From 217cb2e3a6ea805eee4cc81b1cb43562620f88b3 Mon Sep 17 00:00:00 2001 From: Kevin Israel Date: Wed, 27 Mar 2013 22:04:58 -0400 Subject: [PATCH] Fix pretty JSON when strings end with backslashes If a string encoded as part of the output ends in a backslash (e.g. an edit token), FormatJson::prettyPrint() may incorrectly treat the unescaped double quote marking the end of the string as a character that is part of the string. This is a serious problem in that the "pretty" output may not necessarily be valid JSON; a later string literal might contain one or more of these tokens: :[{,]} To fix the bug, I exploit strtr's behavior when it is given an associative array having keys of the same length to skip over escaped backslashes while replacing escaped double quotes with "\x01". I also updated the corresponding unit test. Change-Id: I159105b6493c14b82cd0a41a95e04bfed744931e --- includes/json/FormatJson.php | 2 +- tests/phpunit/includes/json/FormatJsonTest.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/includes/json/FormatJson.php b/includes/json/FormatJson.php index 013d58966d..bdf98d5274 100644 --- a/includes/json/FormatJson.php +++ b/includes/json/FormatJson.php @@ -168,7 +168,7 @@ class FormatJson { private static function prettyPrint( $json ) { $buf = ''; $indent = 0; - $json = str_replace( '\"', "\x01", $json ); + $json = strtr( $json, array( '\\\\' => '\\\\', '\"' => "\x01" ) ); for ( $i = 0, $n = strlen( $json ); $i < $n; $i += $skip ) { $skip = 1; switch ( $json[$i] ) { diff --git a/tests/phpunit/includes/json/FormatJsonTest.php b/tests/phpunit/includes/json/FormatJsonTest.php index 9e25e18fa2..0782e4e54a 100644 --- a/tests/phpunit/includes/json/FormatJsonTest.php +++ b/tests/phpunit/includes/json/FormatJsonTest.php @@ -6,7 +6,7 @@ class FormatJsonTest extends MediaWikiTestCase { $obj = array( 'emptyObject' => new stdClass, 'emptyArray' => array(), - 'string' => 'foobar', + 'string' => 'foobar\\', 'filledArray' => array( array( 123, @@ -24,7 +24,7 @@ class FormatJsonTest extends MediaWikiTestCase { "emptyArray": [ ], - "string": "foobar", + "string": "foobar\\\\", "filledArray": [ [ 123, -- 2.20.1