[Pkg-mediawiki-devel] Bug#772764: CVE-2014-9277_2.patch breaks includes/api/ApiFormatJson.php / ApiFormatPhp.php

Merlijn van Deen valhallasw at arctus.nl
Mon Dec 15 19:35:12 UTC 2014


Hello,

CVE-2014-9277_2.patch seems to contain htmlentities for quotes:

+ if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $json ) ) {
+     $json = preg_replace(
+     '/\<(\s*cross-domain-policy\s*)\>/i',
'\\u003C$1\\u003E', $json
+     );
+ }

which breaks both php files. Attached is a version where all ''s
have been replaced by '.

Merlijn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2014-9277_2.patch
Type: application/octet-stream
Size: 1655 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20141215/3758a4ae/attachment.obj>


More information about the Pkg-mediawiki-devel mailing list