| [ Index ] |
PHP Cross Reference of MediaWiki-1.24.0 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * Wrapper for json_encode and json_decode. 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License along 16 * with this program; if not, write to the Free Software Foundation, Inc., 17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 * http://www.gnu.org/copyleft/gpl.html 19 * 20 * @file 21 */ 22 23 /** 24 * JSON formatter wrapper class 25 */ 26 class FormatJson { 27 /** 28 * Skip escaping most characters above U+007F for readability and compactness. 29 * This encoding option saves 3 to 8 bytes (uncompressed) for each such character; 30 * however, it could break compatibility with systems that incorrectly handle UTF-8. 31 * 32 * @since 1.22 33 */ 34 const UTF8_OK = 1; 35 36 /** 37 * Skip escaping the characters '<', '>', and '&', which have special meanings in 38 * HTML and XML. 39 * 40 * @warning Do not use this option for JSON that could end up in inline scripts. 41 * - HTML5, §4.3.1.2 Restrictions for contents of script elements 42 * - XML 1.0 (5th Ed.), §2.4 Character Data and Markup 43 * 44 * @since 1.22 45 */ 46 const XMLMETA_OK = 2; 47 48 /** 49 * Skip escaping as many characters as reasonably possible. 50 * 51 * @warning When generating inline script blocks, use FormatJson::UTF8_OK instead. 52 * 53 * @since 1.22 54 */ 55 const ALL_OK = 3; 56 57 /** 58 * If set, treat json objects '{...}' as associative arrays. Without this option, 59 * json objects will be converted to stdClass. 60 * The value is set to 1 to be backward compatible with 'true' that was used before. 61 * 62 * @since 1.24 63 */ 64 const FORCE_ASSOC = 0x100; 65 66 /** 67 * If set, attempts to fix invalid json. 68 * 69 * @since 1.24 70 */ 71 const TRY_FIXING = 0x200; 72 73 /** 74 * Regex that matches whitespace inside empty arrays and objects. 75 * 76 * This doesn't affect regular strings inside the JSON because those can't 77 * have a real line break (\n) in them, at this point they are already escaped 78 * as the string "\n" which this doesn't match. 79 * 80 * @private 81 */ 82 const WS_CLEANUP_REGEX = '/(?<=[\[{])\n\s*+(?=[\]}])/'; 83 84 /** 85 * Characters problematic in JavaScript. 86 * 87 * @note These are listed in ECMA-262 (5.1 Ed.), §7.3 Line Terminators along with U+000A (LF) 88 * and U+000D (CR). However, PHP already escapes LF and CR according to RFC 4627. 89 */ 90 private static $badChars = array( 91 "\xe2\x80\xa8", // U+2028 LINE SEPARATOR 92 "\xe2\x80\xa9", // U+2029 PARAGRAPH SEPARATOR 93 ); 94 95 /** 96 * Escape sequences for characters listed in FormatJson::$badChars. 97 */ 98 private static $badCharsEscaped = array( 99 '\u2028', // U+2028 LINE SEPARATOR 100 '\u2029', // U+2029 PARAGRAPH SEPARATOR 101 ); 102 103 /** 104 * Returns the JSON representation of a value. 105 * 106 * @note Empty arrays are encoded as numeric arrays, not as objects, so cast any associative 107 * array that might be empty to an object before encoding it. 108 * 109 * @note In pre-1.22 versions of MediaWiki, using this function for generating inline script 110 * blocks may result in an XSS vulnerability, and quite likely will in XML documents 111 * (cf. FormatJson::XMLMETA_OK). Use Xml::encodeJsVar() instead in such cases. 112 * 113 * @param mixed $value The value to encode. Can be any type except a resource. 114 * @param string|bool $pretty If a string, add non-significant whitespace to improve 115 * readability, using that string for indentation. If true, use the default indent 116 * string (four spaces). 117 * @param int $escaping Bitfield consisting of _OK class constants 118 * @return string|bool: String if successful; false upon failure 119 */ 120 public static function encode( $value, $pretty = false, $escaping = 0 ) { 121 if ( !is_string( $pretty ) ) { 122 $pretty = $pretty ? ' ' : false; 123 } 124 125 if ( defined( 'JSON_UNESCAPED_UNICODE' ) ) { 126 return self::encode54( $value, $pretty, $escaping ); 127 } 128 129 return self::encode53( $value, $pretty, $escaping ); 130 } 131 132 /** 133 * Decodes a JSON string. It is recommended to use FormatJson::parse(), which returns more comprehensive 134 * result in case of an error, and has more parsing options. 135 * 136 * @param string $value The JSON string being decoded 137 * @param bool $assoc When true, returned objects will be converted into associative arrays. 138 * 139 * @return mixed The value encoded in JSON in appropriate PHP type. 140 * `null` is returned if $value represented `null`, if $value could not be decoded, 141 * or if the encoded data was deeper than the recursion limit. 142 * Use FormatJson::parse() to distinguish between types of `null` and to get proper error code. 143 */ 144 public static function decode( $value, $assoc = false ) { 145 return json_decode( $value, $assoc ); 146 } 147 148 /** 149 * Decodes a JSON string. 150 * Unlike FormatJson::decode(), if $value represents null value, it will be properly decoded as valid. 151 * 152 * @param string $value The JSON string being decoded 153 * @param int $options A bit field that allows FORCE_ASSOC, TRY_FIXING 154 * @return Status If valid JSON, the value is available in $result->getValue() 155 */ 156 public static function parse( $value, $options = 0 ) { 157 $assoc = ( $options & self::FORCE_ASSOC ) !== 0; 158 $result = json_decode( $value, $assoc ); 159 $code = json_last_error(); 160 161 if ( $code === JSON_ERROR_SYNTAX && ( $options & self::TRY_FIXING ) !== 0 ) { 162 // The most common error is the trailing comma in a list or an object. 163 // We cannot simply replace /,\s*[}\]]/ because it could be inside a string value. 164 // But we could use the fact that JSON does not allow multi-line string values, 165 // And remove trailing commas if they are et the end of a line. 166 // JSON only allows 4 control characters: [ \t\r\n]. So we must not use '\s' for matching. 167 // Regex match ,]<any non-quote chars>\n or ,\n] with optional spaces/tabs. 168 $count = 0; 169 $value = 170 preg_replace( '/,([ \t]*[}\]][^"\r\n]*([\r\n]|$)|[ \t]*[\r\n][ \t\r\n]*[}\]])/', '$1', 171 $value, - 1, $count ); 172 if ( $count > 0 ) { 173 $result = json_decode( $value, $assoc ); 174 if ( JSON_ERROR_NONE === json_last_error() ) { 175 // Report warning 176 $st = Status::newGood( $result ); 177 $st->warning( wfMessage( 'json-warn-trailing-comma' )->numParams( $count ) ); 178 return $st; 179 } 180 } 181 } 182 183 switch ( $code ) { 184 case JSON_ERROR_NONE: 185 return Status::newGood( $result ); 186 default: 187 return Status::newFatal( wfMessage( 'json-error-unknown' )->numParams( $code ) ); 188 case JSON_ERROR_DEPTH: 189 $msg = 'json-error-depth'; 190 break; 191 case JSON_ERROR_STATE_MISMATCH: 192 $msg = 'json-error-state-mismatch'; 193 break; 194 case JSON_ERROR_CTRL_CHAR: 195 $msg = 'json-error-ctrl-char'; 196 break; 197 case JSON_ERROR_SYNTAX: 198 $msg = 'json-error-syntax'; 199 break; 200 case JSON_ERROR_UTF8: 201 $msg = 'json-error-utf8'; 202 break; 203 case JSON_ERROR_RECURSION: 204 $msg = 'json-error-recursion'; 205 break; 206 case JSON_ERROR_INF_OR_NAN: 207 $msg = 'json-error-inf-or-nan'; 208 break; 209 case JSON_ERROR_UNSUPPORTED_TYPE: 210 $msg = 'json-error-unsupported-type'; 211 break; 212 } 213 return Status::newFatal( $msg ); 214 } 215 216 /** 217 * JSON encoder wrapper for PHP >= 5.4, which supports useful encoding options. 218 * 219 * @param mixed $value 220 * @param string|bool $pretty 221 * @param int $escaping 222 * @return string|bool 223 */ 224 private static function encode54( $value, $pretty, $escaping ) { 225 static $bug66021; 226 if ( $pretty !== false && $bug66021 === null ) { 227 $bug66021 = json_encode( array(), JSON_PRETTY_PRINT ) !== '[]'; 228 } 229 230 // PHP escapes '/' to prevent breaking out of inline script blocks using '</script>', 231 // which is hardly useful when '<' and '>' are escaped (and inadequate), and such 232 // escaping negatively impacts the human readability of URLs and similar strings. 233 $options = JSON_UNESCAPED_SLASHES; 234 $options |= $pretty !== false ? JSON_PRETTY_PRINT : 0; 235 $options |= ( $escaping & self::UTF8_OK ) ? JSON_UNESCAPED_UNICODE : 0; 236 $options |= ( $escaping & self::XMLMETA_OK ) ? 0 : ( JSON_HEX_TAG | JSON_HEX_AMP ); 237 $json = json_encode( $value, $options ); 238 if ( $json === false ) { 239 return false; 240 } 241 242 if ( $pretty !== false ) { 243 // Workaround for <https://bugs.php.net/bug.php?id=66021> 244 if ( $bug66021 ) { 245 $json = preg_replace( self::WS_CLEANUP_REGEX, '', $json ); 246 } 247 if ( $pretty !== ' ' ) { 248 // Change the four-space indent to a tab indent 249 $json = str_replace( "\n ", "\n\t", $json ); 250 while ( strpos( $json, "\t " ) !== false ) { 251 $json = str_replace( "\t ", "\t\t", $json ); 252 } 253 254 if ( $pretty !== "\t" ) { 255 // Change the tab indent to the provided indent 256 $json = str_replace( "\t", $pretty, $json ); 257 } 258 } 259 } 260 if ( $escaping & self::UTF8_OK ) { 261 $json = str_replace( self::$badChars, self::$badCharsEscaped, $json ); 262 } 263 264 return $json; 265 } 266 267 /** 268 * JSON encoder wrapper for PHP 5.3, which lacks native support for some encoding options. 269 * Therefore, the missing options are implemented here purely in PHP code. 270 * 271 * @param mixed $value 272 * @param string|bool $pretty 273 * @param int $escaping 274 * @return string|bool 275 */ 276 private static function encode53( $value, $pretty, $escaping ) { 277 $options = ( $escaping & self::XMLMETA_OK ) ? 0 : ( JSON_HEX_TAG | JSON_HEX_AMP ); 278 $json = json_encode( $value, $options ); 279 if ( $json === false ) { 280 return false; 281 } 282 283 // Emulate JSON_UNESCAPED_SLASHES. Because the JSON contains no unescaped slashes 284 // (only escaped slashes), a simple string replacement works fine. 285 $json = str_replace( '\/', '/', $json ); 286 287 if ( $escaping & self::UTF8_OK ) { 288 // JSON hex escape sequences follow the format \uDDDD, where DDDD is four hex digits 289 // indicating the equivalent UTF-16 code unit's value. To most efficiently unescape 290 // them, we exploit the JSON extension's built-in decoder. 291 // * We escape the input a second time, so any such sequence becomes \\uDDDD. 292 // * To avoid interpreting escape sequences that were in the original input, 293 // each double-escaped backslash (\\\\) is replaced with \\\u005c. 294 // * We strip one of the backslashes from each of the escape sequences to unescape. 295 // * Then the JSON decoder can perform the actual unescaping. 296 $json = str_replace( "\\\\\\\\", "\\\\\\u005c", addcslashes( $json, '\"' ) ); 297 $json = json_decode( preg_replace( "/\\\\\\\\u(?!00[0-7])/", "\\\\u", "\"$json\"" ) ); 298 $json = str_replace( self::$badChars, self::$badCharsEscaped, $json ); 299 } 300 301 if ( $pretty !== false ) { 302 return self::prettyPrint( $json, $pretty ); 303 } 304 305 return $json; 306 } 307 308 /** 309 * Adds non-significant whitespace to an existing JSON representation of an object. 310 * Only needed for PHP < 5.4, which lacks the JSON_PRETTY_PRINT option. 311 * 312 * @param string $json 313 * @param string $indentString 314 * @return string 315 */ 316 private static function prettyPrint( $json, $indentString ) { 317 $buf = ''; 318 $indent = 0; 319 $json = strtr( $json, array( '\\\\' => '\\\\', '\"' => "\x01" ) ); 320 for ( $i = 0, $n = strlen( $json ); $i < $n; $i += $skip ) { 321 $skip = 1; 322 switch ( $json[$i] ) { 323 case ':': 324 $buf .= ': '; 325 break; 326 case '[': 327 case '{': 328 ++$indent; 329 // falls through 330 case ',': 331 $buf .= $json[$i] . "\n" . str_repeat( $indentString, $indent ); 332 break; 333 case ']': 334 case '}': 335 $buf .= "\n" . str_repeat( $indentString, --$indent ) . $json[$i]; 336 break; 337 case '"': 338 $skip = strcspn( $json, '"', $i + 1 ) + 2; 339 $buf .= substr( $json, $i, $skip ); 340 break; 341 default: 342 $skip = strcspn( $json, ',]}"', $i + 1 ) + 1; 343 $buf .= substr( $json, $i, $skip ); 344 } 345 } 346 $buf = preg_replace( self::WS_CLEANUP_REGEX, '', $buf ); 347 348 return str_replace( "\x01", '\"', $buf ); 349 } 350 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Fri Nov 28 14:03:12 2014 | Cross-referenced by PHPXref 0.7.1 |