| blob | f3e5c76ddf26cbcc6bab80d2831930551dbab46c |
1 <?php
2 /**
3 * Wrapper for json_encode and json_decode.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 */
23 /**
24 * JSON formatter wrapper class
25 */
27 /**
28 * Skip escaping most characters above U+007F for readability and compactness.
29 * This encoding option saves 3 to 8 bytes (uncompressed) for each such character;
30 * however, it could break compatibility with systems that incorrectly handle UTF-8.
31 *
32 * @since 1.22
33 */
36 /**
37 * Skip escaping the characters '<', '>', and '&', which have special meanings in
38 * HTML and XML.
39 *
40 * @warning Do not use this option for JSON that could end up in inline scripts.
41 * - HTML5, §4.3.1.2 Restrictions for contents of script elements
42 * - XML 1.0 (5th Ed.), §2.4 Character Data and Markup
43 *
44 * @since 1.22
45 */
48 /**
49 * Skip escaping as many characters as reasonably possible.
50 *
51 * @warning When generating inline script blocks, use FormatJson::UTF8_OK instead.
52 *
53 * @since 1.22
54 */
57 /**
58 * If set, treat json objects '{...}' as associative arrays. Without this option,
59 * json objects will be converted to stdClass.
60 * The value is set to 1 to be backward compatible with 'true' that was used before.
61 *
62 * @since 1.24
63 */
66 /**
67 * If set, attempts to fix invalid json.
68 *
69 * @since 1.24
70 */
73 /**
74 * Regex that matches whitespace inside empty arrays and objects.
75 *
76 * This doesn't affect regular strings inside the JSON because those can't
77 * have a real line break (\n) in them, at this point they are already escaped
78 * as the string "\n" which this doesn't match.
79 *
80 * @private
81 */
84 /**
85 * Characters problematic in JavaScript.
86 *
87 * @note These are listed in ECMA-262 (5.1 Ed.), §7.3 Line Terminators along with U+000A (LF)
88 * and U+000D (CR). However, PHP already escapes LF and CR according to RFC 4627.
89 */
93 );
95 /**
96 * Escape sequences for characters listed in FormatJson::$badChars.
97 */
101 );
103 /**
104 * Returns the JSON representation of a value.
105 *
106 * @note Empty arrays are encoded as numeric arrays, not as objects, so cast any associative
107 * array that might be empty to an object before encoding it.
108 *
109 * @note In pre-1.22 versions of MediaWiki, using this function for generating inline script
110 * blocks may result in an XSS vulnerability, and quite likely will in XML documents
111 * (cf. FormatJson::XMLMETA_OK). Use Xml::encodeJsVar() instead in such cases.
112 *
113 * @param mixed $value The value to encode. Can be any type except a resource.
114 * @param string|bool $pretty If a string, add non-significant whitespace to improve
115 * readability, using that string for indentation. If true, use the default indent
116 * string (four spaces).
117 * @param int $escaping Bitfield consisting of _OK class constants
118 * @return string|bool: String if successful; false upon failure
119 */
123 }
127 }
130 }
132 /**
133 * Decodes a JSON string. It is recommended to use FormatJson::parse(), which returns more comprehensive
134 * result in case of an error, and has more parsing options.
135 *
136 * @param string $value The JSON string being decoded
137 * @param bool $assoc When true, returned objects will be converted into associative arrays.
138 *
139 * @return mixed The value encoded in JSON in appropriate PHP type.
140 * `null` is returned if $value represented `null`, if $value could not be decoded,
141 * or if the encoded data was deeper than the recursion limit.
142 * Use FormatJson::parse() to distinguish between types of `null` and to get proper error code.
143 */
146 }
148 /**
149 * Decodes a JSON string.
150 * Unlike FormatJson::decode(), if $value represents null value, it will be properly decoded as valid.
151 *
152 * @param string $value The JSON string being decoded
153 * @param int $options A bit field that allows FORCE_ASSOC, TRY_FIXING
154 * @return Status If valid JSON, the value is available in $result->getValue()
155 */
162 // The most common error is the trailing comma in a list or an object.
163 // We cannot simply replace /,\s*[}\]]/ because it could be inside a string value.
164 // But we could use the fact that JSON does not allow multi-line string values,
165 // And remove trailing commas if they are et the end of a line.
166 // JSON only allows 4 control characters: [ \t\r\n]. So we must not use '\s' for matching.
167 // Regex match ,]<any non-quote chars>\n or ,\n] with optional spaces/tabs.
175 // Report warning
179 }
180 }
181 }
212 }
214 }
216 /**
217 * JSON encoder wrapper for PHP >= 5.4, which supports useful encoding options.
218 *
219 * @param mixed $value
220 * @param string|bool $pretty
221 * @param int $escaping
222 * @return string|bool
223 */
228 }
230 // PHP escapes '/' to prevent breaking out of inline script blocks using '</script>',
231 // which is hardly useful when '<' and '>' are escaped (and inadequate), and such
232 // escaping negatively impacts the human readability of URLs and similar strings.
240 }
243 // Workaround for <https://bugs.php.net/bug.php?id=66021>
246 }
248 // Change the four-space indent to a tab indent
252 }
255 // Change the tab indent to the provided indent
257 }
258 }
259 }
262 }
265 }
267 /**
268 * JSON encoder wrapper for PHP 5.3, which lacks native support for some encoding options.
269 * Therefore, the missing options are implemented here purely in PHP code.
270 *
271 * @param mixed $value
272 * @param string|bool $pretty
273 * @param int $escaping
274 * @return string|bool
275 */
281 }
283 // Emulate JSON_UNESCAPED_SLASHES. Because the JSON contains no unescaped slashes
284 // (only escaped slashes), a simple string replacement works fine.
288 // JSON hex escape sequences follow the format \uDDDD, where DDDD is four hex digits
289 // indicating the equivalent UTF-16 code unit's value. To most efficiently unescape
290 // them, we exploit the JSON extension's built-in decoder.
291 // * We escape the input a second time, so any such sequence becomes \\uDDDD.
292 // * To avoid interpreting escape sequences that were in the original input,
293 // each double-escaped backslash (\\\\) is replaced with \\\u005c.
294 // * We strip one of the backslashes from each of the escape sequences to unescape.
295 // * Then the JSON decoder can perform the actual unescaping.
299 }
303 }
306 }
308 /**
309 * Adds non-significant whitespace to an existing JSON representation of an object.
310 * Only needed for PHP < 5.4, which lacks the JSON_PRETTY_PRINT option.
311 *
312 * @param string $json
313 * @param string $indentString
314 * @return string
315 */
329 // falls through
344 }
345 }
349 }
350 }