dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "FormatJson::parse( TRY_FIXING ) - remove trailing commas"
[lhc/web/wiklou.git] / includes / json / FormatJson.php
1 <?php
2 /**
3 * Wrapper for json_encode and json_decode.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
22
23 /**
24 * JSON formatter wrapper class
25 */
26 class FormatJson {
27 /**
28 * Skip escaping most characters above U+007F for readability and compactness.
29 * This encoding option saves 3 to 8 bytes (uncompressed) for each such character;
30 * however, it could break compatibility with systems that incorrectly handle UTF-8.
31 *
32 * @since 1.22
33 */
34 const UTF8_OK = 1;
35
36 /**
37 * Skip escaping the characters '<', '>', and '&', which have special meanings in
38 * HTML and XML.
39 *
40 * @warning Do not use this option for JSON that could end up in inline scripts.
41 * - HTML5, §4.3.1.2 Restrictions for contents of script elements
42 * - XML 1.0 (5th Ed.), §2.4 Character Data and Markup
43 *
44 * @since 1.22
45 */
46 const XMLMETA_OK = 2;
47
48 /**
49 * Skip escaping as many characters as reasonably possible.
50 *
51 * @warning When generating inline script blocks, use FormatJson::UTF8_OK instead.
52 *
53 * @since 1.22
54 */
55 const ALL_OK = 3;
56
57 /**
58 * If set, treat json objects '{...}' as associative arrays. Without this option,
59 * json objects will be converted to stdClass.
60 * The value is set to 1 to be backward compatible with 'true' that was used before.
61 *
62 * @since 1.24
63 */
64 const FORCE_ASSOC = 0x1;
65
66 /**
67 * If set, attempts to fix invalid json.
68 *
69 * @since 1.24
70 */
71 const TRY_FIXING = 0x2;
72
73 /**
74 * Regex that matches whitespace inside empty arrays and objects.
75 *
76 * This doesn't affect regular strings inside the JSON because those can't
77 * have a real line break (\n) in them, at this point they are already escaped
78 * as the string "\n" which this doesn't match.
79 *
80 * @private
81 */
82 const WS_CLEANUP_REGEX = '/(?<=[\[{])\n\s*+(?=[\]}])/';
83
84 /**
85 * Characters problematic in JavaScript.
86 *
87 * @note These are listed in ECMA-262 (5.1 Ed.), §7.3 Line Terminators along with U+000A (LF)
88 * and U+000D (CR). However, PHP already escapes LF and CR according to RFC 4627.
89 */
90 private static $badChars = array(
91 "\xe2\x80\xa8", // U+2028 LINE SEPARATOR
92 "\xe2\x80\xa9", // U+2029 PARAGRAPH SEPARATOR
93 );
94
95 /**
96 * Escape sequences for characters listed in FormatJson::$badChars.
97 */
98 private static $badCharsEscaped = array(
99 '\u2028', // U+2028 LINE SEPARATOR
100 '\u2029', // U+2029 PARAGRAPH SEPARATOR
101 );
102
103 /**
104 * Returns the JSON representation of a value.
105 *
106 * @note Empty arrays are encoded as numeric arrays, not as objects, so cast any associative
107 * array that might be empty to an object before encoding it.
108 *
109 * @note In pre-1.22 versions of MediaWiki, using this function for generating inline script
110 * blocks may result in an XSS vulnerability, and quite likely will in XML documents
111 * (cf. FormatJson::XMLMETA_OK). Use Xml::encodeJsVar() instead in such cases.
112 *
113 * @param mixed $value The value to encode. Can be any type except a resource.
114 * @param string|bool $pretty If a string, add non-significant whitespace to improve
115 * readability, using that string for indentation. If true, use the default indent
116 * string (four spaces).
117 * @param int $escaping Bitfield consisting of _OK class constants
118 * @return string|bool: String if successful; false upon failure
119 */
120 public static function encode( $value, $pretty = false, $escaping = 0 ) {
121 if ( !is_string( $pretty ) ) {
122 $pretty = $pretty ? ' ' : false;
123 }
124
125 if ( defined( 'JSON_UNESCAPED_UNICODE' ) ) {
126 return self::encode54( $value, $pretty, $escaping );
127 }
128
129 return self::encode53( $value, $pretty, $escaping );
130 }
131
132 /**
133 * Decodes a JSON string.
134 *
135 * @param string $value The JSON string being decoded
136 * @param bool $assoc When true, returned objects will be converted into associative arrays.
137 *
138 * @return mixed The value encoded in JSON in appropriate PHP type.
139 * `null` is returned if the JSON cannot be decoded or if the encoded data is deeper than
140 * the recursion limit.
141 */
142 public static function decode( $value, $assoc = false ) {
143 return json_decode( $value, $assoc );
144 }
145
146 /**
147 * Decodes a JSON string.
148 *
149 * @param string $value The JSON string being decoded
150 * @param int $options A bit field that allows FORCE_ASSOC, TRY_FIXING, WRAP_RESULT
151 * For backward compatibility, FORCE_ASSOC is set to 1 to match the legacy 'true'
152 * @return Status If good, the value is available in $result->getValue()
153 */
154 public static function parse( $value, $options = 0 ) {
155 $assoc = ( $options & self::FORCE_ASSOC ) !== 0;
156 $result = json_decode( $value, $assoc );
157 $code = json_last_error();
158
159 if ( $code === JSON_ERROR_SYNTAX && ( $options & self::TRY_FIXING ) !== 0 ) {
160 // The most common error is the trailing comma in a list or an object.
161 // We cannot simply replace /,\s*[}\]]/ because it could be inside a string value.
162 // But we could use the fact that JSON does not allow multi-line string values,
163 // And remove trailing commas if they are et the end of a line.
164 // JSON only allows 4 control characters: [ \t\r\n]. So we must not use '\s' for matching.
165 // Regex match ,]<any non-quote chars>\n or ,\n] with optional spaces/tabs.
166 $count = 0;
167 $value =
168 preg_replace( '/,([ \t]*[}\]][^"\r\n]*([\r\n]|$)|[ \t]*[\r\n][ \t\r\n]*[}\]])/', '$1',
169 $value, - 1, $count );
170 if ( $count > 0 ) {
171 $result = json_decode( $value, $assoc );
172 if ( JSON_ERROR_NONE === json_last_error() ) {
173 // Report warning
174 $st = Status::newGood( $result );
175 $st->warning( wfMessage( 'json-warn-trailing-comma' )->numParams( $count ) );
176 return $st;
177 }
178 }
179 }
180
181 switch ( $code ) {
182 case JSON_ERROR_NONE:
183 return Status::newGood( $result );
184 default:
185 return Status::newFatal( wfMessage( 'json-error-unknown' )->numParams( $code ) );
186 case JSON_ERROR_DEPTH:
187 $msg = 'json-error-depth';
188 break;
189 case JSON_ERROR_STATE_MISMATCH:
190 $msg = 'json-error-state-mismatch';
191 break;
192 case JSON_ERROR_CTRL_CHAR:
193 $msg = 'json-error-ctrl-char';
194 break;
195 case JSON_ERROR_SYNTAX:
196 $msg = 'json-error-syntax';
197 break;
198 case JSON_ERROR_UTF8:
199 $msg = 'json-error-utf8';
200 break;
201 case JSON_ERROR_RECURSION:
202 $msg = 'json-error-recursion';
203 break;
204 case JSON_ERROR_INF_OR_NAN:
205 $msg = 'json-error-inf-or-nan';
206 break;
207 case JSON_ERROR_UNSUPPORTED_TYPE:
208 $msg = 'json-error-unsupported-type';
209 break;
210 }
211 return Status::newFatal( $msg );
212 }
213
214 /**
215 * JSON encoder wrapper for PHP >= 5.4, which supports useful encoding options.
216 *
217 * @param mixed $value
218 * @param string|bool $pretty
219 * @param int $escaping
220 * @return string|bool
221 */
222 private static function encode54( $value, $pretty, $escaping ) {
223 static $bug66021;
224 if ( $pretty !== false && $bug66021 === null ) {
225 $bug66021 = json_encode( array(), JSON_PRETTY_PRINT ) !== '[]';
226 }
227
228 // PHP escapes '/' to prevent breaking out of inline script blocks using '</script>',
229 // which is hardly useful when '<' and '>' are escaped (and inadequate), and such
230 // escaping negatively impacts the human readability of URLs and similar strings.
231 $options = JSON_UNESCAPED_SLASHES;
232 $options |= $pretty !== false ? JSON_PRETTY_PRINT : 0;
233 $options |= ( $escaping & self::UTF8_OK ) ? JSON_UNESCAPED_UNICODE : 0;
234 $options |= ( $escaping & self::XMLMETA_OK ) ? 0 : ( JSON_HEX_TAG | JSON_HEX_AMP );
235 $json = json_encode( $value, $options );
236 if ( $json === false ) {
237 return false;
238 }
239
240 if ( $pretty !== false ) {
241 // Workaround for <https://bugs.php.net/bug.php?id=66021>
242 if ( $bug66021 ) {
243 $json = preg_replace( self::WS_CLEANUP_REGEX, '', $json );
244 }
245 if ( $pretty !== ' ' ) {
246 // Change the four-space indent to a tab indent
247 $json = str_replace( "\n ", "\n\t", $json );
248 while ( strpos( $json, "\t " ) !== false ) {
249 $json = str_replace( "\t ", "\t\t", $json );
250 }
251
252 if ( $pretty !== "\t" ) {
253 // Change the tab indent to the provided indent
254 $json = str_replace( "\t", $pretty, $json );
255 }
256 }
257 }
258 if ( $escaping & self::UTF8_OK ) {
259 $json = str_replace( self::$badChars, self::$badCharsEscaped, $json );
260 }
261
262 return $json;
263 }
264
265 /**
266 * JSON encoder wrapper for PHP 5.3, which lacks native support for some encoding options.
267 * Therefore, the missing options are implemented here purely in PHP code.
268 *
269 * @param mixed $value
270 * @param string|bool $pretty
271 * @param int $escaping
272 * @return string|bool
273 */
274 private static function encode53( $value, $pretty, $escaping ) {
275 $options = ( $escaping & self::XMLMETA_OK ) ? 0 : ( JSON_HEX_TAG | JSON_HEX_AMP );
276 $json = json_encode( $value, $options );
277 if ( $json === false ) {
278 return false;
279 }
280
281 // Emulate JSON_UNESCAPED_SLASHES. Because the JSON contains no unescaped slashes
282 // (only escaped slashes), a simple string replacement works fine.
283 $json = str_replace( '\/', '/', $json );
284
285 if ( $escaping & self::UTF8_OK ) {
286 // JSON hex escape sequences follow the format \uDDDD, where DDDD is four hex digits
287 // indicating the equivalent UTF-16 code unit's value. To most efficiently unescape
288 // them, we exploit the JSON extension's built-in decoder.
289 // * We escape the input a second time, so any such sequence becomes \\uDDDD.
290 // * To avoid interpreting escape sequences that were in the original input,
291 // each double-escaped backslash (\\\\) is replaced with \\\u005c.
292 // * We strip one of the backslashes from each of the escape sequences to unescape.
293 // * Then the JSON decoder can perform the actual unescaping.
294 $json = str_replace( "\\\\\\\\", "\\\\\\u005c", addcslashes( $json, '\"' ) );
295 $json = json_decode( preg_replace( "/\\\\\\\\u(?!00[0-7])/", "\\\\u", "\"$json\"" ) );
296 $json = str_replace( self::$badChars, self::$badCharsEscaped, $json );
297 }
298
299 if ( $pretty !== false ) {
300 return self::prettyPrint( $json, $pretty );
301 }
302
303 return $json;
304 }
305
306 /**
307 * Adds non-significant whitespace to an existing JSON representation of an object.
308 * Only needed for PHP < 5.4, which lacks the JSON_PRETTY_PRINT option.
309 *
310 * @param string $json
311 * @param string $indentString
312 * @return string
313 */
314 private static function prettyPrint( $json, $indentString ) {
315 $buf = '';
316 $indent = 0;
317 $json = strtr( $json, array( '\\\\' => '\\\\', '\"' => "\x01" ) );
318 for ( $i = 0, $n = strlen( $json ); $i < $n; $i += $skip ) {
319 $skip = 1;
320 switch ( $json[$i] ) {
321 case ':':
322 $buf .= ': ';
323 break;
324 case '[':
325 case '{':
326 ++$indent;
327 // falls through
328 case ',':
329 $buf .= $json[$i] . "\n" . str_repeat( $indentString, $indent );
330 break;
331 case ']':
332 case '}':
333 $buf .= "\n" . str_repeat( $indentString, --$indent ) . $json[$i];
334 break;
335 case '"':
336 $skip = strcspn( $json, '"', $i + 1 ) + 2;
337 $buf .= substr( $json, $i, $skip );
338 break;
339 default:
340 $skip = strcspn( $json, ',]}"', $i + 1 ) + 1;
341 $buf .= substr( $json, $i, $skip );
342 }
343 }
344 $buf = preg_replace( self::WS_CLEANUP_REGEX, '', $buf );
345
346 return str_replace( "\x01", '\"', $buf );
347 }
348 }
Wiklou, le Wiki du Wiklou