79f80cc495
This will help with improving human readability of JS and JSON objects encoded by both ResourceLoader and the API. This patch also adds new "utf8" parameter to the JSON formatter of the API. Changes to FormatJson class: * Added escaping of '<', '>', and '&' by default to protect against XSS. * Removed unnecessary escaping of '/' and added an additional option to unescape non-ASCII characters (those above U+007F) as well. * Added PHP 5.3 pretty printing code (to replace Services_JSON) that uses a four-space indent as PHP 5.4 does. Changes to Xml class: * Defined Xml::encodeJsVar() in terms of FormatJson::encode() and added a pretty printing option. Also added a pretty printing option to Xml::encodeJsCall() as well. * Deprecated Xml::escapeJsString() and QuickTemplate::jstext(); callers have to add quotes themselves, hence the escaping of both double quotes and apostrophes. Bug: 26818 Change-Id: I1987190f1ba5bf41738e7bd611209706c1f6bb5c
95 lines
2.6 KiB
PHP
95 lines
2.6 KiB
PHP
<?php
|
|
/**
|
|
*
|
|
*
|
|
* Created on Sep 19, 2006
|
|
*
|
|
* Copyright © 2006 Yuri Astrakhan "<Firstname><Lastname>@gmail.com"
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License along
|
|
* with this program; if not, write to the Free Software Foundation, Inc.,
|
|
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
* http://www.gnu.org/copyleft/gpl.html
|
|
*
|
|
* @file
|
|
*/
|
|
|
|
/**
|
|
* API JSON output formatter
|
|
* @ingroup API
|
|
*/
|
|
class ApiFormatJson extends ApiFormatBase {
|
|
|
|
private $mIsRaw;
|
|
|
|
public function __construct( $main, $format ) {
|
|
parent::__construct( $main, $format );
|
|
$this->mIsRaw = ( $format === 'rawfm' );
|
|
}
|
|
|
|
public function getMimeType() {
|
|
$params = $this->extractRequestParams();
|
|
// callback:
|
|
if ( $params['callback'] ) {
|
|
return 'text/javascript';
|
|
}
|
|
return 'application/json';
|
|
}
|
|
|
|
public function getNeedsRawData() {
|
|
return $this->mIsRaw;
|
|
}
|
|
|
|
public function getWantsHelp() {
|
|
// Help is always ugly in JSON
|
|
return false;
|
|
}
|
|
|
|
public function execute() {
|
|
$params = $this->extractRequestParams();
|
|
$json = FormatJson::encode(
|
|
$this->getResultData(),
|
|
$this->getIsHtml(),
|
|
$params['utf8'] ? FormatJson::ALL_OK : FormatJson::XMLMETA_OK
|
|
);
|
|
$callback = $params['callback'];
|
|
if ( $callback !== null ) {
|
|
$callback = preg_replace( "/[^][.\\'\\\"_A-Za-z0-9]/", '', $callback );
|
|
$this->printText( "$callback($json)" );
|
|
} else {
|
|
$this->printText( $json );
|
|
}
|
|
}
|
|
|
|
public function getAllowedParams() {
|
|
return array(
|
|
'callback' => null,
|
|
'utf8' => false,
|
|
);
|
|
}
|
|
|
|
public function getParamDescription() {
|
|
return array(
|
|
'callback' => 'If specified, wraps the output into a given function call. For safety, all user-specific data will be restricted.',
|
|
'utf8' => 'If specified, encodes most (but not all) non-ASCII characters as UTF-8 instead of replacing them with hexadecimal escape sequences.',
|
|
);
|
|
}
|
|
|
|
public function getDescription() {
|
|
if ( $this->mIsRaw ) {
|
|
return 'Output data with the debugging elements in JSON format' . parent::getDescription();
|
|
} else {
|
|
return 'Output data in JSON format' . parent::getDescription();
|
|
}
|
|
}
|
|
}
|