Bug#772764: CVE-2014-9277_2.patch breaks includes/api/ApiFormatJson.php / ApiFormatPhp.php

[Merlijn van Deen]

Hello,

CVE-2014-9277_2.patch seems to contain htmlentities for quotes:

+ if ( preg_match( '/\<\s*cross-domain-policy\s*\>/i', $json ) ) {
+     $json = preg_replace(
+     '/\<(\s*cross-domain-policy\s*)\>/i&#039;,
&#039;\\u003C$1\\u003E&#039;, $json
+     );
+ }

which breaks both php files. Attached is a version where all &#039;'s
have been replaced by '.

Merlijn

CVE-2014-9277_2.patch
Description: Binary data