return $this->mIsRaw;
}
+ /**
+ * @deprecated since 1.25
+ */
public function getWantsHelp() {
+ wfDeprecated( __METHOD__, '1.25' );
// Help is always ugly in JSON
return false;
}
$this->getIsHtml(),
$params['utf8'] ? FormatJson::ALL_OK : FormatJson::XMLMETA_OK
);
+
+ // Bug 66776: wfMangleFlashPolicy() is needed to avoid a nasty bug in
+ // Flash, but what it does isn't friendly for the API, so we need to
+ // work around it.
+ if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $json ) ) {
+ $json = preg_replace(
+ '/\<(\s*cross-domain-policy\s*)\>/i', '\\u003C$1\\u003E', $json
+ );
+ }
+
$callback = $params['callback'];
if ( $callback !== null ) {
$callback = preg_replace( "/[^][.\\'\\\"_A-Za-z0-9]/", '', $callback );
- $this->printText( "$callback($json)" );
+ # Prepend a comment to try to avoid attacks against content
+ # sniffers, such as bug 68187.
+ $this->printText( "/**/$callback($json)" );
} else {
$this->printText( $json );
}
public function getAllowedParams() {
return array(
- 'callback' => null,
- 'utf8' => false,
+ 'callback' => array(
+ ApiBase::PARAM_HELP_MSG => 'apihelp-json-param-callback',
+ ),
+ 'utf8' => array(
+ ApiBase::PARAM_DFLT => false,
+ ApiBase::PARAM_HELP_MSG => 'apihelp-json-param-utf8',
+ ),
);
}
-
- public function getParamDescription() {
- return array(
- 'callback' => 'If specified, wraps the output into a given function ' .
- 'call. For safety, all user-specific data will be restricted.',
- 'utf8' => 'If specified, encodes most (but not all) non-ASCII ' .
- 'characters as UTF-8 instead of replacing them with hexadecimal escape sequences.',
- );
- }
-
- public function getDescription() {
- if ( $this->mIsRaw ) {
- return 'Output data with the debugging elements in JSON format' . parent::getDescription();
- }
-
- return 'Output data in JSON format' . parent::getDescription();
- }
}
dépôts / lhc / web / wiklou.git / blobdiff