dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SECURITY: Improve cross-domain-policy mangling
[lhc/web/wiklou.git] / includes / api / ApiFormatJson.php
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index 41de925..814450e 100644 (file)
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -103,9 +103,9 @@ class ApiFormatJson extends ApiFormatBase {
                // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in
                // Flash, but what it does isn't friendly for the API, so we need to
                // work around it.
-               if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $json ) ) {
+               if ( preg_match( '/\<\s*cross-domain-policy(?=\s|\>)/i', $json ) ) {
                        $json = preg_replace(
-                               '/\<(\s*cross-domain-policy\s*)\>/i', '\\u003C$1\\u003E', $json
+                               '/\<(\s*cross-domain-policy(?=\s|\>))/i', '\\u003C$1', $json
                        );
                }
 
Wiklou, le Wiki du Wiklou