diff options
| author | 4026 <name4026+github@gmail.com> | 2014-06-17 18:06:09 +0100 |
|---|---|---|
| committer | 4026 <name4026+github@gmail.com> | 2014-06-17 18:06:09 +0100 |
| commit | 565b2c617f77de854426207889d55f0d33ea5c8c (patch) | |
| tree | 05065e21107c29c6abb895de938f6097340151e5 | |
| parent | 53669d621149e49c2a428722a62acfef3342c260 (diff) | |
| download | php-jwt-565b2c617f77de854426207889d55f0d33ea5c8c.zip php-jwt-565b2c617f77de854426207889d55f0d33ea5c8c.tar.gz php-jwt-565b2c617f77de854426207889d55f0d33ea5c8c.tar.bz2 | |
Adding preprocessing of the JSON string when decoding to prevent large integers being converted to floats.
| -rw-r--r-- | Authentication/JWT.php | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/Authentication/JWT.php b/Authentication/JWT.php index 7a7b4a0..1382780 100644 --- a/Authentication/JWT.php +++ b/Authentication/JWT.php @@ -126,7 +126,20 @@ class JWT */ public static function jsonDecode($input) { - $obj = json_decode($input); + if (version_compare(PHP_VERSION, '5.4.0', '>=')) { + /* In PHP >=5.4.0, json_decode() accepts an options parameter, that allows you to specify that large ints (like Steam + * Transaction IDs) should be treated as strings, rather than the PHP default behaviour of converting them to floats. + */ + $obj = json_decode($input, false, 512, JSON_BIGINT_AS_STRING); + } else { + /* Not all servers will support that, however, so for older versions we must manually detect large ints in the JSON + * string and quote them (thus converting them to strings) before decoding, hence the preg_replace() call. + */ + $max_int_length = strlen((string) PHP_INT_MAX) - 1; + $json_without_bigints = preg_replace('/:\s*(\d{'.$max_int_length.',})/', ': "$1"', $input); + $obj = json_decode($json_without_bigints, true); + } + if (function_exists('json_last_error') && $errno = json_last_error()) { JWT::_handleJsonError($errno); } else if ($obj === null && $input !== 'null') { |