Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Fixed bug #64874 ("json_decode handles whitespace and case-sensitivity incorrectly") #457

Closed
wants to merge 7 commits into from

2 participants

Andrea Faulds Jakub Zelenka
Andrea Faulds

This fixes the JSON parser's handling of top-level primitives. Specifically, it fixes whitespace (previously "[true] " decoded fine but " true" didn't), and case (previously "tRue" decoded fine and [tRue] did not, however both are RFC non-compliant). This is a tiny change, but because of the very unlikely case that there was PHP code relying on deserialising strings like "Null", despite RFC non-compliance and no JSON serialisers outputting it, I must classify this as "backwards-incompatible". Hence, this should be merged into master and hopefully PHP 5.6.

I have a separate request which is the backwards-compatible half of this request that only fixes the whitespace issue. It is supposed to be merged into PHP 5.4 and PHP 5.5, since it is a non-backwards-incompatible bug fix: #456

EDIT: The backwards-compatible portion is now into 5.4, 5.5 and master. Hence this request now purely concerns the case-sensitivity portion.

Jakub Zelenka

Wouldn't be better to implement the white space fix to JSON_parser.c?

Andrea Faulds

Well, that would involve modifying the parser to support these values at the top level in the first place. Which would mean reimplementing incorrect behaviour (the "tRue" bug) inside the parser and removing the wrapper code in the backwards-compatible half (and I wouldn't be surprised if this would introduce news bugs), then fixing the incorrect behaviour in this request. Unfortunately I don't understand the parser well enough to be able to make it support this. Perhaps the short-circuit is good anyhow, since it may be faster than using the parser directly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Sep 17, 2013
  1. Andrea Faulds
Commits on Oct 15, 2013
  1. Andrea Faulds
  2. Andrea Faulds
  3. Andrea Faulds

    NEWS and UPGRADING

    TazeTSchnitzel authored
  4. Andrea Faulds
Commits on Nov 2, 2013
  1. Andrea Faulds

    Merge branch 'JSONWhitespaceAndCaseFix' of github.com:TazeTSchnitzel/…

    TazeTSchnitzel authored
    …php-src into JSONWhitespaceAndCaseFix
Commits on Nov 11, 2013
  1. Andrea Faulds

    Merge branch 'master' into JSONWhitespaceAndCaseFix

    TazeTSchnitzel authored
    Conflicts:
    	NEWS
    	UPGRADING
This page is out of date. Refresh to see the latest.
4 NEWS
View
@@ -2,4 +2,8 @@ PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? 20??, PHP 5.7.0
+- JSON:
+ . Fixed bug #64874 ("json_decode handles whitespace and case-sensitivity
+ incorrectly")
+
<<< NOTE: Insert NEWS from last stable release here prior to actual release! >>>
8 UPGRADING
View
@@ -21,6 +21,14 @@ PHP X.Y UPGRADE NOTES
========================================
+- JSON:
+ Fixed bug #64874 ("json_decode handles whitespace and case-sensitivity
+ incorrectly")
+ This means that when a non-lowercase JSON text containing only JSON true,
+ false or null is passed to json_decode(), it will error. Please note however
+ that non-lowercase true, false or null have never been accepted inside JSON
+ arrays or JSON strings. This only applies to deserialising single values.
+
========================================
2. New Features
========================================
6 ext/json/json.c
View
@@ -712,14 +712,14 @@ PHP_JSON_API void php_json_decode_ex(zval *return_value, char *str, int str_len,
RETVAL_NULL();
if (trim_len == 4) {
- if (!strncasecmp(trim, "null", trim_len)) {
+ if (!strncmp(trim, "null", trim_len)) {
/* We need to explicitly clear the error because its an actual NULL and not an error */
jp->error_code = PHP_JSON_ERROR_NONE;
RETVAL_NULL();
- } else if (!strncasecmp(trim, "true", trim_len)) {
+ } else if (!strncmp(trim, "true", trim_len)) {
RETVAL_BOOL(1);
}
- } else if (trim_len == 5 && !strncasecmp(trim, "false", trim_len)) {
+ } else if (trim_len == 5 && !strncmp(trim, "false", trim_len)) {
RETVAL_BOOL(0);
}
41 ext/json/tests/bug64874_part2.phpt
View
@@ -0,0 +1,41 @@
+--TEST--
+Case-sensitivity part of bug #64874 ("json_decode handles whitespace and case-sensitivity incorrectly")
+--SKIPIF--
+<?php if (!extension_loaded("json")) print "skip"; ?>
+--FILE--
+<?php
+function decode($json) {
+ var_dump(json_decode($json));
+ var_dump(json_last_error() !== 0);
+ echo "\n";
+}
+
+// Only lowercase should work
+decode('true');
+decode('True');
+decode('false');
+decode('False');
+decode('null');
+decode('Null');
+
+echo "Done\n";
+--EXPECT--
+bool(true)
+bool(false)
+
+NULL
+bool(true)
+
+bool(false)
+bool(false)
+
+NULL
+bool(true)
+
+NULL
+bool(false)
+
+NULL
+bool(true)
+
+Done
Something went wrong with that request. Please try again.