bug in jsonRpcServlet.php: incorrect get_magic_quotes_gpc+stripslashes
implementation
-------------------------------------------------------------------------------------
Key: SHINDIG-694
URL: https://issues.apache.org/jira/browse/SHINDIG-694
Project: Shindig
Issue Type: Bug
Reporter: Denis
php/src/social/servlet/JsonRpcServlet.php:
52 $requestParam =
isset($GLOBALS['HTTP_RAW_POST_DATA']) ? $GLOBALS['HTTP_RAW_POST_DATA'] :
$_POST['request'];
53 if (get_magic_quotes_gpc()) {
54 $requestParam = stripslashes($requestParam);
55 }
In case, when is set $GLOBALS['HTTP_RAW_POST_DATA'], you don't need to call
stripslashes, because magicquotes isn't implemented to
$GLOBALS['HTTP_RAW_POST_DATA']. stripslashes can corrupt JSON-string. I.e.
'{data:"some \"string\"."}' becomes '{data:"some "string""}' and json_decode
fails on it.
Solution:
$requestParam = isset($GLOBALS['HTTP_RAW_POST_DATA']) ?
$GLOBALS['HTTP_RAW_POST_DATA'] : (get_magic_quotes_gpc() ?
stripslashes($_POST['request']) : $_POST['request']);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
