[
https://issues.apache.org/jira/browse/SHINDIG-694?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Paul Lindner updated SHINDIG-694:
---------------------------------
Component/s: RESTful API (PHP)
> bug in jsonRpcServlet.php: incorrect get_magic_quotes_gpc+stripslashes
> implementation
> -------------------------------------------------------------------------------------
>
> Key: SHINDIG-694
> URL: https://issues.apache.org/jira/browse/SHINDIG-694
> Project: Shindig
> Issue Type: Bug
> Components: RESTful API (PHP)
> Reporter: Denis
>
> php/src/social/servlet/JsonRpcServlet.php:
> 52 $requestParam =
> isset($GLOBALS['HTTP_RAW_POST_DATA']) ? $GLOBALS['HTTP_RAW_POST_DATA'] :
> $_POST['request'];
> 53 if (get_magic_quotes_gpc()) {
> 54 $requestParam =
> stripslashes($requestParam);
> 55 }
> In case, when is set $GLOBALS['HTTP_RAW_POST_DATA'], you don't need to call
> stripslashes, because magicquotes isn't implemented to
> $GLOBALS['HTTP_RAW_POST_DATA']. stripslashes can corrupt JSON-string. I.e.
> '{data:"some \"string\"."}' becomes '{data:"some "string""}' and json_decode
> fails on it.
> Solution:
> $requestParam = isset($GLOBALS['HTTP_RAW_POST_DATA']) ?
> $GLOBALS['HTTP_RAW_POST_DATA'] : (get_magic_quotes_gpc() ?
> stripslashes($_POST['request']) : $_POST['request']);
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
