPolicy; + $text = serialize( $this-getResultData() ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API. There's nothing + // we can do here that isn't actively broken in some manner, so let's + // just be broken in a useful manner. + if ( $wgMangleFlashPolicy + in_array( 'wfOutputHandler', ob_list_handlers(), true ) + preg_match( '/\\s*cross-domain-policy\s*\/i', $text ) + ) { + $this-dieUsage( + 'This response cannot be represented using format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776', + 'internalerror' + ); + } + + $this-printText( $text ); } public function getDescription() { -- To view, visit https://gerrit.wikimedia.org/r/175958 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_22 Gerrit-Owner: Mglaser gla...@hallowelt.biz ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Mglaser has uploaded a new change for review. https://gerrit.wikimedia.org/r/175960 Change subject: API: Work around wfMangleFlashPolicy() .. API: Work around wfMangleFlashPolicy() The things wfMangleFlashPolicy() does to the output break things in the API. For JSON we can work around it, while for PHP we just have to error out. XML isn't affected because are escaped anyway (unless something somehow uses 'cross-domain-policy' as a tag name), and the rest are going away soon so they're not worth the trouble. Backport, originally committed by Brad Jorsch Bug: 66776 Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 --- M includes/api/ApiFormatJson.php M includes/api/ApiFormatPhp.php 2 files changed, 31 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/60/175960/1 diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index 6a13fa1..6f50526 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -67,9 +67,21 @@ $prefix = ( /**/$prefix ); $suffix = ')'; } + + $json = FormatJson::encode( $this-getResultData(), $this-getIsHtml() ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API, so we need to + // work around it. + if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) { + $json = preg_replace( + '/\(\s*cross-domain-policy\s*)\/i', '\\u003C$1\\u003E', $json + ); + } + $this-printText( $prefix . - FormatJson::encode( $this-getResultData(), $this-getIsHtml() ) . + $json . $suffix ); } diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php index 60552c4..67ed6ad 100644 --- a/includes/api/ApiFormatPhp.php +++ b/includes/api/ApiFormatPhp.php @@ -39,7 +39,24 @@ } public function execute() { - $this-printText( serialize( $this-getResultData() ) ); + global $wgMangleFlashPolicy; + $text = serialize( $this-getResultData() ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API. There's nothing + // we can do here that isn't actively broken in some manner, so let's + // just be broken in a useful manner. + if ( $wgMangleFlashPolicy + in_array( 'wfOutputHandler', ob_list_handlers(), true ) + preg_match( '/\\s*cross-domain-policy\s*\/i', $text ) + ) { + $this-dieUsage( + 'This response cannot be represented using format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776', + 'internalerror' + ); + } + + $this-printText( $text ); } public function getDescription() { -- To view, visit https://gerrit.wikimedia.org/r/175960 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_19 Gerrit-Owner: Mglaser gla...@hallowelt.biz ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Mglaser has submitted this change and it was merged. Change subject: API: Work around wfMangleFlashPolicy() .. API: Work around wfMangleFlashPolicy() The things wfMangleFlashPolicy() does to the output break things in the API. For JSON we can work around it, while for PHP we just have to error out. XML isn't affected because are escaped anyway (unless something somehow uses 'cross-domain-policy' as a tag name), and the rest are going away soon so they're not worth the trouble. Backport, originally committed by Brad Jorsch Bug: 66776 Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 --- M includes/api/ApiFormatJson.php M includes/api/ApiFormatPhp.php 2 files changed, 27 insertions(+), 1 deletion(-) Approvals: Mglaser: Verified; Looks good to me, approved diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index 6c5ad38..d9f9d46 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -63,6 +63,16 @@ $this-getIsHtml(), $params['utf8'] ? FormatJson::ALL_OK : FormatJson::XMLMETA_OK ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API, so we need to + // work around it. + if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) { + $json = preg_replace( + '/\(\s*cross-domain-policy\s*)\/i', '\\u003C$1\\u003E', $json + ); + } + $callback = $params['callback']; if ( $callback !== null ) { $callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/, '', $callback ); diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php index b2d1f04..73ce80e 100644 --- a/includes/api/ApiFormatPhp.php +++ b/includes/api/ApiFormatPhp.php @@ -35,7 +35,23 @@ } public function execute() { - $this-printText( serialize( $this-getResultData() ) ); + $text = serialize( $this-getResultData() ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API. There's nothing + // we can do here that isn't actively broken in some manner, so let's + // just be broken in a useful manner. + if ( $this-getConfig()-get( 'MangleFlashPolicy' ) + in_array( 'wfOutputHandler', ob_list_handlers(), true ) + preg_match( '/\\s*cross-domain-policy\s*\/i', $text ) + ) { + $this-dieUsage( + 'This response cannot be represented using format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776', + 'internalerror' + ); + } + + $this-printText( $text ); } public function getDescription() { -- To view, visit https://gerrit.wikimedia.org/r/175956 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_24 Gerrit-Owner: Mglaser gla...@hallowelt.biz Gerrit-Reviewer: Anomie bjor...@wikimedia.org Gerrit-Reviewer: Mglaser gla...@hallowelt.biz Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Mglaser has submitted this change and it was merged. Change subject: API: Work around wfMangleFlashPolicy() .. API: Work around wfMangleFlashPolicy() The things wfMangleFlashPolicy() does to the output break things in the API. For JSON we can work around it, while for PHP we just have to error out. XML isn't affected because are escaped anyway (unless something somehow uses 'cross-domain-policy' as a tag name), and the rest are going away soon so they're not worth the trouble. Backport, originally committed by Brad Jorsch Bug: 66776 Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 --- M includes/api/ApiFormatJson.php M includes/api/ApiFormatPhp.php 2 files changed, 27 insertions(+), 1 deletion(-) Approvals: Mglaser: Verified; Looks good to me, approved jenkins-bot: Verified diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index 9673d6f..b222f74 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -63,6 +63,16 @@ $this-getIsHtml(), $params['utf8'] ? FormatJson::ALL_OK : FormatJson::XMLMETA_OK ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API, so we need to + // work around it. + if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) { + $json = preg_replace( + '/\(\s*cross-domain-policy\s*)\/i', '\\u003C$1\\u003E', $json + ); + } + $callback = $params['callback']; if ( $callback !== null ) { $callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/, '', $callback ); diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php index b2d1f04..73ce80e 100644 --- a/includes/api/ApiFormatPhp.php +++ b/includes/api/ApiFormatPhp.php @@ -35,7 +35,23 @@ } public function execute() { - $this-printText( serialize( $this-getResultData() ) ); + $text = serialize( $this-getResultData() ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API. There's nothing + // we can do here that isn't actively broken in some manner, so let's + // just be broken in a useful manner. + if ( $this-getConfig()-get( 'MangleFlashPolicy' ) + in_array( 'wfOutputHandler', ob_list_handlers(), true ) + preg_match( '/\\s*cross-domain-policy\s*\/i', $text ) + ) { + $this-dieUsage( + 'This response cannot be represented using format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776', + 'internalerror' + ); + } + + $this-printText( $text ); } public function getDescription() { -- To view, visit https://gerrit.wikimedia.org/r/175957 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_23 Gerrit-Owner: Mglaser gla...@hallowelt.biz Gerrit-Reviewer: Anomie bjor...@wikimedia.org Gerrit-Reviewer: Mglaser gla...@hallowelt.biz Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Mglaser has submitted this change and it was merged. Change subject: API: Work around wfMangleFlashPolicy() .. API: Work around wfMangleFlashPolicy() The things wfMangleFlashPolicy() does to the output break things in the API. For JSON we can work around it, while for PHP we just have to error out. XML isn't affected because are escaped anyway (unless something somehow uses 'cross-domain-policy' as a tag name), and the rest are going away soon so they're not worth the trouble. Backport, originally committed by Brad Jorsch Bug: 66776 Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 --- M includes/api/ApiFormatJson.php M includes/api/ApiFormatPhp.php 2 files changed, 28 insertions(+), 1 deletion(-) Approvals: Mglaser: Verified; Looks good to me, approved diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index 4140583..47d8212 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -62,6 +62,16 @@ $this-getIsHtml(), $params['utf8'] ? FormatJson::ALL_OK : FormatJson::XMLMETA_OK ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API, so we need to + // work around it. + if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) { + $json = preg_replace( + '/\(\s*cross-domain-policy\s*)\/i', '\\u003C$1\\u003E', $json + ); + } + $callback = $params['callback']; if ( $callback !== null ) { $callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/, '', $callback ); diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php index b2d1f04..bda1c18 100644 --- a/includes/api/ApiFormatPhp.php +++ b/includes/api/ApiFormatPhp.php @@ -35,7 +35,24 @@ } public function execute() { - $this-printText( serialize( $this-getResultData() ) ); + global $wgMangleFlashPolicy; + $text = serialize( $this-getResultData() ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API. There's nothing + // we can do here that isn't actively broken in some manner, so let's + // just be broken in a useful manner. + if ( $wgMangleFlashPolicy + in_array( 'wfOutputHandler', ob_list_handlers(), true ) + preg_match( '/\\s*cross-domain-policy\s*\/i', $text ) + ) { + $this-dieUsage( + 'This response cannot be represented using format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776', + 'internalerror' + ); + } + + $this-printText( $text ); } public function getDescription() { -- To view, visit https://gerrit.wikimedia.org/r/175958 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_22 Gerrit-Owner: Mglaser gla...@hallowelt.biz Gerrit-Reviewer: Anomie bjor...@wikimedia.org Gerrit-Reviewer: Mglaser gla...@hallowelt.biz Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Mglaser has submitted this change and it was merged. Change subject: API: Work around wfMangleFlashPolicy() .. API: Work around wfMangleFlashPolicy() The things wfMangleFlashPolicy() does to the output break things in the API. For JSON we can work around it, while for PHP we just have to error out. XML isn't affected because are escaped anyway (unless something somehow uses 'cross-domain-policy' as a tag name), and the rest are going away soon so they're not worth the trouble. Backport, originally committed by Brad Jorsch Bug: 66776 Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 --- M includes/api/ApiFormatJson.php M includes/api/ApiFormatPhp.php 2 files changed, 31 insertions(+), 2 deletions(-) Approvals: Mglaser: Verified; Looks good to me, approved diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index 6a13fa1..6f50526 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -67,9 +67,21 @@ $prefix = ( /**/$prefix ); $suffix = ')'; } + + $json = FormatJson::encode( $this-getResultData(), $this-getIsHtml() ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API, so we need to + // work around it. + if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) { + $json = preg_replace( + '/\(\s*cross-domain-policy\s*)\/i', '\\u003C$1\\u003E', $json + ); + } + $this-printText( $prefix . - FormatJson::encode( $this-getResultData(), $this-getIsHtml() ) . + $json . $suffix ); } diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php index 60552c4..67ed6ad 100644 --- a/includes/api/ApiFormatPhp.php +++ b/includes/api/ApiFormatPhp.php @@ -39,7 +39,24 @@ } public function execute() { - $this-printText( serialize( $this-getResultData() ) ); + global $wgMangleFlashPolicy; + $text = serialize( $this-getResultData() ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API. There's nothing + // we can do here that isn't actively broken in some manner, so let's + // just be broken in a useful manner. + if ( $wgMangleFlashPolicy + in_array( 'wfOutputHandler', ob_list_handlers(), true ) + preg_match( '/\\s*cross-domain-policy\s*\/i', $text ) + ) { + $this-dieUsage( + 'This response cannot be represented using format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776', + 'internalerror' + ); + } + + $this-printText( $text ); } public function getDescription() { -- To view, visit https://gerrit.wikimedia.org/r/175960 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: REL1_19 Gerrit-Owner: Mglaser gla...@hallowelt.biz Gerrit-Reviewer: Anomie bjor...@wikimedia.org Gerrit-Reviewer: Mglaser gla...@hallowelt.biz Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
jenkins-bot has submitted this change and it was merged. Change subject: API: Work around wfMangleFlashPolicy() .. API: Work around wfMangleFlashPolicy() The things wfMangleFlashPolicy() does to the output break things in the API. For JSON we can work around it, while for PHP we just have to error out. XML isn't affected because are escaped anyway (unless something somehow uses 'cross-domain-policy' as a tag name), and the rest are going away soon so they're not worth the trouble. Bug: 66776 Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 (cherry picked from commit e868f703ad4afbdcf81e7e392a46f20e356c4331) --- M RELEASE-NOTES-1.25 M includes/api/ApiFormatJson.php M includes/api/ApiFormatPhp.php 3 files changed, 30 insertions(+), 1 deletion(-) Approvals: Anomie: Looks good to me, approved jenkins-bot: Verified diff --git a/RELEASE-NOTES-1.25 b/RELEASE-NOTES-1.25 index ae1c23e..b36daa6 100644 --- a/RELEASE-NOTES-1.25 +++ b/RELEASE-NOTES-1.25 @@ -97,6 +97,9 @@ * If the user has the 'deletedhistory' right, action=query's revids parameter will now recognize deleted revids. * prop=revisions may be used as a generator, generating revids. +* (bug 66776) format=json results will no longer be corrupted when + $wgMangleFlashPolicy is in effect. format=php results will cleanly return an + error instead of returning invalid serialized data. === Action API internal changes in 1.25 === * ApiHelp has been rewritten to support i18n and paginated HTML output. diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index ce8656e..966e82d 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -67,6 +67,16 @@ $this-getIsHtml(), $params['utf8'] ? FormatJson::ALL_OK : FormatJson::XMLMETA_OK ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API, so we need to + // work around it. + if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) { + $json = preg_replace( + '/\(\s*cross-domain-policy\s*)\/i', '\\u003C$1\\u003E', $json + ); + } + $callback = $params['callback']; if ( $callback !== null ) { $callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/, '', $callback ); diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php index ae93812..a4b4a11 100644 --- a/includes/api/ApiFormatPhp.php +++ b/includes/api/ApiFormatPhp.php @@ -35,6 +35,22 @@ } public function execute() { - $this-printText( serialize( $this-getResultData() ) ); + $text = serialize( $this-getResultData() ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API. There's nothing + // we can do here that isn't actively broken in some manner, so let's + // just be broken in a useful manner. + if ( $this-getConfig()-get( 'MangleFlashPolicy' ) + in_array( 'wfOutputHandler', ob_list_handlers(), true ) + preg_match( '/\\s*cross-domain-policy\s*\/i', $text ) + ) { + $this-dieUsage( + 'This response cannot be represented using format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776', + 'internalerror' + ); + } + + $this-printText( $text ); } } -- To view, visit https://gerrit.wikimedia.org/r/175596 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 Gerrit-PatchSet: 2 Gerrit-Project: mediawiki/core Gerrit-Branch: wmf/1.25wmf9 Gerrit-Owner: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Anomie bjor...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
CSteipp has uploaded a new change for review. https://gerrit.wikimedia.org/r/175596 Change subject: API: Work around wfMangleFlashPolicy() .. API: Work around wfMangleFlashPolicy() The things wfMangleFlashPolicy() does to the output break things in the API. For JSON we can work around it, while for PHP we just have to error out. XML isn't affected because are escaped anyway (unless something somehow uses 'cross-domain-policy' as a tag name), and the rest are going away soon so they're not worth the trouble. Bug: 66776 Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 (cherry picked from commit e868f703ad4afbdcf81e7e392a46f20e356c4331) --- M RELEASE-NOTES-1.25 M includes/api/ApiFormatJson.php M includes/api/ApiFormatPhp.php 3 files changed, 30 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/96/175596/1 diff --git a/RELEASE-NOTES-1.25 b/RELEASE-NOTES-1.25 index 3531cac..987350b 100644 --- a/RELEASE-NOTES-1.25 +++ b/RELEASE-NOTES-1.25 @@ -95,6 +95,9 @@ * If the user has the 'deletedhistory' right, action=query's revids parameter will now recognize deleted revids. * prop=revisions may be used as a generator, generating revids. +* (bug 66776) format=json results will no longer be corrupted when + $wgMangleFlashPolicy is in effect. format=php results will cleanly return an + error instead of returning invalid serialized data. === Action API internal changes in 1.25 === * ApiHelp has been rewritten to support i18n and paginated HTML output. diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index ce8656e..966e82d 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -67,6 +67,16 @@ $this-getIsHtml(), $params['utf8'] ? FormatJson::ALL_OK : FormatJson::XMLMETA_OK ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API, so we need to + // work around it. + if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) { + $json = preg_replace( + '/\(\s*cross-domain-policy\s*)\/i', '\\u003C$1\\u003E', $json + ); + } + $callback = $params['callback']; if ( $callback !== null ) { $callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/, '', $callback ); diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php index ae93812..a4b4a11 100644 --- a/includes/api/ApiFormatPhp.php +++ b/includes/api/ApiFormatPhp.php @@ -35,6 +35,22 @@ } public function execute() { - $this-printText( serialize( $this-getResultData() ) ); + $text = serialize( $this-getResultData() ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API. There's nothing + // we can do here that isn't actively broken in some manner, so let's + // just be broken in a useful manner. + if ( $this-getConfig()-get( 'MangleFlashPolicy' ) + in_array( 'wfOutputHandler', ob_list_handlers(), true ) + preg_match( '/\\s*cross-domain-policy\s*\/i', $text ) + ) { + $this-dieUsage( + 'This response cannot be represented using format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776', + 'internalerror' + ); + } + + $this-printText( $text ); } } -- To view, visit https://gerrit.wikimedia.org/r/175596 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: wmf/1.25wmf9 Gerrit-Owner: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Anomie bjor...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
jenkins-bot has submitted this change and it was merged. Change subject: API: Work around wfMangleFlashPolicy() .. API: Work around wfMangleFlashPolicy() The things wfMangleFlashPolicy() does to the output break things in the API. For JSON we can work around it, while for PHP we just have to error out. XML isn't affected because are escaped anyway (unless something somehow uses 'cross-domain-policy' as a tag name), and the rest are going away soon so they're not worth the trouble. Bug: 66776 Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 --- M RELEASE-NOTES-1.25 M includes/api/ApiFormatJson.php M includes/api/ApiFormatPhp.php 3 files changed, 30 insertions(+), 1 deletion(-) Approvals: CSteipp: Looks good to me, approved jenkins-bot: Verified diff --git a/RELEASE-NOTES-1.25 b/RELEASE-NOTES-1.25 index ae1c23e..b36daa6 100644 --- a/RELEASE-NOTES-1.25 +++ b/RELEASE-NOTES-1.25 @@ -97,6 +97,9 @@ * If the user has the 'deletedhistory' right, action=query's revids parameter will now recognize deleted revids. * prop=revisions may be used as a generator, generating revids. +* (bug 66776) format=json results will no longer be corrupted when + $wgMangleFlashPolicy is in effect. format=php results will cleanly return an + error instead of returning invalid serialized data. === Action API internal changes in 1.25 === * ApiHelp has been rewritten to support i18n and paginated HTML output. diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index ce8656e..966e82d 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -67,6 +67,16 @@ $this-getIsHtml(), $params['utf8'] ? FormatJson::ALL_OK : FormatJson::XMLMETA_OK ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API, so we need to + // work around it. + if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) { + $json = preg_replace( + '/\(\s*cross-domain-policy\s*)\/i', '\\u003C$1\\u003E', $json + ); + } + $callback = $params['callback']; if ( $callback !== null ) { $callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/, '', $callback ); diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php index ae93812..a4b4a11 100644 --- a/includes/api/ApiFormatPhp.php +++ b/includes/api/ApiFormatPhp.php @@ -35,6 +35,22 @@ } public function execute() { - $this-printText( serialize( $this-getResultData() ) ); + $text = serialize( $this-getResultData() ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API. There's nothing + // we can do here that isn't actively broken in some manner, so let's + // just be broken in a useful manner. + if ( $this-getConfig()-get( 'MangleFlashPolicy' ) + in_array( 'wfOutputHandler', ob_list_handlers(), true ) + preg_match( '/\\s*cross-domain-policy\s*\/i', $text ) + ) { + $this-dieUsage( + 'This response cannot be represented using format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776', + 'internalerror' + ); + } + + $this-printText( $text ); } } -- To view, visit https://gerrit.wikimedia.org/r/174496 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 Gerrit-PatchSet: 2 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Anomie bjor...@wikimedia.org Gerrit-Reviewer: Anomie bjor...@wikimedia.org Gerrit-Reviewer: CSteipp cste...@wikimedia.org Gerrit-Reviewer: Legoktm legoktm.wikipe...@gmail.com Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Anomie has uploaded a new change for review. https://gerrit.wikimedia.org/r/174496 Change subject: API: Work around wfMangleFlashPolicy() .. API: Work around wfMangleFlashPolicy() The things wfMangleFlashPolicy() does to the output break things in the API. For JSON we can work around it, while for PHP we just have to error out. XML isn't affected because are escaped anyway (unless something somehow uses 'cross-domain-policy' as a tag name), and the rest are going away soon so they're not worth the trouble. Bug: 66776 Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 --- M includes/api/ApiFormatJson.php M includes/api/ApiFormatPhp.php 2 files changed, 27 insertions(+), 1 deletion(-) git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core refs/changes/96/174496/1 diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index ce8656e..966e82d 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -67,6 +67,16 @@ $this-getIsHtml(), $params['utf8'] ? FormatJson::ALL_OK : FormatJson::XMLMETA_OK ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API, so we need to + // work around it. + if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) { + $json = preg_replace( + '/\(\s*cross-domain-policy\s*)\/i', '\\u003C$1\\u003E', $json + ); + } + $callback = $params['callback']; if ( $callback !== null ) { $callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/, '', $callback ); diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php index ae93812..a4b4a11 100644 --- a/includes/api/ApiFormatPhp.php +++ b/includes/api/ApiFormatPhp.php @@ -35,6 +35,22 @@ } public function execute() { - $this-printText( serialize( $this-getResultData() ) ); + $text = serialize( $this-getResultData() ); + + // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in + // Flash, but what it does isn't friendly for the API. There's nothing + // we can do here that isn't actively broken in some manner, so let's + // just be broken in a useful manner. + if ( $this-getConfig()-get( 'MangleFlashPolicy' ) + in_array( 'wfOutputHandler', ob_list_handlers(), true ) + preg_match( '/\\s*cross-domain-policy\s*\/i', $text ) + ) { + $this-dieUsage( + 'This response cannot be represented using format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776', + 'internalerror' + ); + } + + $this-printText( $text ); } } -- To view, visit https://gerrit.wikimedia.org/r/174496 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354 Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/core Gerrit-Branch: master Gerrit-Owner: Anomie bjor...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits