From d9c7a051b410b6a0b82bf4dacdbb48dbafdf3876 Mon Sep 17 00:00:00 2001 From: Coleman Watts Date: Tue, 27 Aug 2019 08:51:32 -0400 Subject: [PATCH] Better error handling in CRM_Utils_JS::decode --- CRM/Utils/JS.php | 6 ++++-- tests/phpunit/CRM/Utils/JSTest.php | 5 +++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CRM/Utils/JS.php b/CRM/Utils/JS.php index 06331b5a2c..718afc4576 100644 --- a/CRM/Utils/JS.php +++ b/CRM/Utils/JS.php @@ -143,11 +143,13 @@ class CRM_Utils_JS { */ public static function decode($js) { $js = trim($js); - if ($js[0] === "'" || $js[0] === '"') { + $first = substr($js, 0, 1); + $last = substr($js, -1); + if ($last === $first && ($first === "'" || $first === '"')) { // Use a temp placeholder for escaped backslashes return str_replace(['\\\\', "\\'", '\\"', '\\&', '\\/', '**backslash**'], ['**backslash**', "'", '"', '&', '/', '\\'], substr($js, 1, -1)); } - if ($js[0] === '{' || $js[0] === '[') { + if (($first === '{' && $last === '}') || ($first === '[' && $last === ']')) { $obj = self::getRawProps($js); foreach ($obj as $idx => $item) { $obj[$idx] = self::decode($item); diff --git a/tests/phpunit/CRM/Utils/JSTest.php b/tests/phpunit/CRM/Utils/JSTest.php index 98a119fd74..8517f568b9 100644 --- a/tests/phpunit/CRM/Utils/JSTest.php +++ b/tests/phpunit/CRM/Utils/JSTest.php @@ -203,6 +203,7 @@ class CRM_Utils_JSTest extends CiviUnitTestCase { return [ ['{a: \'Apple\', \'b\': "Banana", c: [1, 2, 3]}', ['a' => 'Apple', 'b' => 'Banana', 'c' => [1, 2, 3]]], ['true', TRUE], + [' ', NULL], ['false', FALSE], ['null', NULL], ['"true"', 'true'], @@ -212,6 +213,10 @@ class CRM_Utils_JSTest extends CiviUnitTestCase { ["{ }", []], [" [ ]", []], [" [ 2 ]", [2]], + [ + '{a: "parse error no closing bracket"', + NULL, + ], [ '{a: ["foo", \'bar\'], "b": {a: [\'foo\', "bar"], b: {\'a\': ["foo", "bar"], b: {}}}}', ['a' => ['foo', 'bar'], 'b' => ['a' => ['foo', 'bar'], 'b' => ['a' => ['foo', 'bar'], 'b' => []]]], -- 2.25.1