Send a blank email to [email protected] to get a copy of this message
Hello there,
This is a two-part patch. The first part patches one part of bug #64874, which is that lone JSON primitive values (true, false, null, string, number) cannot be deserialised with json_decode() if they have whitespace around them, though lone complex JSON values (array, object) can. The reason this part of the bug existed is because had somebody added support for deserialising JSON strings which don't consist of an array or an object, but instead of properly modifying the parser, added a poorly-written wrapper on the outside of it. This is essentially a fix to that wrapper. It should help bring json_decode() into actual JSON specification compliance. It is an entirely backwards-compatible fix, so I intend it to be added to 5.4 and 5.5:
Pull request here: https://github.com/php/php-src/pull/456
The second part is based off the first part, so includes the backwards-compatible fix, but also fixes the second part of bug #64874, which is that lone JSON true, false and null values are accepted in non-lowercase forms. This is due to, again, the poorly-written wrapper, which essentially did (strcasecmp(str, "true") == 0), despite the fact that the JSON specification states that only lowercase forms of true, false and null are permitted. Lowercase forms are already not permitted by the actual parser, it is only the wrapper which is at fault. This means that json_decode('[tRue]') is already invalid, but json_decode('tRue') is not. This patch will make the non-lowercase form error, as it should. This will also make it more specification-compliant, and more consistent with itself(!) Because no longer permitting these non-lowercase forms would break backwards-compatibility in the unlikely case that an application relied on malformed JSON, this fix is intended to go into PHP 5.6. In the event that it breaks someone's code working with a malformed dataset, it should be fairly simple to lowercase any non-lowercase true, false or null JSON strings.
Pull request here: https://github.com/php/php-src/pull/457
Both requests contain tests and UPGRADING and NEWS notes. The first is aimed at the PHP-5.4 branch, so it contains changes to UPGRADING and NEWS for 5.4. It would also need those notes copied to 5.5's, were it to be merged. The second is aimed at master, so it contains changes to master's UPGRADING and NEWS.
Thank you for your time.
--
Andrea Faulds
http://ajf.me/