php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77663 incorrect counter of Json_decode depth
Submitted: 2019-02-24 16:44 UTC Modified: 2020-08-11 14:36 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: amir dot hossein7464 at gmail dot com Assigned: cmb (profile)
Status: Not a bug Package: json (PECL)
PHP Version: 7.1.26 OS: Gnu Linux
Private report: No CVE-ID: None
 [2019-02-24 16:44 UTC] amir dot hossein7464 at gmail dot com
Description:
------------
---
From manual page: https://php.net/function.json-decode
---
In the test script we have a array with depth:3 but when set depth to 3 in json_decode this drop a error and do not decode the json...
I think its a problem

Test script:
---------------
<?php
// Encode the data.
$json = json_encode(
    array(
        1 => array(
            'English' => array(
                'One',
                'January'
            ),
            'French' => array(
                'Une',
                'Janvier'
            )
        )
    )
);

// Define the errors.
$constants = get_defined_constants(true);
$json_errors = array();
foreach ($constants["json"] as $name => $value) {
    if (!strncmp($name, "JSON_ERROR_", 11)) {
        $json_errors[$value] = $name;
    }
}

// Show the errors for different depths.
foreach (range(1, 4) as $depth) {
    json_decode($json, true, $depth);
    echo "Last error: $depth ", $json_errors[json_last_error()], PHP_EOL;
}
?>



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2019-02-26 10:02 UTC] a at b dot c dot de
The top level also counts towards the "depth". Consider testing with $json=json_encode(42) and $json=json_encode(array()).
 [2019-03-07 00:10 UTC] amir dot hossein7464 at gmail dot com
I think its a problem because non array can not and should not pass as parameter for encode and just array should be allow.
If apply this logic the top level array should not be counted
 [2020-01-19 10:14 UTC] a at b dot c dot de
That constraint was dropped years ago.

https://www.rfc-editor.org/info/rfc8259

§2
"  A JSON text is a serialized value.  Note that certain previous
   specifications of JSON constrained a JSON text to be an object or an
   array."

§3
"   A JSON value MUST be an object, array, number, or string, or one of
   the following three literal names:

      false
      null
      true
"
 [2020-08-11 14:36 UTC] cmb@php.net
-Status: Open +Status: Not a bug -Assigned To: +Assigned To: cmb
 [2020-08-11 14:36 UTC] cmb@php.net
Indeed, that behaves as expected (and documented).
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Wed Oct 28 12:01:23 2020 UTC