Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:60924
Return-Path: <nikita.ppv@googlemail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 73349 invoked from network); 21 Jun 2012 14:25:54 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 21 Jun 2012 14:25:54 -0000
Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@googlemail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=nikita.ppv@googlemail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain googlemail.com designates 74.125.83.42 as permitted sender)
X-PHP-List-Original-Sender: nikita.ppv@googlemail.com
X-Host-Fingerprint: 74.125.83.42 mail-ee0-f42.google.com  
Received: from [74.125.83.42] ([74.125.83.42:43201] helo=mail-ee0-f42.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 37/85-42253-1FE23EF4 for <internals@lists.php.net>; Thu, 21 Jun 2012 10:25:54 -0400
Received: by eekb57 with SMTP id b57so259613eek.29
        for <internals@lists.php.net>; Thu, 21 Jun 2012 07:25:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type:content-transfer-encoding;
        bh=dpNs1/UonaGADo/x0gS6+NTZo58neWQzbAdXTEfu4lQ=;
        b=be1Sk9hd0+QMqZ5wZnydUQ44xqzbZQsF4cWiV39LNcPmjLA6gp8xXmoOU9Jqj14tUv
         OMYIPutmR046InSbTsa495OBEpOjGtVWOPamjUdxTj2G4TIcdZyxWYsxYsz7kcpgnYNz
         Z50j5iO0mW7FaiYqcVjCv5uz2QTBZQvLrpcNHBYGtoaP1LP5HBU+fx6rUrUnbSBe3liV
         u2pkEA5J7ymSc/LIBT6Wi0tK77/op7kA2dajlBX+Qgb6X/LOVMV2mvEoMAeY75gb2iIf
         eVULvYR3+YxJOt3uAhC0Dw+YayYFVpp0xN6Hhut+ke0YpUpaFFX9uvsupR2JJrHnkD6r
         8RXg==
MIME-Version: 1.0
Received: by 10.152.105.173 with SMTP id gn13mr26605282lab.20.1340288749965;
 Thu, 21 Jun 2012 07:25:49 -0700 (PDT)
Received: by 10.152.114.70 with HTTP; Thu, 21 Jun 2012 07:25:49 -0700 (PDT)
In-Reply-To: <20120621141241.GA25789@analysisandsolutions.com>
References: <CAF+90c-T9hPbuS3bUxnHw-+B+Y2VLu55wQJ8UrtzrcC7TiKyVw@mail.gmail.com>
	<20120621141241.GA25789@analysisandsolutions.com>
Date: Thu, 21 Jun 2012 16:25:49 +0200
Message-ID: <CAF+90c8=5C_C9wa0q-Tf0OB2vKBow2PH8Nqu5n2SUm=xU1gKgQ@mail.gmail.com>
To: Daniel Convissor <danielc@analysisandsolutions.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [PHP-DEV] json_encode() behavior for incorrectly encoded strings
From: nikita.ppv@googlemail.com (Nikita Popov)

On Thu, Jun 21, 2012 at 4:12 PM, Daniel Convissor
<danielc@analysisandsolutions.com> wrote:
> Hi Nikita:
>
>> PHP <=3D 5.3.13, PHP 5.4, master behave as follows when an invalid UTF-8
>> string is encountered:
>> =A0* A warning is thrown, but only if display_errors=3Doff
>
> So the warning is put into the error log? =A0But only if display_errors i=
s
> off? =A0And if display_errors is on, no warning is produced?
>
> That's very counter-intuitive and un-PHP-like. =A0Someone mentioned it's =
for
> security reasons. =A0By that logic, we should get rid of all error
> messages because they all reveal some information that can be used by
> attackers.

Yes, I agree with this, but other people thing differently about it ;)

Personally I'd actually remove the warning completely with the return
false behavior. The return value makes clear that there was an error
and json_last_error() can be used to determine what exactly went
wrong. The warning seems redundant in this case and could actually
make the use more complicated.

Nikita