Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F14104
bug68187-REL1_19.patch
Public
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
•
bzimport
Nov 22 2014, 3:26 AM
2014-11-22 03:26:00 (UTC+0)
Size
996 B
Referenced Files
None
Subscribers
None
bug68187-REL1_19.patch
View Options
From 9d407a37a4ec361a512b1ea6eaf7faec4a77e2b9 Mon Sep 17 00:00:00 2001
From: csteipp <csteipp@wikimedia.org>
Date: Thu, 17 Jul 2014 13:24:56 -0700
Subject: [PATCH] SECURITY: Prepend jsonp callback with comment
Mitigate CVE-2014-4671 for unpatched flash players
Bug: 68187
Change-Id: I2f46e623c1f541dbbafb6e8333e0929055098b15
---
includes/api/ApiFormatJson.php | 3 +++
1 file changed, 3 insertions(+)
diff --git a/includes/api/ApiFormatJson.php b/includes/api/ApiFormatJson.php
index e728d05..6a13fa1 100644
--- a/includes/api/ApiFormatJson.php
+++ b/includes/api/ApiFormatJson.php
@@ -62,6 +62,9 @@ class ApiFormatJson extends ApiFormatBase {
$callback = $params['callback'];
if ( !is_null( $callback ) ) {
$prefix = preg_replace( "/[^][.\\'\\\"_A-Za-z0-9]/", '', $callback ) . '(';
+ # Prepend a comment to try to avoid attacks against content
+ # sniffers, such as bug 68187.
+ $prefix = ( "/**/$prefix" );
$suffix = ')';
}
$this->printText(
--
1.9.2.msysgit.0
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
13521
Default Alt Text
bug68187-REL1_19.patch (996 B)
Attached To
Mode
T70187: Mitigate CVE-2014-4671 (jsonp flash)
Attached
Detach File
Event Timeline
Log In to Comment