diff options
| author | Pierre Schmitz <pierre@archlinux.de> | 2014-07-31 06:43:27 +0200 |
|---|---|---|
| committer | Pierre Schmitz <pierre@archlinux.de> | 2014-07-31 06:43:27 +0200 |
| commit | 027fc6e70f7f9ce8422d4798fb02e67ff271ae4c (patch) | |
| tree | 8163dff509e80309c82051a1095faab9396e280f /includes/api | |
| parent | f80b2307028ed4d9231a0bd46496b241dcf4aa5c (diff) | |
Update to MediaWiki 1.22.9
Diffstat (limited to 'includes/api')
| -rw-r--r-- | includes/api/ApiFormatJson.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php index 342a580f..4140583e 100644 --- a/includes/api/ApiFormatJson.php +++ b/includes/api/ApiFormatJson.php @@ -65,7 +65,9 @@ class ApiFormatJson extends ApiFormatBase { $callback = $params['callback']; if ( $callback !== null ) { $callback = preg_replace( "/[^][.\\'\\\"_A-Za-z0-9]/", '', $callback ); - $this->printText( "$callback($json)" ); + # Prepend a comment to try to avoid attacks against content + # sniffers, such as bug 68187. + $this->printText( "/**/$callback($json)" ); } else { $this->printText( $json ); } |