resourceloader: Use makeComment() in tryRespondFromFileCache() for safety

Other code paths in this class already make use of this method,
but this was still embedding arbitrary strings directly, at the
risk of producting invalid CSS or invalid JavaScript.

Change-Id: Ied6c420536a3dd1ef8f3816a078705136e8475b1

diff --git a/includes/resourceloader/ResourceLoader.php b/includes/resourceloader/ResourceLoader.php
index ce18c32..55dc16e 100644 (file)
--- a/includes/resourceloader/ResourceLoader.php
+++ b/includes/resourceloader/ResourceLoader.php
@@ -808,7 +808,7 @@ class ResourceLoader {
                        // Capture any PHP warnings from the output buffer and append them to the
                        // response in a comment if we're in debug mode.
                        if ( $context->getDebug() && strlen( $warnings = ob_get_contents() ) ) {
-                               $response = "/*\n$warnings\n*/\n" . $response;
+                               $response = self::makeComment( $warnings ) . $response;
                        }
                        // Send content type and cache headers
                        $this->sendResponseHeaders( $context, $ts, false );