Verified Commit 8170070b authored by Cyril Vazquez's avatar Cyril Vazquez
Browse files

Unsecpae chunklen + 1

parent 724134ee
Pipeline #7134 canceled with stages
...@@ -220,11 +220,13 @@ class JsonTokenizer ...@@ -220,11 +220,13 @@ class JsonTokenizer
fwrite($buffer, $this->unescape($tail)); fwrite($buffer, $this->unescape($tail));
fseek($this->stream, (-$length+$end+1), SEEK_CUR); fseek($this->stream, (-$length+$end+1), SEEK_CUR);
rewind($buffer); rewind($buffer);
$out = $this->unescapeStream($buffer, $this->threshold);
if ($size < $this->threshold) { if ($size < $this->threshold) {
return $this->unescape(stream_get_contents($buffer)); return stream_get_contents($out);
} }
return $buffer; return $out;
} }
fwrite($buffer, $this->unescape($chunk)); fwrite($buffer, $this->unescape($chunk));
...@@ -234,6 +236,8 @@ class JsonTokenizer ...@@ -234,6 +236,8 @@ class JsonTokenizer
return $buffer; return $buffer;
} }
/** /**
* @param $char * @param $char
* @return string * @return string
...@@ -300,13 +304,31 @@ class JsonTokenizer ...@@ -300,13 +304,31 @@ class JsonTokenizer
return end($this->context); return end($this->context);
} }
/**
* Unsescape a stream contents
*/
protected function unescapeStream($stream)
{
$out = fopen('php://temp', 'w+');
do {
// Add 1 to chunk length to prevent end of chunk escape chars
$chunk = fread($stream, $this->threshold+1);
fwrite($out, $this->unescape($chunk));
} while ($chunk);
rewind($out);
rewind($stream);
return $out;
}
/** /**
* Unescape string or chunk * Unescape string or chunk
*/ */
protected function unescape($string) protected function unescape($string)
{ {
$escaped = array('\\\\', '\\/', '\\"');//, "\\n", "\\r", "\\t", "\\f", "\\b"); $escaped = array('\\\\', '\\/', '\\"', "\\n", "\\r", "\\t", "\\f", "\\b");
$unescaped = array('\\', '/', '"');//, "\n", "\r", "\t", "\x08", "\x0c"); $unescaped = array('\\', '/', '"', "\n", "\r", "\t", "\x08", "\x0c");
$result = str_replace($escaped, $unescaped, $string); $result = str_replace($escaped, $unescaped, $string);
return $result; return $result;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment