diff options
author | Thomas Steur <thomas.steur@gmail.com> | 2015-01-27 22:48:43 +0300 |
---|---|---|
committer | Thomas Steur <thomas.steur@gmail.com> | 2015-01-27 22:48:43 +0300 |
commit | 920f0a4f297015ad10ef0d4b4dc3b95e5eac2619 (patch) | |
tree | 6caff0881200bdf57a63764a72f1f371c59ece51 | |
parent | 88161c745dd920bb2165ed19ff580d499bfdaf2a (diff) |
refs #7075 send correct header if JSONP is used to prevent possible errors in combination with nosniff
-rw-r--r-- | plugins/API/Renderer/Json.php | 40 | ||||
-rw-r--r-- | plugins/API/tests/Unit/JsonRendererTest.php | 1 |
2 files changed, 31 insertions, 10 deletions
diff --git a/plugins/API/Renderer/Json.php b/plugins/API/Renderer/Json.php index 89db01a816..1dffa1f45f 100644 --- a/plugins/API/Renderer/Json.php +++ b/plugins/API/Renderer/Json.php @@ -61,15 +61,27 @@ class Json extends ApiRenderer public function sendHeader() { - Renderer\Json::sendHeaderJSON(); + if ($this->isJsonp()) { + Common::sendHeader('Content-Type: application/javascript; charset=utf-8'); + } else { + Renderer\Json::sendHeaderJSON(); + } + ProxyHttp::overrideCacheControlHeaders(); } - /** - * @param $str - * @return string - */ - private function applyJsonpIfNeeded($str) + private function isJsonp() + { + $callback = $this->getJsonpCallback(); + + if (false === $callback) { + return false; + } + + return preg_match('/^[0-9a-zA-Z_.]*$/D', $callback) > 0; + } + + private function getJsonpCallback() { $jsonCallback = Common::getRequestVar('callback', false, null, $this->request); @@ -77,10 +89,18 @@ class Json extends ApiRenderer $jsonCallback = Common::getRequestVar('jsoncallback', false, null, $this->request); } - if ($jsonCallback !== false) { - if (preg_match('/^[0-9a-zA-Z_.]*$/D', $jsonCallback) > 0) { - $str = $jsonCallback . "(" . $str . ")"; - } + return $jsonCallback; + } + + /** + * @param $str + * @return string + */ + private function applyJsonpIfNeeded($str) + { + if ($this->isJsonp()) { + $jsonCallback = $this->getJsonpCallback(); + $str = $jsonCallback . "(" . $str . ")"; } return $str; diff --git a/plugins/API/tests/Unit/JsonRendererTest.php b/plugins/API/tests/Unit/JsonRendererTest.php index c4fa076483..68ed45b9f3 100644 --- a/plugins/API/tests/Unit/JsonRendererTest.php +++ b/plugins/API/tests/Unit/JsonRendererTest.php @@ -16,6 +16,7 @@ use Piwik\Plugins\API\Renderer\Json2; * @group Plugin * @group API * @group API_JsonRendererTest + * @group JsonRenderer */ class JsonRendererTest extends \PHPUnit_Framework_TestCase { |