From: Sarah Hoffmann <lonvia@denofr.de>
Date: Sun, 1 Jul 2012 11:19:59 +0000 (+0200)
Subject: more generalized javascript_renderData
X-Git-Tag: v2.0.0~51
X-Git-Url: https://git.openstreetmap.org/nominatim.git/commitdiff_plain/1cb55c6e318cb86cd1d44463eff4b951496134c0

more generalized javascript_renderData

- handles json/jsonp transparently (avoiding code duplication in templates)
- use php's internal json_encode functions (with JSON_UNESCAPED_UNICODE
  for backward compatibility)
- be more liberal with what is allowed as a callback identifier
- return a 400 for illegal callbacks
- return application/javascript type when jsonp is requested

fixes #16, fixes #17
---

diff --git a/lib/lib.php b/lib/lib.php
index 74430cf7..cc8a90e0 100644
--- a/lib/lib.php
+++ b/lib/lib.php
@@ -592,45 +592,25 @@
 	}
 	
 	
-        function javascript_isarray($xVal)
-        {
-                if (!is_array($xVal)) return false;
-                for($i = 0; $i < sizeof($xVal); $i++)
-                {
-                        if (!array_key_exists($i, $xVal)) return false;
-                }
-                return true;
-        }
 
-        function javascript_renderData($xVal, $bForceHash = false)
-        {
-                if (is_array($xVal))
-                {
-                        $aVals = array();
-                        if (javascript_isarray($xVal) && !$bForceHash)
-                        {
-                                foreach($xVal as $sKey => $xData)
-                                {
-                                        $aVals[] = javascript_renderData($xData);
-                                }
-                                return '['.join(',',$aVals).']';
-                        }
-                        else
-                        {
-                                foreach($xVal as $sKey => $xData)
-                                {
-                                        $aVals[] = '"'.addslashes($sKey).'"'.':'.javascript_renderData($xData);
-                                }
-                                return '{'.join(',',$aVals).'}';
-                        }
-                }
-                else
-                {
-                        if (is_bool($xVal)) return $xVal?'true':'false';
-//			if (is_numeric($xVal)) return $xVal;
-                        return '"'.str_replace('>','\\>',str_replace(array("\n","\r"),'\\n',str_replace(array("\n\r","\r\n"),'\\n',str_replace('"','\\"',$xVal)))).'"';
-                }
-        }
+    function javascript_renderData($xVal)
+    {
+        header("Access-Control-Allow-Origin: *");
+
+        $jsonout = json_encode($xVal, JSON_UNESCAPED_UNICODE);
+
+		if( ! isset($_GET['json_callback'])) {
+			header("Content-Type: application/json; charset=UTF-8");
+			echo $jsonout;
+		} else {
+			if (preg_match('/^[$_\p{L}][$_\p{L}\p{Nd}.[\]]*$/u',$_GET['json_callback'])) {
+				header("Content-Type: application/javascript; charset=UTF-8");
+				echo $_GET['json_callback'].'('.$jsonout.')';
+			} else {
+				header('HTTP/1.0 400 Bad Request');
+			}
+		}
+    }
 
 	function _debugDumpGroupedSearches($aData, $aTokens)
 	{
diff --git a/lib/template/address-json.php b/lib/template/address-json.php
index 3c7327a3..83c8b57c 100644
--- a/lib/template/address-json.php
+++ b/lib/template/address-json.php
@@ -1,7 +1,4 @@
 <?php
-	header ("Content-Type: application/json; charset=UTF-8");
-	header("Access-Control-Allow-Origin: *");
-
 	$aFilteredPlaces = array();
 
 	if (!sizeof($aPlace))
@@ -27,13 +24,5 @@
 		if ($bShowAddressDetails) $aFilteredPlaces['address'] = $aAddress;
 	}
 
-	if (isset($_GET['json_callback']) && preg_match('/^[-A-Za-z0-9:_.]+$/',$_GET['json_callback']))
-	{
-		echo $_GET['json_callback'].'('.javascript_renderData($aFilteredPlaces).')';
-	}
-	else
-	{
-		echo javascript_renderData($aFilteredPlaces);
-	}
-
+	javascript_renderData($aFilteredPlaces);
 
diff --git a/lib/template/address-jsonv2.php b/lib/template/address-jsonv2.php
index 51d3e1a3..96247182 100644
--- a/lib/template/address-jsonv2.php
+++ b/lib/template/address-jsonv2.php
@@ -1,7 +1,4 @@
 <?php
-	header ("Content-Type: application/json; charset=UTF-8");
-	header("Access-Control-Allow-Origin: *");
-
 	$aFilteredPlaces = array();
 
 	if (!sizeof($aPlace))
@@ -32,13 +29,4 @@
 		if ($bShowAddressDetails && $aAddress && sizeof($aAddress)) $aFilteredPlaces['address'] = $aAddress;
 	}
 
-	if (isset($_GET['json_callback']) && preg_match('/^[-A-Za-z0-9:_]+$/',$_GET['json_callback']))
-	{
-		echo $_GET['json_callback'].'('.javascript_renderData($aFilteredPlaces).')';
-	}
-	else
-	{
-		echo javascript_renderData($aFilteredPlaces);
-	}
-
-
+	javascript_renderData($aFilteredPlaces);
diff --git a/lib/template/search-json.php b/lib/template/search-json.php
index 7c695ea5..4eed52ae 100644
--- a/lib/template/search-json.php
+++ b/lib/template/search-json.php
@@ -1,7 +1,4 @@
 <?php
-	header("Content-Type: application/json; charset=UTF-8");
-	header("Access-Control-Allow-Origin: *");
-
 	$aFilteredPlaces = array();
 	foreach($aSearchResults as $iResNum => $aPointDetails)
 	{
@@ -55,11 +52,4 @@
 		$aFilteredPlaces[] = $aPlace;
 	}
 
-	if (isset($_GET['json_callback']) && preg_match('/^[-A-Za-z0-9:_.]+$/',$_GET['json_callback']))
-	{
-		echo $_GET['json_callback'].'('.javascript_renderData($aFilteredPlaces).')';
-	}
-	else
-	{
-		echo javascript_renderData($aFilteredPlaces);
-	}
+	javascript_renderData($aFilteredPlaces);
diff --git a/lib/template/search-jsonv2.php b/lib/template/search-jsonv2.php
index cb09baa4..095bfb79 100644
--- a/lib/template/search-jsonv2.php
+++ b/lib/template/search-jsonv2.php
@@ -1,7 +1,4 @@
 <?php
-	header("Content-Type: application/json; charset=UTF-8");
-	header("Access-Control-Allow-Origin: *");
-
 	$aFilteredPlaces = array();
 	foreach($aSearchResults as $iResNum => $aPointDetails)
 	{
@@ -55,11 +52,4 @@
 		$aFilteredPlaces[] = $aPlace;
 	}
 
-	if (isset($_GET['json_callback']) && preg_match('/^[-A-Za-z0-9:_.]+$/',$_GET['json_callback']))
-	{
-		echo $_GET['json_callback'].'('.javascript_renderData($aFilteredPlaces).')';
-	}
-	else
-	{
-		echo javascript_renderData($aFilteredPlaces);
-	}
+	javascript_renderData($aFilteredPlaces);