[Pkg-mediawiki-devel] Bug#772764: CVE-2014-9277_2.patch breaks includes/api/ApiFormatJson.php / ApiFormatPhp.php
Merlijn van Deen
valhallasw at arctus.nl
Mon Dec 15 19:35:12 UTC 2014
Hello,
CVE-2014-9277_2.patch seems to contain htmlentities for quotes:
+ if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $json ) ) {
+ $json = preg_replace(
+ '/\<(\s*cross-domain-policy\s*)\>/i',
'\\u003C$1\\u003E', $json
+ );
+ }
which breaks both php files. Attached is a version where all ''s
have been replaced by '.
Merlijn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2014-9277_2.patch
Type: application/octet-stream
Size: 1655 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mediawiki-devel/attachments/20141215/3758a4ae/attachment.obj>
More information about the Pkg-mediawiki-devel
mailing list