2012-02-16 09:40:19 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This file is part of the Symfony package.
|
|
|
|
*
|
|
|
|
* (c) Fabien Potencier <fabien@symfony.com>
|
|
|
|
*
|
|
|
|
* For the full copyright and license information, please view the LICENSE
|
|
|
|
* file that was distributed with this source code.
|
|
|
|
*/
|
|
|
|
|
|
|
|
namespace Symfony\Component\HttpFoundation;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Response represents an HTTP response in JSON format.
|
|
|
|
*
|
2013-04-25 13:33:17 +01:00
|
|
|
* Note that this class does not force the returned JSON content to be an
|
|
|
|
* object. It is however recommended that you do return an object as it
|
|
|
|
* protects yourself against XSSI and JSON-JavaScript Hijacking.
|
|
|
|
*
|
|
|
|
* @see https://www.owasp.org/index.php/OWASP_AJAX_Security_Guidelines#Always_return_JSON_with_an_Object_on_the_outside
|
|
|
|
*
|
2012-02-16 09:40:19 +00:00
|
|
|
* @author Igor Wiedler <igor@wiedler.ch>
|
|
|
|
*/
|
|
|
|
class JsonResponse extends Response
|
|
|
|
{
|
2012-03-19 18:40:54 +00:00
|
|
|
protected $data;
|
|
|
|
protected $callback;
|
|
|
|
|
2012-02-16 09:40:19 +00:00
|
|
|
/**
|
|
|
|
* Constructor.
|
|
|
|
*
|
2012-05-15 21:19:31 +01:00
|
|
|
* @param mixed $data The response data
|
2014-04-12 18:54:57 +01:00
|
|
|
* @param int $status The response status code
|
2012-05-15 21:19:31 +01:00
|
|
|
* @param array $headers An array of response headers
|
2012-02-16 09:40:19 +00:00
|
|
|
*/
|
2013-01-09 10:27:45 +00:00
|
|
|
public function __construct($data = null, $status = 200, $headers = array())
|
2012-03-19 18:40:54 +00:00
|
|
|
{
|
|
|
|
parent::__construct('', $status, $headers);
|
|
|
|
|
2013-01-09 10:27:45 +00:00
|
|
|
if (null === $data) {
|
|
|
|
$data = new \ArrayObject();
|
|
|
|
}
|
2012-03-19 18:40:54 +00:00
|
|
|
$this->setData($data);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* {@inheritDoc}
|
|
|
|
*/
|
2013-01-09 10:27:45 +00:00
|
|
|
public static function create($data = null, $status = 200, $headers = array())
|
2012-03-19 18:40:54 +00:00
|
|
|
{
|
2012-03-21 21:40:19 +00:00
|
|
|
return new static($data, $status, $headers);
|
2012-03-19 18:40:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Sets the JSONP callback.
|
|
|
|
*
|
|
|
|
* @param string $callback
|
|
|
|
*
|
|
|
|
* @return JsonResponse
|
2012-12-16 12:02:54 +00:00
|
|
|
*
|
|
|
|
* @throws \InvalidArgumentException
|
2012-03-19 18:40:54 +00:00
|
|
|
*/
|
2012-03-20 09:10:35 +00:00
|
|
|
public function setCallback($callback = null)
|
2012-03-19 18:40:54 +00:00
|
|
|
{
|
2012-07-12 16:43:06 +01:00
|
|
|
if (null !== $callback) {
|
2012-03-20 10:05:22 +00:00
|
|
|
// taken from http://www.geekality.net/2011/08/03/valid-javascript-identifier/
|
|
|
|
$pattern = '/^[$_\p{L}][$_\p{L}\p{Mn}\p{Mc}\p{Nd}\p{Pc}\x{200C}\x{200D}]*+$/u';
|
2012-05-19 00:03:28 +01:00
|
|
|
$parts = explode('.', $callback);
|
|
|
|
foreach ($parts as $part) {
|
|
|
|
if (!preg_match($pattern, $part)) {
|
|
|
|
throw new \InvalidArgumentException('The callback name is not valid.');
|
|
|
|
}
|
2012-03-20 10:05:22 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-03-19 18:40:54 +00:00
|
|
|
$this->callback = $callback;
|
|
|
|
|
|
|
|
return $this->update();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Sets the data to be sent as json.
|
|
|
|
*
|
|
|
|
* @param mixed $data
|
|
|
|
*
|
|
|
|
* @return JsonResponse
|
2013-12-30 23:31:44 +00:00
|
|
|
*
|
|
|
|
* @throws \InvalidArgumentException
|
2012-03-19 18:40:54 +00:00
|
|
|
*/
|
|
|
|
public function setData($data = array())
|
2012-02-16 09:40:19 +00:00
|
|
|
{
|
2012-06-07 15:36:16 +01:00
|
|
|
// Encode <, >, ', &, and " for RFC4627-compliant JSON, which may also be embedded into HTML.
|
2013-07-13 20:08:31 +01:00
|
|
|
$this->data = json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT);
|
2012-03-19 17:27:08 +00:00
|
|
|
|
2013-12-30 23:31:44 +00:00
|
|
|
if (JSON_ERROR_NONE !== json_last_error()) {
|
|
|
|
throw new \InvalidArgumentException($this->transformJsonError());
|
|
|
|
}
|
|
|
|
|
2012-03-19 18:40:54 +00:00
|
|
|
return $this->update();
|
2012-02-16 09:40:19 +00:00
|
|
|
}
|
2012-03-15 15:28:15 +00:00
|
|
|
|
|
|
|
/**
|
2012-03-19 18:40:54 +00:00
|
|
|
* Updates the content and headers according to the json data and callback.
|
2012-03-19 17:27:08 +00:00
|
|
|
*
|
2012-03-19 18:40:54 +00:00
|
|
|
* @return JsonResponse
|
2012-03-15 15:28:15 +00:00
|
|
|
*/
|
2012-03-19 18:40:54 +00:00
|
|
|
protected function update()
|
2012-03-15 15:28:15 +00:00
|
|
|
{
|
2012-07-12 16:43:06 +01:00
|
|
|
if (null !== $this->callback) {
|
2012-03-19 18:40:54 +00:00
|
|
|
// Not using application/javascript for compatibility reasons with older browsers.
|
2012-08-16 17:15:35 +01:00
|
|
|
$this->headers->set('Content-Type', 'text/javascript');
|
2012-03-23 13:14:07 +00:00
|
|
|
|
2012-03-22 21:53:40 +00:00
|
|
|
return $this->setContent(sprintf('%s(%s);', $this->callback, $this->data));
|
2012-03-19 18:40:54 +00:00
|
|
|
}
|
|
|
|
|
2012-08-16 17:15:35 +01:00
|
|
|
// Only set the header when there is none or when it equals 'text/javascript' (from a previous update with callback)
|
|
|
|
// in order to not overwrite a custom definition.
|
|
|
|
if (!$this->headers->has('Content-Type') || 'text/javascript' === $this->headers->get('Content-Type')) {
|
|
|
|
$this->headers->set('Content-Type', 'application/json');
|
|
|
|
}
|
2012-03-22 21:53:40 +00:00
|
|
|
|
|
|
|
return $this->setContent($this->data);
|
2012-03-15 15:28:15 +00:00
|
|
|
}
|
2013-12-30 23:31:44 +00:00
|
|
|
|
|
|
|
private function transformJsonError()
|
|
|
|
{
|
|
|
|
if (function_exists('json_last_error_msg')) {
|
|
|
|
return json_last_error_msg();
|
|
|
|
}
|
|
|
|
|
|
|
|
switch (json_last_error()) {
|
|
|
|
case JSON_ERROR_DEPTH:
|
|
|
|
return 'Maximum stack depth exceeded.';
|
|
|
|
|
|
|
|
case JSON_ERROR_STATE_MISMATCH:
|
|
|
|
return 'Underflow or the modes mismatch.';
|
|
|
|
|
|
|
|
case JSON_ERROR_CTRL_CHAR:
|
|
|
|
return 'Unexpected control character found.';
|
|
|
|
|
|
|
|
case JSON_ERROR_SYNTAX:
|
|
|
|
return 'Syntax error, malformed JSON.';
|
|
|
|
|
|
|
|
case JSON_ERROR_UTF8:
|
|
|
|
return 'Malformed UTF-8 characters, possibly incorrectly encoded.';
|
|
|
|
|
|
|
|
default:
|
|
|
|
return 'Unknown error.';
|
|
|
|
}
|
|
|
|
}
|
2012-02-16 09:40:19 +00:00
|
|
|
}
|