php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #70680 JSON_NUMERIC_CHECK does not respect the definition of numbers in RFC4627/7159
Submitted: 2015-10-09 14:48 UTC Modified: 2015-10-21 18:00 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: maxime dot morin at solumation dot ca Assigned: bukka (profile)
Status: Not a bug Package: JSON related
PHP Version: 5.4.45 OS: Debian
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: maxime dot morin at solumation dot ca
New email:
PHP Version: OS:

 

 [2015-10-09 14:48 UTC] maxime dot morin at solumation dot ca 
Description:
------------
According to the JSON specification, a number cannot start with a 0 nor with a +.

See section 6:
"Leading zeros are not allowed."
"number = [ minus ] int [ frac ] [ exp ]"
http://www.faqs.org/rfcs/rfc7159.html

Therefore, any string starting with a 0 or a + should fail the JSON_NUMERIC_CHECK and not be cast to an int.

Test script:
---------------
print_r(json_encode(array("shouldBeString0123456" => "0123456", "shouldBeString+0123456" => "+0123456", "isInt" => "123456"), JSON_NUMERIC_CHECK));

Expected result:
----------------
{
    "shouldBeString0123456":"0123456",
    "shouldBeString+0123456":"+0123456",
    "isInt":123456
}

Actual result:
--------------
{
    "shouldBeString0123456":123456,    // Bad
    "shouldBeString+0123456":123456,   // Bad
    "isInt":123456                     // Good
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-10-11 18:48 UTC] bukka@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: bukka
 [2015-10-11 18:48 UTC] bukka@php.net 
JSON_NUMERIC_CHECK is not about checking JSON number definition but checking whether we can convert PHP string to number (PHP number definition rules applies here - is_numeric_string is used for that). There is no need to limit this on JSON number definitions because encoding is done on PHP value.
 [2015-10-13 12:36 UTC] maxime dot morin at solumation dot ca 
Shouldn't it be called PHP_NUMERIC_CHECK then?
 [2015-10-21 18:00 UTC] bukka@php.net 
No the JSON prefix is there because it's a part of the json extension which is a convention. Basically it's called NUMERIC_STRING with JSON_ prefix saying that it's a json constant.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 16:01:28 2024 UTC