From: Kevin Israel <pleasestand@live.com>
Date: Thu, 28 Mar 2013 02:04:58 +0000 (-0400)
Subject: Fix pretty JSON when strings end with backslashes
X-Git-Tag: 1.31.0-rc.0~20161^2
X-Git-Url: http://git.cyclocoop.org/%22.%24redirect_annul.%22?a=commitdiff_plain;h=217cb2e3a6ea805eee4cc81b1cb43562620f88b3;p=lhc%2Fweb%2Fwiklou.git

Fix pretty JSON when strings end with backslashes

If a string encoded as part of the output ends in a backslash
(e.g. an edit token), FormatJson::prettyPrint() may incorrectly
treat the unescaped double quote marking the end of the string as
a character that is part of the string.

This is a serious problem in that the "pretty" output may not
necessarily be valid JSON; a later string literal might contain
one or more of these tokens: :[{,]}

To fix the bug, I exploit strtr's behavior when it is given an
associative array having keys of the same length to skip over
escaped backslashes while replacing escaped double quotes with "\x01".

I also updated the corresponding unit test.

Change-Id: I159105b6493c14b82cd0a41a95e04bfed744931e
---

diff --git a/includes/json/FormatJson.php b/includes/json/FormatJson.php
index 013d58966d..bdf98d5274 100644
--- a/includes/json/FormatJson.php
+++ b/includes/json/FormatJson.php
@@ -168,7 +168,7 @@ class FormatJson {
 	private static function prettyPrint( $json ) {
 		$buf = '';
 		$indent = 0;
-		$json = str_replace( '\"', "\x01", $json );
+		$json = strtr( $json, array( '\\\\' => '\\\\', '\"' => "\x01" ) );
 		for ( $i = 0, $n = strlen( $json ); $i < $n; $i += $skip ) {
 			$skip = 1;
 			switch ( $json[$i] ) {
diff --git a/tests/phpunit/includes/json/FormatJsonTest.php b/tests/phpunit/includes/json/FormatJsonTest.php
index 9e25e18fa2..0782e4e54a 100644
--- a/tests/phpunit/includes/json/FormatJsonTest.php
+++ b/tests/phpunit/includes/json/FormatJsonTest.php
@@ -6,7 +6,7 @@ class FormatJsonTest extends MediaWikiTestCase {
 		$obj = array(
 			'emptyObject' => new stdClass,
 			'emptyArray' => array(),
-			'string' => 'foobar',
+			'string' => 'foobar\\',
 			'filledArray' => array(
 				array(
 					123,
@@ -24,7 +24,7 @@ class FormatJsonTest extends MediaWikiTestCase {
     "emptyArray": [
 
     ],
-    "string": "foobar",
+    "string": "foobar\\\\",
     "filledArray": [
         [
             123,