[ticket/10824] Add json sanitizer class

PHPBB3-10824

phpBB/includes/acp/acp_styles.php

@@ -1154,7 +1154,7 @@ class acp_styles
 		}
 
 		$json = file_get_contents($this->styles_path . $dir . '/composer.json');
-		$style_data = json_decode($json, true);
+		$style_data = \phpbb\json_sanitizer::sanitize(json_decode($json, true));
 
 		if (!is_array($style_data) || !isset($style_data['type']) || $style_data['type'] !== 'phpbb-style')
 		{

phpBB/phpbb/json_sanitizer.php

@@ -0,0 +1,41 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+namespace phpbb;
+
+/**
+* JSON sanitizer class
+*/
+class json_sanitizer
+{
+	/**
+	 * Sanitize json data
+	 *
+	 * @param array $data Data to sanitize
+	 *
+	 * @return array Sanitized data
+	 */
+	static public function sanitize($data)
+	{
+		if (!empty($data))
+		{
+			$json_sanitizer = function (&$value, $key) {
+				$type_cast_helper = new \phpbb\request\type_cast_helper();
+				$type_cast_helper->set_var($value, $value, gettype($value), true);
+			};
+			array_walk_recursive($data, $json_sanitizer);
+		}
+
+		return $data;
+	}
+}

phpBB/phpbb/version_helper.php

@@ -389,17 +389,8 @@ class version_helper
 				throw new version_check_exception($error_string);
 			}
 
-			$info = json_decode($info, true);
-
 			// Sanitize any data we retrieve from a server
-			if (!empty($info))
+			$info = \phpbb\json_sanitizer::sanitize(json_decode($info, true));
-			{
-				$json_sanitizer = function (&$value, $key) {
-					$type_cast_helper = new \phpbb\request\type_cast_helper();
-					$type_cast_helper->set_var($value, $value, gettype($value), true);
-				};
-				array_walk_recursive($info, $json_sanitizer);
-			}
 
 			if (empty($info['stable']) && empty($info['unstable']))
 			{