[wp-trac] [WordPress Trac] #59234: Introduce a `wp_json_decode()` function, including validation when available
WordPress Trac
noreply at wordpress.org
Fri Nov 24 10:15:29 UTC 2023
#59234: Introduce a `wp_json_decode()` function, including validation when
available
-------------------------------+---------------------
Reporter: jrf | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: 6.5
Component: General | Version: 6.4
Severity: normal | Resolution:
Keywords: php83 needs-patch | Focuses:
-------------------------------+---------------------
Comment (by TobiasBg):
Just saw: The [https://www.php.net/manual/en/function.json-validate.php
PHP docs] for `json_validate()` discourage its use when `json_encode()` is
used afterwards.
Caution
Calling json_validate() immediately before json_decode() will
unnecessarily parse the string twice, as json_decode() implicitly performs
validation during decoding.
json_validate() should therefore only be used if the decode JSON payload
is not immediately used and knowing whether the string contains valid JSON
is needed.
So, adding this before every `json_encode()` (via a wrapper function) is
probably not needed, but could instead be done selectively in places where
a JSON string is forwarded in unmodified form, or where that DOS attach
vector exists (with user-supplied data, for example).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/59234#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list