[Bug 66776] API output containing cross-domain-policy is corrupted in non-XML formats
https://bugzilla.wikimedia.org/show_bug.cgi?id=66776 --- Comment #9 from Gerrit Notification Bot gerritad...@wikimedia.org --- Change 174496 merged by jenkins-bot: API: Work around wfMangleFlashPolicy() https://gerrit.wikimedia.org/r/174496 -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 66776] API output containing cross-domain-policy is corrupted in non-XML formats
https://bugzilla.wikimedia.org/show_bug.cgi?id=66776 Brad Jorsch bjor...@wikimedia.org changed: What|Removed |Added Status|PATCH_TO_REVIEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 66776] API output containing cross-domain-policy is corrupted in non-XML formats
https://bugzilla.wikimedia.org/show_bug.cgi?id=66776 --- Comment #5 from Brad Jorsch bjor...@wikimedia.org --- (In reply to Gerrit Notification Bot from comment #4) Change 174289 had a related patch set uploaded by CSteipp: Make calling wfMangleFlashPolicy configurable https://gerrit.wikimedia.org/r/174289 After this change, we'd want to adjust the includes/api/ApiFormatPhp.php bit in my patch to check the new global too (via $this-getConfig()). The ApiFormatJson part is fine to do unconditionally since the replacement there makes no functional difference. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 66776] API output containing cross-domain-policy is corrupted in non-XML formats
https://bugzilla.wikimedia.org/show_bug.cgi?id=66776 --- Comment #6 from Gerrit Notification Bot gerritad...@wikimedia.org --- Change 174289 merged by jenkins-bot: Make calling wfMangleFlashPolicy configurable https://gerrit.wikimedia.org/r/174289 -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 66776] API output containing cross-domain-policy is corrupted in non-XML formats
https://bugzilla.wikimedia.org/show_bug.cgi?id=66776 --- Comment #7 from Gerrit Notification Bot gerritad...@wikimedia.org --- Change 174496 had a related patch set uploaded by Anomie: API: Work around wfMangleFlashPolicy() https://gerrit.wikimedia.org/r/174496 -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 66776] API output containing cross-domain-policy is corrupted in non-XML formats
https://bugzilla.wikimedia.org/show_bug.cgi?id=66776 Brad Jorsch bjor...@wikimedia.org changed: What|Removed |Added Attachment #17162|0 |1 is obsolete|| --- Comment #8 from Brad Jorsch bjor...@wikimedia.org --- Comment on attachment 17162 -- https://bugzilla.wikimedia.org/attachment.cgi?id=17162 Patch to work around wfMangleFlashPolicy, if we're not going to just get rid of it Because Chris was involved, for some reason I thought this was a security bug so I didn't put the patch in Gerrit. D'oh. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 66776] API output containing cross-domain-policy is corrupted in non-XML formats
https://bugzilla.wikimedia.org/show_bug.cgi?id=66776 --- Comment #3 from Brad Jorsch bjor...@wikimedia.org --- Created attachment 17162 -- https://bugzilla.wikimedia.org/attachment.cgi?id=17162action=edit Patch to work around wfMangleFlashPolicy, if we're not going to just get rid of it -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 66776] API output containing cross-domain-policy is corrupted in non-XML formats
https://bugzilla.wikimedia.org/show_bug.cgi?id=66776 --- Comment #4 from Gerrit Notification Bot gerritad...@wikimedia.org --- Change 174289 had a related patch set uploaded by CSteipp: Make calling wfMangleFlashPolicy configurable https://gerrit.wikimedia.org/r/174289 -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 66776] API output containing cross-domain-policy is corrupted in non-XML formats
https://bugzilla.wikimedia.org/show_bug.cgi?id=66776 Gerrit Notification Bot gerritad...@wikimedia.org changed: What|Removed |Added Status|NEW |PATCH_TO_REVIEW -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 66776] API output containing cross-domain-policy is corrupted in non-XML formats
https://bugzilla.wikimedia.org/show_bug.cgi?id=66776 Andre Klapper aklap...@wikimedia.org changed: What|Removed |Added Priority|Unprioritized |Normal -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 66776] API output containing cross-domain-policy is corrupted in non-XML formats
https://bugzilla.wikimedia.org/show_bug.cgi?id=66776 --- Comment #1 from Brad Jorsch bjor...@wikimedia.org --- If Chris is ok with killing wfMangleFlashPolicy(), IMO that'd be the best fix. Otherwise I'd rather add a more targeted mangling in ApiFormatJson instead of just removing the FormatJson::XMLMETA_OK flag. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
[Bug 66776] API output containing cross-domain-policy is corrupted in non-XML formats
https://bugzilla.wikimedia.org/show_bug.cgi?id=66776 --- Comment #2 from Chris Steipp cste...@wikimedia.org --- I think I'd prefer to leave the option for mangling in, even if it's behind a feature flag. I'll try to test out a couple of scenarios to confirm exactly which versions of flash could be affected. TIL: the mangling doesn't happen for anyone who has output buffering enabled on their webserver (since ob_get_level will not be 0 in WebStart.php). So I would guess a lot of non-WMF wikis aren't even using it. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. ___ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l