1
0
Fork 0
mirror of https://we.phorge.it/source/arcanist.git synced 2024-11-21 22:32:41 +01:00

Clarify comment in PhutilJSON about required PHP version

Summary:
Future developers may want to clean up some code after bumping required versions, so explicitly state that `JSON_UNESCAPED_SLASHES` was introduced in PHP 5.4.0 and that the PHP JSON extension is a core PHP extension since PHP 8.0.0 and cannot be disabled anymore, to save time looking up stuff.

https://www.php.net/ChangeLog-5.php#5.4.0
https://www.php.net/manual/en/json.installation.php

Test Plan: Read the docs.

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Differential Revision: https://we.phorge.it/D25807
This commit is contained in:
Andre Klapper 2024-08-26 12:28:58 +02:00
parent 04e3e250f7
commit 9f66bff5f6

View file

@ -131,7 +131,8 @@ final class PhutilJSON extends Phobject {
return $this->encodeFormattedObject($value, $depth);
} else {
if (defined('JSON_UNESCAPED_SLASHES')) {
// If we have a new enough version of PHP, disable escaping of slashes
// If we have PHP >= 5.4.0 && the JSON extension is installed (as of
// PHP 8.0.0, it is a core PHP extension), disable escaping of slashes
// when pretty-printing values. Escaping slashes can defuse an attack
// where the attacker embeds "</script>" inside a JSON string, but that
// isn't relevant when rendering JSON for human viewers.