| Subject: | Argument checking in to_json() function causes side-effects |
Version 2.22 introduced the following patch:
sub to_json ($@) {
- if (ref $_[0] and ref($_[0]) eq 'JSON') {
+ if ( ref($_[0]) eq 'JSON' or $_[0] eq 'JSON' ) {
Carp::croak "to_json should not be called as a method.";
}
This causes side-effects if someone tries to encode nonref scalar.
Here are two examples:
1)
perl -MJSON -E 'say JSON::to_json(5, { allow_nonref => 1 })'
"5"
This behavior changed in 2.22, in 2.21 it printed '5' without quotation
marks.
2)
perl -MJSON -E 'say JSON::to_json("JSON", { allow_nonref => 1 })'
to_json should not be called as a method. at -e line 1
So... to_json() with 'allow_nonref' option can encode any string except
'JSON'.
Assuming that correctness is more important than parameters validation,
here is the patch that will fix this issue:
sub to_json ($@) {
- if ( ref($_[0]) eq 'JSON' or $_[0] eq 'JSON' ) {
+ if (
+ ref($_[0]) eq 'JSON'
+ or (@_ > 2 and $_[0] eq 'JSON')
+ ) {
Carp::croak "to_json should not be called as a method.";
I'm going to send you the pull request on github in a moment.