[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Mglaser has uploaded a new change for review.
https://gerrit.wikimedia.org/r/175956
Change subject: API: Work around wfMangleFlashPolicy()
..
API: Work around wfMangleFlashPolicy()
The things wfMangleFlashPolicy() does to the output break things in the
API. For JSON we can work around it, while for PHP we just have to error
out. XML isn't affected because are escaped anyway (unless something
somehow uses 'cross-domain-policy' as a tag name), and the rest are
going away soon so they're not worth the trouble.
Backport, originally committed by Brad Jorsch
Bug: 66776
Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
---
M includes/api/ApiFormatJson.php
M includes/api/ApiFormatPhp.php
2 files changed, 27 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/56/175956/1
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index 6c5ad38..d9f9d46 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -63,6 +63,16 @@
$this-getIsHtml(),
$params['utf8'] ? FormatJson::ALL_OK :
FormatJson::XMLMETA_OK
);
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API, so we
need to
+ // work around it.
+ if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) {
+ $json = preg_replace(
+ '/\(\s*cross-domain-policy\s*)\/i',
'\\u003C$1\\u003E', $json
+ );
+ }
+
$callback = $params['callback'];
if ( $callback !== null ) {
$callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/,
'', $callback );
diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php
index b2d1f04..73ce80e 100644
--- a/includes/api/ApiFormatPhp.php
+++ b/includes/api/ApiFormatPhp.php
@@ -35,7 +35,23 @@
}
public function execute() {
- $this-printText( serialize( $this-getResultData() ) );
+ $text = serialize( $this-getResultData() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API. There's
nothing
+ // we can do here that isn't actively broken in some manner, so
let's
+ // just be broken in a useful manner.
+ if ( $this-getConfig()-get( 'MangleFlashPolicy' )
+ in_array( 'wfOutputHandler', ob_list_handlers(), true )
+ preg_match( '/\\s*cross-domain-policy\s*\/i', $text )
+ ) {
+ $this-dieUsage(
+ 'This response cannot be represented using
format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776',
+ 'internalerror'
+ );
+ }
+
+ $this-printText( $text );
}
public function getDescription() {
--
To view, visit https://gerrit.wikimedia.org/r/175956
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_24
Gerrit-Owner: Mglaser gla...@hallowelt.biz
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Mglaser has uploaded a new change for review.
https://gerrit.wikimedia.org/r/175957
Change subject: API: Work around wfMangleFlashPolicy()
..
API: Work around wfMangleFlashPolicy()
The things wfMangleFlashPolicy() does to the output break things in the
API. For JSON we can work around it, while for PHP we just have to error
out. XML isn't affected because are escaped anyway (unless something
somehow uses 'cross-domain-policy' as a tag name), and the rest are
going away soon so they're not worth the trouble.
Backport, originally committed by Brad Jorsch
Bug: 66776
Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
---
M includes/api/ApiFormatJson.php
M includes/api/ApiFormatPhp.php
2 files changed, 27 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/57/175957/1
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index 9673d6f..b222f74 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -63,6 +63,16 @@
$this-getIsHtml(),
$params['utf8'] ? FormatJson::ALL_OK :
FormatJson::XMLMETA_OK
);
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API, so we
need to
+ // work around it.
+ if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) {
+ $json = preg_replace(
+ '/\(\s*cross-domain-policy\s*)\/i',
'\\u003C$1\\u003E', $json
+ );
+ }
+
$callback = $params['callback'];
if ( $callback !== null ) {
$callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/,
'', $callback );
diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php
index b2d1f04..73ce80e 100644
--- a/includes/api/ApiFormatPhp.php
+++ b/includes/api/ApiFormatPhp.php
@@ -35,7 +35,23 @@
}
public function execute() {
- $this-printText( serialize( $this-getResultData() ) );
+ $text = serialize( $this-getResultData() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API. There's
nothing
+ // we can do here that isn't actively broken in some manner, so
let's
+ // just be broken in a useful manner.
+ if ( $this-getConfig()-get( 'MangleFlashPolicy' )
+ in_array( 'wfOutputHandler', ob_list_handlers(), true )
+ preg_match( '/\\s*cross-domain-policy\s*\/i', $text )
+ ) {
+ $this-dieUsage(
+ 'This response cannot be represented using
format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776',
+ 'internalerror'
+ );
+ }
+
+ $this-printText( $text );
}
public function getDescription() {
--
To view, visit https://gerrit.wikimedia.org/r/175957
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_23
Gerrit-Owner: Mglaser gla...@hallowelt.biz
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Mglaser has uploaded a new change for review.
https://gerrit.wikimedia.org/r/175958
Change subject: API: Work around wfMangleFlashPolicy()
..
API: Work around wfMangleFlashPolicy()
The things wfMangleFlashPolicy() does to the output break things in the
API. For JSON we can work around it, while for PHP we just have to error
out. XML isn't affected because are escaped anyway (unless something
somehow uses 'cross-domain-policy' as a tag name), and the rest are
going away soon so they're not worth the trouble.
Backport, originally committed by Brad Jorsch
Bug: 66776
Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
---
M includes/api/ApiFormatJson.php
M includes/api/ApiFormatPhp.php
2 files changed, 28 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/58/175958/1
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index 4140583..47d8212 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -62,6 +62,16 @@
$this-getIsHtml(),
$params['utf8'] ? FormatJson::ALL_OK :
FormatJson::XMLMETA_OK
);
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API, so we
need to
+ // work around it.
+ if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) {
+ $json = preg_replace(
+ '/\(\s*cross-domain-policy\s*)\/i',
'\\u003C$1\\u003E', $json
+ );
+ }
+
$callback = $params['callback'];
if ( $callback !== null ) {
$callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/,
'', $callback );
diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php
index b2d1f04..bda1c18 100644
--- a/includes/api/ApiFormatPhp.php
+++ b/includes/api/ApiFormatPhp.php
@@ -35,7 +35,24 @@
}
public function execute() {
- $this-printText( serialize( $this-getResultData() ) );
+ global $wgMangleFlashPolicy;
+ $text = serialize( $this-getResultData() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API. There's
nothing
+ // we can do here that isn't actively broken in some manner, so
let's
+ // just be broken in a useful manner.
+ if ( $wgMangleFlashPolicy
+ in_array( 'wfOutputHandler', ob_list_handlers(), true )
+ preg_match( '/\\s*cross-domain-policy\s*\/i', $text )
+ ) {
+ $this-dieUsage(
+ 'This response cannot be represented using
format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776',
+ 'internalerror'
+ );
+ }
+
+ $this-printText( $text );
}
public function getDescription() {
--
To view, visit https://gerrit.wikimedia.org/r/175958
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_22
Gerrit-Owner: Mglaser gla...@hallowelt.biz
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Mglaser has uploaded a new change for review.
https://gerrit.wikimedia.org/r/175960
Change subject: API: Work around wfMangleFlashPolicy()
..
API: Work around wfMangleFlashPolicy()
The things wfMangleFlashPolicy() does to the output break things in the
API. For JSON we can work around it, while for PHP we just have to error
out. XML isn't affected because are escaped anyway (unless something
somehow uses 'cross-domain-policy' as a tag name), and the rest are
going away soon so they're not worth the trouble.
Backport, originally committed by Brad Jorsch
Bug: 66776
Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
---
M includes/api/ApiFormatJson.php
M includes/api/ApiFormatPhp.php
2 files changed, 31 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/60/175960/1
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index 6a13fa1..6f50526 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -67,9 +67,21 @@
$prefix = ( /**/$prefix );
$suffix = ')';
}
+
+ $json = FormatJson::encode( $this-getResultData(),
$this-getIsHtml() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API, so we
need to
+ // work around it.
+ if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) {
+ $json = preg_replace(
+ '/\(\s*cross-domain-policy\s*)\/i',
'\\u003C$1\\u003E', $json
+ );
+ }
+
$this-printText(
$prefix .
- FormatJson::encode( $this-getResultData(),
$this-getIsHtml() ) .
+ $json .
$suffix
);
}
diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php
index 60552c4..67ed6ad 100644
--- a/includes/api/ApiFormatPhp.php
+++ b/includes/api/ApiFormatPhp.php
@@ -39,7 +39,24 @@
}
public function execute() {
- $this-printText( serialize( $this-getResultData() ) );
+ global $wgMangleFlashPolicy;
+ $text = serialize( $this-getResultData() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API. There's
nothing
+ // we can do here that isn't actively broken in some manner, so
let's
+ // just be broken in a useful manner.
+ if ( $wgMangleFlashPolicy
+ in_array( 'wfOutputHandler', ob_list_handlers(), true )
+ preg_match( '/\\s*cross-domain-policy\s*\/i', $text )
+ ) {
+ $this-dieUsage(
+ 'This response cannot be represented using
format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776',
+ 'internalerror'
+ );
+ }
+
+ $this-printText( $text );
}
public function getDescription() {
--
To view, visit https://gerrit.wikimedia.org/r/175960
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_19
Gerrit-Owner: Mglaser gla...@hallowelt.biz
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Mglaser has submitted this change and it was merged.
Change subject: API: Work around wfMangleFlashPolicy()
..
API: Work around wfMangleFlashPolicy()
The things wfMangleFlashPolicy() does to the output break things in the
API. For JSON we can work around it, while for PHP we just have to error
out. XML isn't affected because are escaped anyway (unless something
somehow uses 'cross-domain-policy' as a tag name), and the rest are
going away soon so they're not worth the trouble.
Backport, originally committed by Brad Jorsch
Bug: 66776
Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
---
M includes/api/ApiFormatJson.php
M includes/api/ApiFormatPhp.php
2 files changed, 27 insertions(+), 1 deletion(-)
Approvals:
Mglaser: Verified; Looks good to me, approved
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index 6c5ad38..d9f9d46 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -63,6 +63,16 @@
$this-getIsHtml(),
$params['utf8'] ? FormatJson::ALL_OK :
FormatJson::XMLMETA_OK
);
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API, so we
need to
+ // work around it.
+ if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) {
+ $json = preg_replace(
+ '/\(\s*cross-domain-policy\s*)\/i',
'\\u003C$1\\u003E', $json
+ );
+ }
+
$callback = $params['callback'];
if ( $callback !== null ) {
$callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/,
'', $callback );
diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php
index b2d1f04..73ce80e 100644
--- a/includes/api/ApiFormatPhp.php
+++ b/includes/api/ApiFormatPhp.php
@@ -35,7 +35,23 @@
}
public function execute() {
- $this-printText( serialize( $this-getResultData() ) );
+ $text = serialize( $this-getResultData() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API. There's
nothing
+ // we can do here that isn't actively broken in some manner, so
let's
+ // just be broken in a useful manner.
+ if ( $this-getConfig()-get( 'MangleFlashPolicy' )
+ in_array( 'wfOutputHandler', ob_list_handlers(), true )
+ preg_match( '/\\s*cross-domain-policy\s*\/i', $text )
+ ) {
+ $this-dieUsage(
+ 'This response cannot be represented using
format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776',
+ 'internalerror'
+ );
+ }
+
+ $this-printText( $text );
}
public function getDescription() {
--
To view, visit https://gerrit.wikimedia.org/r/175956
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_24
Gerrit-Owner: Mglaser gla...@hallowelt.biz
Gerrit-Reviewer: Anomie bjor...@wikimedia.org
Gerrit-Reviewer: Mglaser gla...@hallowelt.biz
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Mglaser has submitted this change and it was merged.
Change subject: API: Work around wfMangleFlashPolicy()
..
API: Work around wfMangleFlashPolicy()
The things wfMangleFlashPolicy() does to the output break things in the
API. For JSON we can work around it, while for PHP we just have to error
out. XML isn't affected because are escaped anyway (unless something
somehow uses 'cross-domain-policy' as a tag name), and the rest are
going away soon so they're not worth the trouble.
Backport, originally committed by Brad Jorsch
Bug: 66776
Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
---
M includes/api/ApiFormatJson.php
M includes/api/ApiFormatPhp.php
2 files changed, 27 insertions(+), 1 deletion(-)
Approvals:
Mglaser: Verified; Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index 9673d6f..b222f74 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -63,6 +63,16 @@
$this-getIsHtml(),
$params['utf8'] ? FormatJson::ALL_OK :
FormatJson::XMLMETA_OK
);
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API, so we
need to
+ // work around it.
+ if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) {
+ $json = preg_replace(
+ '/\(\s*cross-domain-policy\s*)\/i',
'\\u003C$1\\u003E', $json
+ );
+ }
+
$callback = $params['callback'];
if ( $callback !== null ) {
$callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/,
'', $callback );
diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php
index b2d1f04..73ce80e 100644
--- a/includes/api/ApiFormatPhp.php
+++ b/includes/api/ApiFormatPhp.php
@@ -35,7 +35,23 @@
}
public function execute() {
- $this-printText( serialize( $this-getResultData() ) );
+ $text = serialize( $this-getResultData() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API. There's
nothing
+ // we can do here that isn't actively broken in some manner, so
let's
+ // just be broken in a useful manner.
+ if ( $this-getConfig()-get( 'MangleFlashPolicy' )
+ in_array( 'wfOutputHandler', ob_list_handlers(), true )
+ preg_match( '/\\s*cross-domain-policy\s*\/i', $text )
+ ) {
+ $this-dieUsage(
+ 'This response cannot be represented using
format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776',
+ 'internalerror'
+ );
+ }
+
+ $this-printText( $text );
}
public function getDescription() {
--
To view, visit https://gerrit.wikimedia.org/r/175957
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_23
Gerrit-Owner: Mglaser gla...@hallowelt.biz
Gerrit-Reviewer: Anomie bjor...@wikimedia.org
Gerrit-Reviewer: Mglaser gla...@hallowelt.biz
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Mglaser has submitted this change and it was merged.
Change subject: API: Work around wfMangleFlashPolicy()
..
API: Work around wfMangleFlashPolicy()
The things wfMangleFlashPolicy() does to the output break things in the
API. For JSON we can work around it, while for PHP we just have to error
out. XML isn't affected because are escaped anyway (unless something
somehow uses 'cross-domain-policy' as a tag name), and the rest are
going away soon so they're not worth the trouble.
Backport, originally committed by Brad Jorsch
Bug: 66776
Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
---
M includes/api/ApiFormatJson.php
M includes/api/ApiFormatPhp.php
2 files changed, 28 insertions(+), 1 deletion(-)
Approvals:
Mglaser: Verified; Looks good to me, approved
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index 4140583..47d8212 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -62,6 +62,16 @@
$this-getIsHtml(),
$params['utf8'] ? FormatJson::ALL_OK :
FormatJson::XMLMETA_OK
);
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API, so we
need to
+ // work around it.
+ if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) {
+ $json = preg_replace(
+ '/\(\s*cross-domain-policy\s*)\/i',
'\\u003C$1\\u003E', $json
+ );
+ }
+
$callback = $params['callback'];
if ( $callback !== null ) {
$callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/,
'', $callback );
diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php
index b2d1f04..bda1c18 100644
--- a/includes/api/ApiFormatPhp.php
+++ b/includes/api/ApiFormatPhp.php
@@ -35,7 +35,24 @@
}
public function execute() {
- $this-printText( serialize( $this-getResultData() ) );
+ global $wgMangleFlashPolicy;
+ $text = serialize( $this-getResultData() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API. There's
nothing
+ // we can do here that isn't actively broken in some manner, so
let's
+ // just be broken in a useful manner.
+ if ( $wgMangleFlashPolicy
+ in_array( 'wfOutputHandler', ob_list_handlers(), true )
+ preg_match( '/\\s*cross-domain-policy\s*\/i', $text )
+ ) {
+ $this-dieUsage(
+ 'This response cannot be represented using
format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776',
+ 'internalerror'
+ );
+ }
+
+ $this-printText( $text );
}
public function getDescription() {
--
To view, visit https://gerrit.wikimedia.org/r/175958
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_22
Gerrit-Owner: Mglaser gla...@hallowelt.biz
Gerrit-Reviewer: Anomie bjor...@wikimedia.org
Gerrit-Reviewer: Mglaser gla...@hallowelt.biz
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Mglaser has submitted this change and it was merged.
Change subject: API: Work around wfMangleFlashPolicy()
..
API: Work around wfMangleFlashPolicy()
The things wfMangleFlashPolicy() does to the output break things in the
API. For JSON we can work around it, while for PHP we just have to error
out. XML isn't affected because are escaped anyway (unless something
somehow uses 'cross-domain-policy' as a tag name), and the rest are
going away soon so they're not worth the trouble.
Backport, originally committed by Brad Jorsch
Bug: 66776
Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
---
M includes/api/ApiFormatJson.php
M includes/api/ApiFormatPhp.php
2 files changed, 31 insertions(+), 2 deletions(-)
Approvals:
Mglaser: Verified; Looks good to me, approved
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index 6a13fa1..6f50526 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -67,9 +67,21 @@
$prefix = ( /**/$prefix );
$suffix = ')';
}
+
+ $json = FormatJson::encode( $this-getResultData(),
$this-getIsHtml() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API, so we
need to
+ // work around it.
+ if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) {
+ $json = preg_replace(
+ '/\(\s*cross-domain-policy\s*)\/i',
'\\u003C$1\\u003E', $json
+ );
+ }
+
$this-printText(
$prefix .
- FormatJson::encode( $this-getResultData(),
$this-getIsHtml() ) .
+ $json .
$suffix
);
}
diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php
index 60552c4..67ed6ad 100644
--- a/includes/api/ApiFormatPhp.php
+++ b/includes/api/ApiFormatPhp.php
@@ -39,7 +39,24 @@
}
public function execute() {
- $this-printText( serialize( $this-getResultData() ) );
+ global $wgMangleFlashPolicy;
+ $text = serialize( $this-getResultData() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API. There's
nothing
+ // we can do here that isn't actively broken in some manner, so
let's
+ // just be broken in a useful manner.
+ if ( $wgMangleFlashPolicy
+ in_array( 'wfOutputHandler', ob_list_handlers(), true )
+ preg_match( '/\\s*cross-domain-policy\s*\/i', $text )
+ ) {
+ $this-dieUsage(
+ 'This response cannot be represented using
format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776',
+ 'internalerror'
+ );
+ }
+
+ $this-printText( $text );
}
public function getDescription() {
--
To view, visit https://gerrit.wikimedia.org/r/175960
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: REL1_19
Gerrit-Owner: Mglaser gla...@hallowelt.biz
Gerrit-Reviewer: Anomie bjor...@wikimedia.org
Gerrit-Reviewer: Mglaser gla...@hallowelt.biz
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
jenkins-bot has submitted this change and it was merged.
Change subject: API: Work around wfMangleFlashPolicy()
..
API: Work around wfMangleFlashPolicy()
The things wfMangleFlashPolicy() does to the output break things in the
API. For JSON we can work around it, while for PHP we just have to error
out. XML isn't affected because are escaped anyway (unless something
somehow uses 'cross-domain-policy' as a tag name), and the rest are
going away soon so they're not worth the trouble.
Bug: 66776
Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
(cherry picked from commit e868f703ad4afbdcf81e7e392a46f20e356c4331)
---
M RELEASE-NOTES-1.25
M includes/api/ApiFormatJson.php
M includes/api/ApiFormatPhp.php
3 files changed, 30 insertions(+), 1 deletion(-)
Approvals:
Anomie: Looks good to me, approved
jenkins-bot: Verified
diff --git a/RELEASE-NOTES-1.25 b/RELEASE-NOTES-1.25
index ae1c23e..b36daa6 100644
--- a/RELEASE-NOTES-1.25
+++ b/RELEASE-NOTES-1.25
@@ -97,6 +97,9 @@
* If the user has the 'deletedhistory' right, action=query's revids parameter
will now recognize deleted revids.
* prop=revisions may be used as a generator, generating revids.
+* (bug 66776) format=json results will no longer be corrupted when
+ $wgMangleFlashPolicy is in effect. format=php results will cleanly return an
+ error instead of returning invalid serialized data.
=== Action API internal changes in 1.25 ===
* ApiHelp has been rewritten to support i18n and paginated HTML output.
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index ce8656e..966e82d 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -67,6 +67,16 @@
$this-getIsHtml(),
$params['utf8'] ? FormatJson::ALL_OK :
FormatJson::XMLMETA_OK
);
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API, so we
need to
+ // work around it.
+ if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) {
+ $json = preg_replace(
+ '/\(\s*cross-domain-policy\s*)\/i',
'\\u003C$1\\u003E', $json
+ );
+ }
+
$callback = $params['callback'];
if ( $callback !== null ) {
$callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/,
'', $callback );
diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php
index ae93812..a4b4a11 100644
--- a/includes/api/ApiFormatPhp.php
+++ b/includes/api/ApiFormatPhp.php
@@ -35,6 +35,22 @@
}
public function execute() {
- $this-printText( serialize( $this-getResultData() ) );
+ $text = serialize( $this-getResultData() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API. There's
nothing
+ // we can do here that isn't actively broken in some manner, so
let's
+ // just be broken in a useful manner.
+ if ( $this-getConfig()-get( 'MangleFlashPolicy' )
+ in_array( 'wfOutputHandler', ob_list_handlers(), true )
+ preg_match( '/\\s*cross-domain-policy\s*\/i', $text )
+ ) {
+ $this-dieUsage(
+ 'This response cannot be represented using
format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776',
+ 'internalerror'
+ );
+ }
+
+ $this-printText( $text );
}
}
--
To view, visit https://gerrit.wikimedia.org/r/175596
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/core
Gerrit-Branch: wmf/1.25wmf9
Gerrit-Owner: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Anomie bjor...@wikimedia.org
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
CSteipp has uploaded a new change for review.
https://gerrit.wikimedia.org/r/175596
Change subject: API: Work around wfMangleFlashPolicy()
..
API: Work around wfMangleFlashPolicy()
The things wfMangleFlashPolicy() does to the output break things in the
API. For JSON we can work around it, while for PHP we just have to error
out. XML isn't affected because are escaped anyway (unless something
somehow uses 'cross-domain-policy' as a tag name), and the rest are
going away soon so they're not worth the trouble.
Bug: 66776
Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
(cherry picked from commit e868f703ad4afbdcf81e7e392a46f20e356c4331)
---
M RELEASE-NOTES-1.25
M includes/api/ApiFormatJson.php
M includes/api/ApiFormatPhp.php
3 files changed, 30 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/96/175596/1
diff --git a/RELEASE-NOTES-1.25 b/RELEASE-NOTES-1.25
index 3531cac..987350b 100644
--- a/RELEASE-NOTES-1.25
+++ b/RELEASE-NOTES-1.25
@@ -95,6 +95,9 @@
* If the user has the 'deletedhistory' right, action=query's revids parameter
will now recognize deleted revids.
* prop=revisions may be used as a generator, generating revids.
+* (bug 66776) format=json results will no longer be corrupted when
+ $wgMangleFlashPolicy is in effect. format=php results will cleanly return an
+ error instead of returning invalid serialized data.
=== Action API internal changes in 1.25 ===
* ApiHelp has been rewritten to support i18n and paginated HTML output.
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index ce8656e..966e82d 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -67,6 +67,16 @@
$this-getIsHtml(),
$params['utf8'] ? FormatJson::ALL_OK :
FormatJson::XMLMETA_OK
);
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API, so we
need to
+ // work around it.
+ if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) {
+ $json = preg_replace(
+ '/\(\s*cross-domain-policy\s*)\/i',
'\\u003C$1\\u003E', $json
+ );
+ }
+
$callback = $params['callback'];
if ( $callback !== null ) {
$callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/,
'', $callback );
diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php
index ae93812..a4b4a11 100644
--- a/includes/api/ApiFormatPhp.php
+++ b/includes/api/ApiFormatPhp.php
@@ -35,6 +35,22 @@
}
public function execute() {
- $this-printText( serialize( $this-getResultData() ) );
+ $text = serialize( $this-getResultData() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API. There's
nothing
+ // we can do here that isn't actively broken in some manner, so
let's
+ // just be broken in a useful manner.
+ if ( $this-getConfig()-get( 'MangleFlashPolicy' )
+ in_array( 'wfOutputHandler', ob_list_handlers(), true )
+ preg_match( '/\\s*cross-domain-policy\s*\/i', $text )
+ ) {
+ $this-dieUsage(
+ 'This response cannot be represented using
format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776',
+ 'internalerror'
+ );
+ }
+
+ $this-printText( $text );
}
}
--
To view, visit https://gerrit.wikimedia.org/r/175596
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: wmf/1.25wmf9
Gerrit-Owner: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Anomie bjor...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
jenkins-bot has submitted this change and it was merged.
Change subject: API: Work around wfMangleFlashPolicy()
..
API: Work around wfMangleFlashPolicy()
The things wfMangleFlashPolicy() does to the output break things in the
API. For JSON we can work around it, while for PHP we just have to error
out. XML isn't affected because are escaped anyway (unless something
somehow uses 'cross-domain-policy' as a tag name), and the rest are
going away soon so they're not worth the trouble.
Bug: 66776
Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
---
M RELEASE-NOTES-1.25
M includes/api/ApiFormatJson.php
M includes/api/ApiFormatPhp.php
3 files changed, 30 insertions(+), 1 deletion(-)
Approvals:
CSteipp: Looks good to me, approved
jenkins-bot: Verified
diff --git a/RELEASE-NOTES-1.25 b/RELEASE-NOTES-1.25
index ae1c23e..b36daa6 100644
--- a/RELEASE-NOTES-1.25
+++ b/RELEASE-NOTES-1.25
@@ -97,6 +97,9 @@
* If the user has the 'deletedhistory' right, action=query's revids parameter
will now recognize deleted revids.
* prop=revisions may be used as a generator, generating revids.
+* (bug 66776) format=json results will no longer be corrupted when
+ $wgMangleFlashPolicy is in effect. format=php results will cleanly return an
+ error instead of returning invalid serialized data.
=== Action API internal changes in 1.25 ===
* ApiHelp has been rewritten to support i18n and paginated HTML output.
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index ce8656e..966e82d 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -67,6 +67,16 @@
$this-getIsHtml(),
$params['utf8'] ? FormatJson::ALL_OK :
FormatJson::XMLMETA_OK
);
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API, so we
need to
+ // work around it.
+ if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) {
+ $json = preg_replace(
+ '/\(\s*cross-domain-policy\s*)\/i',
'\\u003C$1\\u003E', $json
+ );
+ }
+
$callback = $params['callback'];
if ( $callback !== null ) {
$callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/,
'', $callback );
diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php
index ae93812..a4b4a11 100644
--- a/includes/api/ApiFormatPhp.php
+++ b/includes/api/ApiFormatPhp.php
@@ -35,6 +35,22 @@
}
public function execute() {
- $this-printText( serialize( $this-getResultData() ) );
+ $text = serialize( $this-getResultData() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API. There's
nothing
+ // we can do here that isn't actively broken in some manner, so
let's
+ // just be broken in a useful manner.
+ if ( $this-getConfig()-get( 'MangleFlashPolicy' )
+ in_array( 'wfOutputHandler', ob_list_handlers(), true )
+ preg_match( '/\\s*cross-domain-policy\s*\/i', $text )
+ ) {
+ $this-dieUsage(
+ 'This response cannot be represented using
format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776',
+ 'internalerror'
+ );
+ }
+
+ $this-printText( $text );
}
}
--
To view, visit https://gerrit.wikimedia.org/r/174496
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
Gerrit-PatchSet: 2
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Anomie bjor...@wikimedia.org
Gerrit-Reviewer: Anomie bjor...@wikimedia.org
Gerrit-Reviewer: CSteipp cste...@wikimedia.org
Gerrit-Reviewer: Legoktm legoktm.wikipe...@gmail.com
Gerrit-Reviewer: jenkins-bot
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] API: Work around wfMangleFlashPolicy() - change (mediawiki/core)
Anomie has uploaded a new change for review.
https://gerrit.wikimedia.org/r/174496
Change subject: API: Work around wfMangleFlashPolicy()
..
API: Work around wfMangleFlashPolicy()
The things wfMangleFlashPolicy() does to the output break things in the
API. For JSON we can work around it, while for PHP we just have to error
out. XML isn't affected because are escaped anyway (unless something
somehow uses 'cross-domain-policy' as a tag name), and the rest are
going away soon so they're not worth the trouble.
Bug: 66776
Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
---
M includes/api/ApiFormatJson.php
M includes/api/ApiFormatPhp.php
2 files changed, 27 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core
refs/changes/96/174496/1
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index ce8656e..966e82d 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -67,6 +67,16 @@
$this-getIsHtml(),
$params['utf8'] ? FormatJson::ALL_OK :
FormatJson::XMLMETA_OK
);
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API, so we
need to
+ // work around it.
+ if ( preg_match( '/\\s*cross-domain-policy\s*\/i', $json ) ) {
+ $json = preg_replace(
+ '/\(\s*cross-domain-policy\s*)\/i',
'\\u003C$1\\u003E', $json
+ );
+ }
+
$callback = $params['callback'];
if ( $callback !== null ) {
$callback = preg_replace( /[^][.\\'\\\_A-Za-z0-9]/,
'', $callback );
diff --git a/includes/api/ApiFormatPhp.php b/includes/api/ApiFormatPhp.php
index ae93812..a4b4a11 100644
--- a/includes/api/ApiFormatPhp.php
+++ b/includes/api/ApiFormatPhp.php
@@ -35,6 +35,22 @@
}
public function execute() {
- $this-printText( serialize( $this-getResultData() ) );
+ $text = serialize( $this-getResultData() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty
bug in
+ // Flash, but what it does isn't friendly for the API. There's
nothing
+ // we can do here that isn't actively broken in some manner, so
let's
+ // just be broken in a useful manner.
+ if ( $this-getConfig()-get( 'MangleFlashPolicy' )
+ in_array( 'wfOutputHandler', ob_list_handlers(), true )
+ preg_match( '/\\s*cross-domain-policy\s*\/i', $text )
+ ) {
+ $this-dieUsage(
+ 'This response cannot be represented using
format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776',
+ 'internalerror'
+ );
+ }
+
+ $this-printText( $text );
}
}
--
To view, visit https://gerrit.wikimedia.org/r/174496
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Idc5f37bd778288a9cde572f081dc753d681ec354
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Anomie bjor...@wikimedia.org
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
