more generalized javascript_renderData

- handles json/jsonp transparently (avoiding code duplication in templates) - use php's internal json_encode functions (with JSON_UNESCAPED_UNICODE for backward compatibility) - be more liberal with what is allowed as a callback identifier - return a 400 for illegal callbacks - return application/javascript type when jsonp is requested fixes #16, fixes #17
2026-02-26 11:08:13 +00:00 · 2012-07-01 13:19:59 +02:00
parent 8ff0aabaf3
commit 1cb55c6e31
5 changed files with 22 additions and 85 deletions
--- a/lib/lib.php
+++ b/lib/lib.php
@@ -592,45 +592,25 @@
 	}
        function javascript_isarray($xVal)
        {
                if (!is_array($xVal)) return false;
                for($i = 0; $i < sizeof($xVal); $i++)
                {
                        if (!array_key_exists($i, $xVal)) return false;
                }
                return true;
        }
-        function javascript_renderData($xVal, $bForceHash = false)
+    function javascript_renderData($xVal)
-        {
+    {
-                if (is_array($xVal))
+        header("Access-Control-Allow-Origin: *");
-                {
+
-                        $aVals = array();
+        $jsonout = json_encode($xVal, JSON_UNESCAPED_UNICODE);
-                        if (javascript_isarray($xVal) && !$bForceHash)
+
-                        {
+		if( ! isset($_GET['json_callback'])) {
-                                foreach($xVal as $sKey => $xData)
+			header("Content-Type: application/json; charset=UTF-8");
-                                {
+			echo $jsonout;
-                                        $aVals[] = javascript_renderData($xData);
+		} else {
-                                }
+			if (preg_match('/^[$_\p{L}][$_\p{L}\p{Nd}.[\]]*$/u',$_GET['json_callback'])) {
-                                return '['.join(',',$aVals).']';
+				header("Content-Type: application/javascript; charset=UTF-8");
-                        }
+				echo $_GET['json_callback'].'('.$jsonout.')';
-                        else
+			} else {
-                        {
+				header('HTTP/1.0 400 Bad Request');
-                                foreach($xVal as $sKey => $xData)
+			}
-                                {
+		}
-                                        $aVals[] = '"'.addslashes($sKey).'"'.':'.javascript_renderData($xData);
+    }
                                }
                                return '{'.join(',',$aVals).'}';
                        }
                }
                else
                {
                        if (is_bool($xVal)) return $xVal?'true':'false';
 //			if (is_numeric($xVal)) return $xVal;
                        return '"'.str_replace('>','\\>',str_replace(array("\n","\r"),'\\n',str_replace(array("\n\r","\r\n"),'\\n',str_replace('"','\\"',$xVal)))).'"';
                }
        }
 	function _debugDumpGroupedSearches($aData, $aTokens)
 	{
--- a/lib/template/address-json.php
+++ b/lib/template/address-json.php
@@ -1,7 +1,4 @@
 <?php
 	header ("Content-Type: application/json; charset=UTF-8");
 	header("Access-Control-Allow-Origin: *");
 	$aFilteredPlaces = array();
 	if (!sizeof($aPlace))
@@ -27,13 +24,5 @@
 		if ($bShowAddressDetails) $aFilteredPlaces['address'] = $aAddress;
 	}
-	if (isset($_GET['json_callback']) && preg_match('/^[-A-Za-z0-9:_.]+$/',$_GET['json_callback']))
+	javascript_renderData($aFilteredPlaces);
 	{
 		echo $_GET['json_callback'].'('.javascript_renderData($aFilteredPlaces).')';
 	}
 	else
 	{
 		echo javascript_renderData($aFilteredPlaces);
 	}
--- a/lib/template/address-jsonv2.php
+++ b/lib/template/address-jsonv2.php
@@ -1,7 +1,4 @@
 <?php
 	header ("Content-Type: application/json; charset=UTF-8");
 	header("Access-Control-Allow-Origin: *");
 	$aFilteredPlaces = array();
 	if (!sizeof($aPlace))
@@ -32,13 +29,4 @@
 		if ($bShowAddressDetails && $aAddress && sizeof($aAddress)) $aFilteredPlaces['address'] = $aAddress;
 	}
-	if (isset($_GET['json_callback']) && preg_match('/^[-A-Za-z0-9:_]+$/',$_GET['json_callback']))
+	javascript_renderData($aFilteredPlaces);
 	{
 		echo $_GET['json_callback'].'('.javascript_renderData($aFilteredPlaces).')';
 	}
 	else
 	{
 		echo javascript_renderData($aFilteredPlaces);
 	}
--- a/lib/template/search-json.php
+++ b/lib/template/search-json.php
@@ -1,7 +1,4 @@
 <?php
 	header("Content-Type: application/json; charset=UTF-8");
 	header("Access-Control-Allow-Origin: *");
 	$aFilteredPlaces = array();
 	foreach($aSearchResults as $iResNum => $aPointDetails)
 	{
@@ -55,11 +52,4 @@
 		$aFilteredPlaces[] = $aPlace;
 	}
-	if (isset($_GET['json_callback']) && preg_match('/^[-A-Za-z0-9:_.]+$/',$_GET['json_callback']))
+	javascript_renderData($aFilteredPlaces);
 	{
 		echo $_GET['json_callback'].'('.javascript_renderData($aFilteredPlaces).')';
 	}
 	else
 	{
 		echo javascript_renderData($aFilteredPlaces);
 	}
--- a/lib/template/search-jsonv2.php
+++ b/lib/template/search-jsonv2.php
@@ -1,7 +1,4 @@
 <?php
 	header("Content-Type: application/json; charset=UTF-8");
 	header("Access-Control-Allow-Origin: *");
 	$aFilteredPlaces = array();
 	foreach($aSearchResults as $iResNum => $aPointDetails)
 	{
@@ -55,11 +52,4 @@
 		$aFilteredPlaces[] = $aPlace;
 	}
-	if (isset($_GET['json_callback']) && preg_match('/^[-A-Za-z0-9:_.]+$/',$_GET['json_callback']))
+	javascript_renderData($aFilteredPlaces);
 	{
 		echo $_GET['json_callback'].'('.javascript_renderData($aFilteredPlaces).')';
 	}
 	else
 	{
 		echo javascript_renderData($aFilteredPlaces);
 	}