Fixed case part of bug #64874 ("json_decode handles whitespace and case-sensitivity...

diff --git a/NEWS b/NEWS
index fdfaef53cb58f1c3c5c13793558cd98982225243..cfaafd0699e772da2b9907ebfb16ffe32182ce68 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -31,6 +31,10 @@ PHP                                                                        NEWS
 - Hash:
   . Added gost-crypto (CryptoPro S-box) GOST hash algo. (Manuel Mausz)
 
+- JSON:
+  . Fixed case part of bug #64874 ("json_decode handles whitespace and
+    case-sensitivity incorrectly")
+
 - mysqlnd:
   . Disabled flag for SP OUT variables for 5.5+ servers as they are not natively
     supported by the overlying APIs. (Andrey)

diff --git a/UPGRADING b/UPGRADING
index 022918cb145942582fd592d5b49fefbd8b1ad3fc..b680a9fbe5f9719a1c797cb6683df0aaec89a441 100755 (executable)
--- a/UPGRADING
+++ b/UPGRADING
@@ -30,6 +30,14 @@ PHP X.Y UPGRADE NOTES
   }
   ?>
 
+- JSON:
+  json_decode() no longer accepts non-lowercase variants of lone JSON true,
+  false or null values. For example, True or FALSE will now cause json_decode to
+  return NULL and set an error value you can fetch with json_last_error().
+  This affects JSON texts consisting solely of true, false or null. Text
+  containing non-lowercase values inside JSON arrays or objects has never been
+  accepted.
+
 ========================================
 2. New Features
 ========================================

diff --git a/ext/json/json.c b/ext/json/json.c
index c3664b9ee9418e20d407900ad31cce8c913e78ff..80bbef7b7c79a3ce50a4cbadd8284979697a8786 100644 (file)
--- a/ext/json/json.c
+++ b/ext/json/json.c
@@ -712,14 +712,14 @@ PHP_JSON_API void php_json_decode_ex(zval *return_value, char *str, int str_len,
 
                RETVAL_NULL();
                if (trim_len == 4) {
-                       if (!strncasecmp(trim, "null", trim_len)) {
+                       if (!strncmp(trim, "null", trim_len)) {
                                /* We need to explicitly clear the error because its an actual NULL and not an error */
                                jp->error_code = PHP_JSON_ERROR_NONE;
                                RETVAL_NULL();
-                       } else if (!strncasecmp(trim, "true", trim_len)) {
+                       } else if (!strncmp(trim, "true", trim_len)) {
                                RETVAL_BOOL(1);
                        }
-               } else if (trim_len == 5 && !strncasecmp(trim, "false", trim_len)) {
+               } else if (trim_len == 5 && !strncmp(trim, "false", trim_len)) {
                        RETVAL_BOOL(0);
                }
 

diff --git a/ext/json/tests/bug64874_part2.phpt b/ext/json/tests/bug64874_part2.phpt
new file mode 100644 (file)
index 0000000..338fc11
--- /dev/null
+++ b/ext/json/tests/bug64874_part2.phpt
@@ -0,0 +1,69 @@
+--TEST--
+Case-sensitivity part of bug #64874 ("json_decode handles whitespace and case-sensitivity incorrectly")
+--SKIPIF--
+<?php if (!extension_loaded("json")) print "skip"; ?>
+--FILE--
+<?php
+function decode($json) {
+    var_dump(json_decode($json));
+    echo ((json_last_error() !== 0) ? 'ERROR' : 'SUCCESS') . PHP_EOL;
+}
+
+// Only lowercase should work
+decode('true');
+decode('True');
+decode('[true]');
+decode('[True]');
+echo PHP_EOL;
+
+decode('false');
+decode('False');
+decode('[false]');
+decode('[False]');
+echo PHP_EOL;
+
+decode('null');
+decode('Null');
+decode('[null]');
+decode('[Null]');
+echo PHP_EOL;
+
+echo "Done\n";
+--EXPECT--
+bool(true)
+SUCCESS
+NULL
+ERROR
+array(1) {
+  [0]=>
+  bool(true)
+}
+SUCCESS
+NULL
+ERROR
+
+bool(false)
+SUCCESS
+NULL
+ERROR
+array(1) {
+  [0]=>
+  bool(false)
+}
+SUCCESS
+NULL
+ERROR
+
+NULL
+SUCCESS
+NULL
+ERROR
+array(1) {
+  [0]=>
+  NULL
+}
+SUCCESS
+NULL
+ERROR
+
+Done