function api_output_send($rsp, $more = array()) { $rsp['stat'] = isset($more['is_error']) ? 'error' : 'ok'; api_log(array('stat' => $rsp['stat']), 'write'); api_output_utils_start_headers($rsp, $more); if (features_is_enabled("api_cors")) { if ($origin = $GLOBALS['cfg']['api_cors_allow_origin']) { header("Access-Control-Allow-Origin: " . htmlspecialchars($origin)); } } if (!request_isset("inline")) { header("Content-Type: text/json"); } $json = json_encode($rsp); header("Content-Length: " . strlen($json)); echo $json; exit; }
function api_output_send($rsp, $callback, $more = array()) { $rsp['stat'] = isset($more['is_error']) ? 'error' : 'ok'; api_log(array('stat' => $rsp['stat']), 'write'); api_output_utils_start_headers($rsp, $more); if (features_is_enabled("api_cors")) { if ($origin = $GLOBALS['cfg']['api_cors_allow_origin']) { header("Access-Control-Allow-Origin: " . htmlspecialchars($origin)); } } $json = json_encode($rsp); # http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/ $jsonp = "/**/" . $callback . "(" . $json . ")"; header("Content-Disposition: attachment; filename=f.txt,"); header("X-Content-Type-Options: nosniff"); header("Content-Length: " . strlen($jsonp)); if (!request_isset("inline")) { header("Content-Type: application/javascript"); } echo $jsonp; exit; }