Do not use regular expression to check JSON in Mibew API.

It leads to problems with big packages because of limitation on
max backtrack count (see pcre.backtrack_limit for details).
This commit is contained in:
Dmitriy Simushev 2013-06-25 10:26:17 +00:00
parent 13c577d2ae
commit dae493b1a8

View File

@ -239,30 +239,22 @@ Class MibewAPI {
* @throws MibewAPIException * @throws MibewAPIException
*/ */
public function decodePackage($package, $trusted_signatures) { public function decodePackage($package, $trusted_signatures) {
// Try to decode package
$decoded_package = urldecode($package); $decoded_package = urldecode($package);
// JSON regular expression $decoded_package = json_decode($decoded_package, true);
$pcre_regex = '/
(?(DEFINE) // Check package
(?<number> -? (?= [1-9]|0(?!\d) ) \d+ (\.\d+)? ([eE] [+-]? \d+)? ) $json_error_code = json_last_error();
(?<boolean> true | false | null ) if ($json_error_code != JSON_ERROR_NONE) {
(?<string> " ([^"\\\\]* | \\\\ ["\\\\bfnrt\/] | \\\\ u [0-9a-f]{4} )* " )
(?<array> \[ (?: (?&json) (?: , (?&json) )* )? \s* \] )
(?<pair> \s* (?&string) \s* : (?&json) )
(?<object> \{ (?: (?&pair) (?: , (?&pair) )* )? \s* \} )
(?<json> \s* (?: (?&number) | (?&boolean) | (?&string) | (?&array) | (?&object) ) \s* )
)
\A (?&json) \Z
/six';
// Check JSON
if (!preg_match($pcre_regex, $decoded_package)) {
// Not valid JSON // Not valid JSON
throw new MibewAPIException( throw new MibewAPIException(
"Package have not valid json structure", "Package have invalid json structure. " .
"JSON error code is '" . $json_error_code . "'",
MibewAPIException::NOT_VALID_JSON MibewAPIException::NOT_VALID_JSON
); );
} }
$decoded_package = json_decode($decoded_package, true);
$this->checkPackage($decoded_package, $trusted_signatures); $this->checkPackage($decoded_package, $trusted_signatures);
return $decoded_package; return $decoded_package;
} }