diff options
| author | Chris Raynor <chris@firebase.com> | 2014-06-18 10:39:32 -0700 |
|---|---|---|
| committer | Chris Raynor <chris@firebase.com> | 2014-06-18 10:39:32 -0700 |
| commit | 2f570864b60233334039de052bf4baff459e0dee (patch) | |
| tree | 8a48668d6aa4dc9687d236881b53a8f07c664e4b | |
| parent | 5c2eb12a2cd988afb2ea376d4398c80a93767e3d (diff) | |
| parent | f4013f88e28b31d852e05fe706fad4d8178d3e75 (diff) | |
| download | php-jwt-2f570864b60233334039de052bf4baff459e0dee.zip php-jwt-2f570864b60233334039de052bf4baff459e0dee.tar.gz php-jwt-2f570864b60233334039de052bf4baff459e0dee.tar.bz2 | |
Merge pull request #6 from 4026/master
Preventing large ints being converted to floats when decoding.
| -rw-r--r-- | Authentication/JWT.php | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/Authentication/JWT.php b/Authentication/JWT.php index aabc65b..cd72a74 100644 --- a/Authentication/JWT.php +++ b/Authentication/JWT.php @@ -130,7 +130,20 @@ class JWT */ public static function jsonDecode($input) { - $obj = json_decode($input); + if (version_compare(PHP_VERSION, '5.4.0', '>=')) { + /* In PHP >=5.4.0, json_decode() accepts an options parameter, that allows you to specify that large ints (like Steam + * Transaction IDs) should be treated as strings, rather than the PHP default behaviour of converting them to floats. + */ + $obj = json_decode($input, false, 512, JSON_BIGINT_AS_STRING); + } else { + /* Not all servers will support that, however, so for older versions we must manually detect large ints in the JSON + * string and quote them (thus converting them to strings) before decoding, hence the preg_replace() call. + */ + $max_int_length = strlen((string) PHP_INT_MAX) - 1; + $json_without_bigints = preg_replace('/:\s*(\d{'.$max_int_length.',})/', ': "$1"', $input); + $obj = json_decode($json_without_bigints); + } + if (function_exists('json_last_error') && $errno = json_last_error()) { JWT::_handleJsonError($errno); } else if ($obj === null && $input !== 'null') { |