From 6af3d05b851161a42d29b1c032f30611c0b873ce Mon Sep 17 00:00:00 2001 From: Andrew Moore Date: Thu, 10 Jul 2014 09:27:11 -0400 Subject: [PATCH] [HttpFoundation] Fix to prevent magic bytes injection in JSONP responses (Prevents CVE-2014-4671) --- src/Symfony/Component/HttpFoundation/JsonResponse.php | 2 +- src/Symfony/Component/HttpFoundation/Tests/JsonResponseTest.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/HttpFoundation/JsonResponse.php b/src/Symfony/Component/HttpFoundation/JsonResponse.php index 15e7b582f7..83a607cd6e 100644 --- a/src/Symfony/Component/HttpFoundation/JsonResponse.php +++ b/src/Symfony/Component/HttpFoundation/JsonResponse.php @@ -111,7 +111,7 @@ class JsonResponse extends Response // Not using application/javascript for compatibility reasons with older browsers. $this->headers->set('Content-Type', 'text/javascript'); - return $this->setContent(sprintf('%s(%s);', $this->callback, $this->data)); + return $this->setContent(sprintf('/**/%s(%s);', $this->callback, $this->data)); } // Only set the header when there is none or when it equals 'text/javascript' (from a previous update with callback) diff --git a/src/Symfony/Component/HttpFoundation/Tests/JsonResponseTest.php b/src/Symfony/Component/HttpFoundation/Tests/JsonResponseTest.php index ef392ca59d..2cb6b68550 100644 --- a/src/Symfony/Component/HttpFoundation/Tests/JsonResponseTest.php +++ b/src/Symfony/Component/HttpFoundation/Tests/JsonResponseTest.php @@ -155,7 +155,7 @@ class JsonResponseTest extends \PHPUnit_Framework_TestCase { $response = JsonResponse::create(array('foo' => 'bar'))->setCallback('callback'); - $this->assertEquals('callback({"foo":"bar"});', $response->getContent()); + $this->assertEquals('/**/callback({"foo":"bar"});', $response->getContent()); $this->assertEquals('text/javascript', $response->headers->get('Content-Type')); }