diff --git a/src/Symfony/Component/JsonPath/JsonPathUtils.php b/src/Symfony/Component/JsonPath/JsonPathUtils.php
index 30bf446b6a9d5..947c108584876 100644
--- a/src/Symfony/Component/JsonPath/JsonPathUtils.php
+++ b/src/Symfony/Component/JsonPath/JsonPathUtils.php
@@ -12,6 +12,7 @@
namespace Symfony\Component\JsonPath;
use Symfony\Component\JsonPath\Exception\InvalidArgumentException;
+use Symfony\Component\JsonPath\Exception\JsonCrawlerException;
use Symfony\Component\JsonPath\Tokenizer\JsonPathToken;
use Symfony\Component\JsonPath\Tokenizer\TokenType;
use Symfony\Component\JsonStreamer\Read\Splitter;
@@ -86,6 +87,9 @@ public static function findSmallestDeserializableStringAndPath(array $tokens, mi
];
}
+ /**
+ * @throws JsonCrawlerException When an invalid Unicode escape sequence occurs
+ */
public static function unescapeString(string $str, string $quoteChar): string
{
if ('"' === $quoteChar) {
@@ -104,17 +108,16 @@ public static function unescapeString(string $str, string $quoteChar): string
while (null !== $char = $str[++$i] ?? null) {
if ('\\' === $char && isset($str[$i + 1])) {
$result .= match ($str[$i + 1]) {
- '"' => '"',
- "'" => "'",
'\\' => '\\',
'/' => '/',
- 'b' => "\b",
+ 'b' => "\x08",
'f' => "\f",
'n' => "\n",
'r' => "\r",
't' => "\t",
'u' => self::unescapeUnicodeSequence($str, $i),
- default => $char.$str[$i + 1], // keep the backslash
+ $quoteChar => $quoteChar,
+ default => throw new JsonCrawlerException('', \sprintf('Invalid escape sequence "\\%s" in %s-quoted string', $str[$i + 1], "'" === $quoteChar ? 'single' : 'double')),
};
++$i;
@@ -128,16 +131,11 @@ public static function unescapeString(string $str, string $quoteChar): string
private static function unescapeUnicodeSequence(string $str, int &$i): string
{
- if (!isset($str[$i + 5])) {
- // not enough characters for Unicode escape, treat as literal
- return $str[$i];
+ if (!isset($str[$i + 5]) || !ctype_xdigit(substr($str, $i + 2, 4))) {
+ throw new JsonCrawlerException('', 'Invalid unicode escape sequence');
}
$hex = substr($str, $i + 2, 4);
- if (!ctype_xdigit($hex)) {
- // invalid hex, treat as literal
- return $str[$i];
- }
$codepoint = hexdec($hex);
// looks like a valid Unicode codepoint, string length is sufficient and it starts with \u
diff --git a/src/Symfony/Component/JsonPath/Tests/JsonCrawlerTest.php b/src/Symfony/Component/JsonPath/Tests/JsonCrawlerTest.php
index 1d1eb4be3b431..b1357d7f31ee6 100644
--- a/src/Symfony/Component/JsonPath/Tests/JsonCrawlerTest.php
+++ b/src/Symfony/Component/JsonPath/Tests/JsonCrawlerTest.php
@@ -86,7 +86,7 @@ public function testEscapedDoubleQuotesInFieldName()
{"a": {"b\\"c": 42}}
JSON);
- $result = $crawler->find("$['a']['b\\\"c']");
+ $result = $crawler->find('$["a"]["b\"c"]');
$this->assertSame(42, $result[0]);
}
@@ -641,10 +641,6 @@ public static function provideSingleQuotedStringProvider(): array
"$['\\u65e5\\u672c']",
['Japan'],
],
- [
- "$['quote\"here']",
- ['with quote'],
- ],
[
"$['M\\u00fcller']",
[],
@@ -658,7 +654,7 @@ public static function provideSingleQuotedStringProvider(): array
['with tab'],
],
[
- "$['quote\\\"here']",
+ "$['quote\"here']",
['with quote'],
],
[
@@ -725,29 +721,6 @@ public static function provideFilterWithUnicodeProvider(): array
];
}
- /**
- * @dataProvider provideInvalidUnicodeSequenceProvider
- */
- public function testInvalidUnicodeSequencesAreProcessedAsLiterals(string $jsonPath)
- {
- $this->assertIsArray(self::getUnicodeDocumentCrawler()->find($jsonPath), 'invalid unicode sequence should be treated as literal and not throw');
- }
-
- public static function provideInvalidUnicodeSequenceProvider(): array
- {
- return [
- [
- '$["test\uZZZZ"]',
- ],
- [
- '$["test\u123"]',
- ],
- [
- '$["test\u"]',
- ],
- ];
- }
-
/**
* @dataProvider provideComplexUnicodePath
*/
diff --git a/src/Symfony/Component/JsonPath/Tests/JsonPathComplianceTestSuiteTest.php b/src/Symfony/Component/JsonPath/Tests/JsonPathComplianceTestSuiteTest.php
index b39b68abcd463..f8b29a3ff44e2 100644
--- a/src/Symfony/Component/JsonPath/Tests/JsonPathComplianceTestSuiteTest.php
+++ b/src/Symfony/Component/JsonPath/Tests/JsonPathComplianceTestSuiteTest.php
@@ -148,30 +148,6 @@ final class JsonPathComplianceTestSuiteTest extends TestCase
'index selector, leading 0',
'index selector, -0',
'index selector, leading -0',
- 'name selector, double quotes, escaped line feed',
- 'name selector, double quotes, invalid escaped single quote',
- 'name selector, double quotes, question mark escape',
- 'name selector, double quotes, bell escape',
- 'name selector, double quotes, vertical tab escape',
- 'name selector, double quotes, 0 escape',
- 'name selector, double quotes, x escape',
- 'name selector, double quotes, n escape',
- 'name selector, double quotes, unicode escape no hex',
- 'name selector, double quotes, unicode escape too few hex',
- 'name selector, double quotes, unicode escape upper u',
- 'name selector, double quotes, unicode escape upper u long',
- 'name selector, double quotes, unicode escape plus',
- 'name selector, double quotes, unicode escape brackets',
- 'name selector, double quotes, unicode escape brackets long',
- 'name selector, double quotes, single high surrogate',
- 'name selector, double quotes, single low surrogate',
- 'name selector, double quotes, high high surrogate',
- 'name selector, double quotes, low low surrogate',
- 'name selector, double quotes, supplementary surrogate',
- 'name selector, double quotes, surrogate incomplete low',
- 'name selector, single quotes, escaped backspace',
- 'name selector, single quotes, escaped line feed',
- 'name selector, single quotes, invalid escaped double quote',
'slice selector, excessively large from value with negative step',
'slice selector, step, min exact - 1',
'slice selector, step, max exact + 1',
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy