|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2014-04-10 12:50 UTC] mail+bugs dot php dot net at kazik dot de
Description: ------------ The function json_encode does not encode strings accordingly to the json definition. It affects at least php since 5.3.28 up to the latest version (currently 5.5.11). According to the definition a string may not contain a quote, slash or control character. Control characters are the c0 set (0x00-0x1f), delete (0x7f) and the c1 set (0x80-0x9f) (see http://en.wikipedia.org/wiki/Unicode_control_characters). Source: ext/json/json.c, function json_escape_string The function only checks for the c0 set but does not handle delete and the c1 set correctly. The c1 set bug is only affected with the option JSON_UNESCAPED_UNICODE (since php 5.4.0). Test script: --------------- echo json_encode(chr(0x7f)).PHP_EOL; echo json_encode(chr(0xc2).chr(0x80)), JSON_UNESCAPED_UNICODE).PHP_EOL; // the utf8 representation of \u0080 Expected result: ---------------- "\u007f" "\u0080" Actual result: -------------- '"'.chr(0x7f).'"' '"'.chr(0xc2).chr(0x80).'"' // the utf8 representation of /u0080 Patchespatch_json.diff (last revision 2014-04-10 12:51 UTC by mail+bugs dot php dot net at kazik dot de)Pull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Oct 29 10:00:01 2025 UTC |
> The function json_encode does not encode strings accordingly to the json definition. In RFC 7159, section "7. Strings" defines the "control characters" as only "U+0000 through U+001F". More specifically, the characters you mention are explicitly allowed to be left unescaped: unescaped = %x20-21 / %x23-5B / %x5D-10FFFF Note that JavaScript's JSON.stringify() doesn't escape "\u007f" either.