From dae493b1a8e85a6ece7d22c410c22c5ab2df35c9 Mon Sep 17 00:00:00 2001 From: Dmitriy Simushev Date: Tue, 25 Jun 2013 10:26:17 +0000 Subject: [PATCH] Do not use regular expression to check JSON in Mibew API. It leads to problems with big packages because of limitation on max backtrack count (see pcre.backtrack_limit for details). --- .../webim/libs/classes/mibew_api.php | 26 +++++++------------ 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/src/messenger/webim/libs/classes/mibew_api.php b/src/messenger/webim/libs/classes/mibew_api.php index 70da3de8..c2ce6283 100644 --- a/src/messenger/webim/libs/classes/mibew_api.php +++ b/src/messenger/webim/libs/classes/mibew_api.php @@ -239,30 +239,22 @@ Class MibewAPI { * @throws MibewAPIException */ public function decodePackage($package, $trusted_signatures) { + // Try to decode package $decoded_package = urldecode($package); - // JSON regular expression - $pcre_regex = '/ - (?(DEFINE) - (? -? (?= [1-9]|0(?!\d) ) \d+ (\.\d+)? ([eE] [+-]? \d+)? ) - (? true | false | null ) - (? " ([^"\\\\]* | \\\\ ["\\\\bfnrt\/] | \\\\ u [0-9a-f]{4} )* " ) - (? \[ (?: (?&json) (?: , (?&json) )* )? \s* \] ) - (? \s* (?&string) \s* : (?&json) ) - (? \{ (?: (?&pair) (?: , (?&pair) )* )? \s* \} ) - (? \s* (?: (?&number) | (?&boolean) | (?&string) | (?&array) | (?&object) ) \s* ) - ) - \A (?&json) \Z - /six'; - // Check JSON - if (!preg_match($pcre_regex, $decoded_package)) { + $decoded_package = json_decode($decoded_package, true); + + // Check package + $json_error_code = json_last_error(); + if ($json_error_code != JSON_ERROR_NONE) { // Not valid JSON throw new MibewAPIException( - "Package have not valid json structure", + "Package have invalid json structure. " . + "JSON error code is '" . $json_error_code . "'", MibewAPIException::NOT_VALID_JSON ); } - $decoded_package = json_decode($decoded_package, true); $this->checkPackage($decoded_package, $trusted_signatures); + return $decoded_package; }