From 906c1668a4388a456a33f0b3e21df60534366168 Mon Sep 17 00:00:00 2001 From: "Alexander A. Klimov" Date: Wed, 20 Jun 2018 18:03:21 +0200 Subject: [PATCH] Split Json::encode() into Json::encode() and Json::sanitize() refs #2635 --- library/Icinga/Util/Json.php | 32 ++++++++++++++++++- library/Icinga/Web/Response/JsonResponse.php | 4 ++- .../application/clicommands/ListCommand.php | 2 +- .../library/Monitoring/Controller.php | 2 +- 4 files changed, 36 insertions(+), 4 deletions(-) diff --git a/library/Icinga/Util/Json.php b/library/Icinga/Util/Json.php index fd84ff35b..f5af2c410 100644 --- a/library/Icinga/Util/Json.php +++ b/library/Icinga/Util/Json.php @@ -17,12 +17,42 @@ class Json * @param mixed $value * @param int $options * @param int $depth + * + * @return string + * @throws JsonEncodeException + */ + public static function encode($value, $options = 0, $depth = 512) + { + return static::encodeAndSanitize($value, $options, $depth, false); + } + + /** + * {@link json_encode()} wrapper, automatically sanitizes bad UTF-8 + * + * @param mixed $value + * @param int $options + * @param int $depth + * + * @return string + * @throws JsonEncodeException + */ + public static function sanitize($value, $options = 0, $depth = 512) + { + return static::encodeAndSanitize($value, $options, $depth, true); + } + + /** + * {@link json_encode()} wrapper, sanitizes bad UTF-8 + * + * @param mixed $value + * @param int $options + * @param int $depth * @param bool $autoSanitize Automatically sanitize invalid UTF-8 (if any) * * @return string * @throws JsonEncodeException */ - public static function encode($value, $options = 0, $depth = 512, $autoSanitize = false) + protected static function encodeAndSanitize($value, $options, $depth, $autoSanitize) { if (version_compare(phpversion(), '5.5.0', '<')) { $encoded = json_encode($value, $options); diff --git a/library/Icinga/Web/Response/JsonResponse.php b/library/Icinga/Web/Response/JsonResponse.php index f0728c28b..f914f2c1b 100644 --- a/library/Icinga/Web/Response/JsonResponse.php +++ b/library/Icinga/Web/Response/JsonResponse.php @@ -222,7 +222,9 @@ class JsonResponse extends Response $body['data'] = $this->getSuccessData(); break; } - echo Json::encode($body, $this->getEncodingOptions(), 512, $this->autoSanitize); + echo $this->getAutoSanitize() + ? Json::sanitize($body, $this->getEncodingOptions()) + : Json::encode($body, $this->getEncodingOptions()); } /** diff --git a/modules/monitoring/application/clicommands/ListCommand.php b/modules/monitoring/application/clicommands/ListCommand.php index ec34af25e..de0df668a 100644 --- a/modules/monitoring/application/clicommands/ListCommand.php +++ b/modules/monitoring/application/clicommands/ListCommand.php @@ -79,7 +79,7 @@ class ListCommand extends Command $query = $query->getQuery(); switch ($format) { case 'json': - echo Json::encode($query->fetchAll(), 0, 512, true); + echo Json::sanitize($query->fetchAll()); break; case 'csv': Csv::fromQuery($query)->dump(); diff --git a/modules/monitoring/library/Monitoring/Controller.php b/modules/monitoring/library/Monitoring/Controller.php index 05c623504..faeddc80d 100644 --- a/modules/monitoring/library/Monitoring/Controller.php +++ b/modules/monitoring/library/Monitoring/Controller.php @@ -60,7 +60,7 @@ class Controller extends IcingaWebController 'Content-Disposition', 'inline; filename=' . $this->getRequest()->getActionName() . '.json' ) - ->appendBody(Json::encode($query->fetchAll()), 0, 512, true) + ->appendBody(Json::sanitize($query->fetchAll())) ->sendResponse(); exit; case 'csv':