* If the user has the 'deletedhistory' right, action=query's revids parameter
will now recognize deleted revids.
* prop=revisions may be used as a generator, generating revids.
+* (bug 66776) format=json results will no longer be corrupted when
+ $wgMangleFlashPolicy is in effect. format=php results will cleanly return an
+ error instead of returning invalid serialized data.
=== Action API internal changes in 1.25 ===
* ApiHelp has been rewritten to support i18n and paginated HTML output.
$this->getIsHtml(),
$params['utf8'] ? FormatJson::ALL_OK : FormatJson::XMLMETA_OK
);
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in
+ // Flash, but what it does isn't friendly for the API, so we need to
+ // work around it.
+ if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $json ) ) {
+ $json = preg_replace(
+ '/\<(\s*cross-domain-policy\s*)\>/i', '\\u003C$1\\u003E', $json
+ );
+ }
+
$callback = $params['callback'];
if ( $callback !== null ) {
$callback = preg_replace( "/[^][.\\'\\\"_A-Za-z0-9]/", '', $callback );
}
public function execute() {
- $this->printText( serialize( $this->getResultData() ) );
+ $text = serialize( $this->getResultData() );
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in
+ // Flash, but what it does isn't friendly for the API. There's nothing
+ // we can do here that isn't actively broken in some manner, so let's
+ // just be broken in a useful manner.
+ if ( $this->getConfig()->get( 'MangleFlashPolicy' ) &&
+ in_array( 'wfOutputHandler', ob_list_handlers(), true ) &&
+ preg_match( '/\<\s*cross-domain-policy\s*\>/i', $text )
+ ) {
+ $this->dieUsage(
+ 'This response cannot be represented using format=php. See https://bugzilla.wikimedia.org/show_bug.cgi?id=66776',
+ 'internalerror'
+ );
+ }
+
+ $this->printText( $text );
}
}