php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #70680 JSON_NUMERIC_CHECK does not respect the definition of numbers in RFC4627/7159
Submitted: 2015-10-09 14:48 UTC Modified: 2015-10-21 18:00 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: maxime dot morin at solumation dot ca Assigned: bukka (profile)
Status: Not a bug Package: JSON related
PHP Version: 5.4.45 OS: Debian
Private report: No CVE-ID: None
 [2015-10-09 14:48 UTC] maxime dot morin at solumation dot ca
Description:
------------
According to the JSON specification, a number cannot start with a 0 nor with a +.

See section 6:
"Leading zeros are not allowed."
"number = [ minus ] int [ frac ] [ exp ]"
http://www.faqs.org/rfcs/rfc7159.html

Therefore, any string starting with a 0 or a + should fail the JSON_NUMERIC_CHECK and not be cast to an int.

Test script:
---------------
print_r(json_encode(array("shouldBeString0123456" => "0123456", "shouldBeString+0123456" => "+0123456", "isInt" => "123456"), JSON_NUMERIC_CHECK));

Expected result:
----------------
{
    "shouldBeString0123456":"0123456",
    "shouldBeString+0123456":"+0123456",
    "isInt":123456
}

Actual result:
--------------
{
    "shouldBeString0123456":123456,    // Bad
    "shouldBeString+0123456":123456,   // Bad
    "isInt":123456                     // Good
}

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-10-11 18:48 UTC] bukka@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: bukka
 [2015-10-11 18:48 UTC] bukka@php.net
JSON_NUMERIC_CHECK is not about checking JSON number definition but checking whether we can convert PHP string to number (PHP number definition rules applies here - is_numeric_string is used for that). There is no need to limit this on JSON number definitions because encoding is done on PHP value.
 [2015-10-13 12:36 UTC] maxime dot morin at solumation dot ca
Shouldn't it be called PHP_NUMERIC_CHECK then?
 [2015-10-21 18:00 UTC] bukka@php.net
No the JSON prefix is there because it's a part of the json extension which is a convention. Basically it's called NUMERIC_STRING with JSON_ prefix saying that it's a json constant.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Dec 12 06:01:24 2019 UTC