Last modified: 2009-02-27 16:04:21 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 11633 - Unquoted value in JSON response
Unquoted value in JSON response
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
API (Other open bugs)
unspecified
All All
: Normal normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-11 15:00 UTC by Russell Blau
Modified: 2009-02-27 16:04 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Russell Blau 2007-10-11 15:00:09 UTC
When using JSON format only, with redirects=redirects, if a page title happens to be an integer, the title is not quoted as a string in the response but is sent as an integer.

This occurs, for example, in the response to http://en.wikipedia.org/w/api.php?action=query&titles=-100&prop=info&redirects=redirects&format=jsonfm

Note that in the response, the title -100 is not quoted in the redirects 
value --

"redirects": [
  {
    "from": -100,
    "to": "100 BC"
  }
],

However, in the XML response to http://en.wikipedia.org/w/api.php?action=query&titles=-100&prop=info&redirects=redirects, the title "-100" is quoted properly; also, in http://en.wikipedia.org/w/api.php?action=query&titles=-100&prop=info&format=jsonfm, where the redirect is not resolved, the title "-100" is quoted properly.
Comment 1 Brion Vibber 2007-10-15 19:56:08 UTC
This is a side-effect of PHP's weak typing; something's overzealously converting the string-that-looks-like-an-int to an integer during processing.

The JSON formatter then, quite correctly, outputs a formatted integer rather than a string. (You can verify this by slipping in a var_dump() on the request data in ApiFormatJson::execute(); the -100 is listed as an int, not a string.)
Comment 2 Brion Vibber 2007-10-15 20:01:45 UTC
Note that while this means there's not a worry about security, one _can_ worry about it causing problems with use of the data in a more strongly-typed language, say Python, where ints and strings aren't freely interchangable.
Comment 3 Bryan Tong Minh 2008-04-05 18:35:49 UTC
Fixed in r32820. It appears that PHP automatically converts array keys that look like integers to integers. I knew that PHP was weakly types, but this weakly typed...
Comment 4 Russell Blau 2009-02-26 21:20:09 UTC
This has raised its ugly head again.  In the response to the following query --

http://en.wikipedia.org/w/api.php?action=query&prop=categoryinfo&titles=Category:X1&format=jsonfm

three of the four numeric values are quoted, but one is not.
Comment 5 Roan Kattouw 2009-02-26 21:31:44 UTC
"pageid": 18413500,
				"ns": 14,
				"title": "Category:X1",
				"categoryinfo": {
					"size": "8",
					"pages": 8,
					"files": "0",
					"subcats": "0"

These are numbers that are really numbers that are not being quoted, while some others are. I agree that this is inconsistent, but it's not invalid. Reclosing as FIXED because the unquoted things really are integers, not strings that happen to look like them.
Comment 6 Bryan Tong Minh 2009-02-26 21:53:05 UTC
Those numbers refer to amounts, which are always numbers and should be ints and not strings.
Comment 7 Russell Blau 2009-02-27 14:21:27 UTC
But then the quoted values shouldn't be quoted.  The current output format makes no sense.
Comment 8 Roan Kattouw 2009-02-27 16:04:21 UTC
(In reply to comment #7)
> But then the quoted values shouldn't be quoted.  The current output format
> makes no sense.
> 

I've converted all numeric values I could find to integers in r47865.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links