The WDDX specification[1] requires to serialize floats with a decimal
point, but `snprintf()` is locale-dependent and may use a decimal
comma. We fix that afterwards by replacing an eventual comma with a
point.
[1] <http://xml.coverpages.org/wddx0090-dtd-
19980928.txt>
. Fixed bug #75054 (A Denial of Service Vulnerability was found when
performing deserialization). (Nikita)
+- WDDX:
+ . Fixed bug #73793 (WDDX uses wrong decimal seperator). (cmb)
+
- XMLRPC:
. Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared
properties). (blar)
--- /dev/null
+--TEST--
+Bug #73793 (WDDX uses wrong decimal seperator)
+--SKIPIF--
+<?php
+if (!extension_loaded('wddx')) print 'skip wddx extension not available';
+if (setlocale(LC_NUMERIC, ['de_DE', 'de_DE.UTF-8', 'de-DE']) === false) {
+ print 'skip German locale not available';
+}
+?>
+--FILE--
+<?php
+setlocale(LC_NUMERIC , ['de_DE', 'de_DE.UTF-8', 'de-DE']);
+var_dump(wddx_serialize_value(['foo' => 5.1]));
+?>
+===DONE===
+--EXPECT--
+string(120) "<wddxPacket version='1.0'><header/><data><struct><var name='foo'><number>5.1</number></var></struct></data></wddxPacket>"
+===DONE===
*/
static void php_wddx_serialize_number(wddx_packet *packet, zval *var)
{
- char tmp_buf[WDDX_BUF_LEN];
+ char tmp_buf[WDDX_BUF_LEN], *dec_point;
zend_string *str = zval_get_string(var);
snprintf(tmp_buf, sizeof(tmp_buf), WDDX_NUMBER, ZSTR_VAL(str));
zend_string_release(str);
+ dec_point = strchr(tmp_buf, ',');
+ if (dec_point) {
+ *dec_point = '.';
+ }
php_wddx_add_chunk(packet, tmp_buf);
}
/* }}} */
projects / php / commitdiff