From: Timo Tijhof <krinklemail@gmail.com>
Date: Tue, 12 May 2015 00:50:28 +0000 (+0100)
Subject: resourceloader: Use makeComment() in tryRespondFromFileCache() for safety
X-Git-Tag: 1.31.0-rc.0~11438
X-Git-Url: https://git.cyclocoop.org/%7B%24admin_url%7Dmembres/cotisations/voir.php?a=commitdiff_plain;h=e221d194c41a7f7675c61dc69c259dec1d63012a;p=lhc%2Fweb%2Fwiklou.git

resourceloader: Use makeComment() in tryRespondFromFileCache() for safety

Other code paths in this class already make use of this method,
but this was still embedding arbitrary strings directly, at the
risk of producting invalid CSS or invalid JavaScript.

Change-Id: Ied6c420536a3dd1ef8f3816a078705136e8475b1
---

diff --git a/includes/resourceloader/ResourceLoader.php b/includes/resourceloader/ResourceLoader.php
index ce18c32add..55dc16e7a8 100644
--- a/includes/resourceloader/ResourceLoader.php
+++ b/includes/resourceloader/ResourceLoader.php
@@ -808,7 +808,7 @@ class ResourceLoader {
 			// Capture any PHP warnings from the output buffer and append them to the
 			// response in a comment if we're in debug mode.
 			if ( $context->getDebug() && strlen( $warnings = ob_get_contents() ) ) {
-				$response = "/*\n$warnings\n*/\n" . $response;
+				$response = self::makeComment( $warnings ) . $response;
 			}
 			// Send content type and cache headers
 			$this->sendResponseHeaders( $context, $ts, false );