From c3bce76f7dc15b7976e9af3a9e4d436e8b68203f Mon Sep 17 00:00:00 2001 From: Michael M Slusarz Date: Wed, 29 Jul 2009 13:25:25 -0600 Subject: [PATCH] Add Horde::escapeJson() --- framework/Core/lib/Horde.php | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/framework/Core/lib/Horde.php b/framework/Core/lib/Horde.php index 874ecc977..abf7b2a8d 100644 --- a/framework/Core/lib/Horde.php +++ b/framework/Core/lib/Horde.php @@ -493,9 +493,7 @@ HTML; * * Finally, add prototypejs security delimiters to returned * JSON. */ - $s_data = '/*-secure-' . - Horde_String::convertCharset(str_replace("\00", '', Horde_Serialize::serialize($data, Horde_Serialize::JSON, $charset)), 'UTF-8') . - '*/'; + $s_data = Horde_String::convertCharset(str_replace("\00", '', self::escapeJson($data, array('charset' => $charset))), $charset, 'UTF-8'); if ($ct == 'json') { header('Content-Type: application/json'); @@ -521,6 +519,29 @@ HTML; } /** + * Do necessary escaping to output JSON. + * + * @param mixed $data The data to JSON-ify. + * @param array $options Additional options: + * 
+     * 'charset' - (string) The charset of $data.
+     *             DEFAULT: Horde_Nls::getCharset()
+     * 'urlencode' - (boolean) URL encode the json string
+     *               DEFAULT: No
+     *
+ * + * @return string The escaped string. + */ + static public function escapeJson($data, $options = array()) + { + $json = Horde_Serialize::serialize($data, Horde_Serialize::JSON, empty($options['charset']) ? Horde_Nls::getCharset() : $options['charset']); + if (!empty($options['urlencode'])) { + $json = rawurlencode($json); + } + return '/*-secure-' . $json . '*/'; + } + + /** * Is the current HTTP connection considered secure? * @TODO Move this to the request classes! * -- 2.11.0