Page MenuHomePhorge
Files F2680765

D25807.1734621901.diff
No OneTemporary
Actions

D25807.1734621901.diff
View Options

diff --git a/src/parser/PhutilJSON.php b/src/parser/PhutilJSON.php
--- a/src/parser/PhutilJSON.php
+++ b/src/parser/PhutilJSON.php
@@ -131,7 +131,8 @@
return $this->encodeFormattedObject($value, $depth);
} else {
if (defined('JSON_UNESCAPED_SLASHES')) {
- // If we have a new enough version of PHP, disable escaping of slashes
+ // If we have PHP >= 5.4.0 && the JSON extension is installed (as of
+ // PHP 8.0.0, it is a core PHP extension), disable escaping of slashes
// when pretty-printing values. Escaping slashes can defuse an attack
// where the attacker embeds "</script>" inside a JSON string, but that
// isn't relevant when rendering JSON for human viewers.

File Metadata

Mime Type
text/plain
Expires
Thu, Dec 19, 15:25 (2 h, 9 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1015121
Default Alt Text
D25807.1734621901.diff (738 B)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0