diff options
| -rw-r--r-- | NEWS | 4 | ||||
| -rwxr-xr-x | UPGRADING | 8 | ||||
| -rw-r--r-- | ext/json/json.c | 6 | ||||
| -rw-r--r-- | ext/json/tests/bug64874_part2.phpt | 69 |
4 files changed, 84 insertions, 3 deletions
@@ -31,6 +31,10 @@ PHP NEWS - Hash: . Added gost-crypto (CryptoPro S-box) GOST hash algo. (Manuel Mausz) +- JSON: + . Fixed case part of bug #64874 ("json_decode handles whitespace and + case-sensitivity incorrectly") + - mysqlnd: . Disabled flag for SP OUT variables for 5.5+ servers as they are not natively supported by the overlying APIs. (Andrey) @@ -30,6 +30,14 @@ PHP X.Y UPGRADE NOTES } ?> +- JSON: + json_decode() no longer accepts non-lowercase variants of lone JSON true, + false or null values. For example, True or FALSE will now cause json_decode to + return NULL and set an error value you can fetch with json_last_error(). + This affects JSON texts consisting solely of true, false or null. Text + containing non-lowercase values inside JSON arrays or objects has never been + accepted. + ======================================== 2. New Features ======================================== diff --git a/ext/json/json.c b/ext/json/json.c index c3664b9ee9..80bbef7b7c 100644 --- a/ext/json/json.c +++ b/ext/json/json.c @@ -712,14 +712,14 @@ PHP_JSON_API void php_json_decode_ex(zval *return_value, char *str, int str_len, RETVAL_NULL(); if (trim_len == 4) { - if (!strncasecmp(trim, "null", trim_len)) { + if (!strncmp(trim, "null", trim_len)) { /* We need to explicitly clear the error because its an actual NULL and not an error */ jp->error_code = PHP_JSON_ERROR_NONE; RETVAL_NULL(); - } else if (!strncasecmp(trim, "true", trim_len)) { + } else if (!strncmp(trim, "true", trim_len)) { RETVAL_BOOL(1); } - } else if (trim_len == 5 && !strncasecmp(trim, "false", trim_len)) { + } else if (trim_len == 5 && !strncmp(trim, "false", trim_len)) { RETVAL_BOOL(0); } diff --git a/ext/json/tests/bug64874_part2.phpt b/ext/json/tests/bug64874_part2.phpt new file mode 100644 index 0000000000..338fc1141a --- /dev/null +++ b/ext/json/tests/bug64874_part2.phpt @@ -0,0 +1,69 @@ +--TEST-- +Case-sensitivity part of bug #64874 ("json_decode handles whitespace and case-sensitivity incorrectly") +--SKIPIF-- +<?php if (!extension_loaded("json")) print "skip"; ?> +--FILE-- +<?php +function decode($json) { + var_dump(json_decode($json)); + echo ((json_last_error() !== 0) ? 'ERROR' : 'SUCCESS') . PHP_EOL; +} + +// Only lowercase should work +decode('true'); +decode('True'); +decode('[true]'); +decode('[True]'); +echo PHP_EOL; + +decode('false'); +decode('False'); +decode('[false]'); +decode('[False]'); +echo PHP_EOL; + +decode('null'); +decode('Null'); +decode('[null]'); +decode('[Null]'); +echo PHP_EOL; + +echo "Done\n"; +--EXPECT-- +bool(true) +SUCCESS +NULL +ERROR +array(1) { + [0]=> + bool(true) +} +SUCCESS +NULL +ERROR + +bool(false) +SUCCESS +NULL +ERROR +array(1) { + [0]=> + bool(false) +} +SUCCESS +NULL +ERROR + +NULL +SUCCESS +NULL +ERROR +array(1) { + [0]=> + NULL +} +SUCCESS +NULL +ERROR + +Done |