Tickets :: [#14522] Invalid UTF-8 session data gets passed to json_encode()

6.0.0-beta1

10/16/25

Summary	Invalid UTF-8 session data gets passed to json_encode()
Queue	Horde Framework Packages
Type	Bug
State	Resolved
Priority	1. Low
Owners	jan (at) horde (dot) org
Requester	horde.wayne (at) ptaff (dot) ca
Created	11/24/2016 (3248 days ago)
Due
Updated	11/25/2016 (3247 days ago)
Assigned
Resolved	11/25/2016 (3247 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

11/25/2016 09:51:44 AM	Jan Schneider	Comment #4 Assigned to Jan Schneider State ⇒ Resolved	Reply to this comment
We already catched this case successfully, this was just a leaked notice.

11/25/2016 09:50:23 AM	Git Commit	Comment #3	Reply to this comment
Changes have been made in Git (master): commit f3c5faddd3663d6cf78f4c74ef6c2c96d89a8a4b Author: Jan Schneider <jan@horde.org> Date: Fri Nov 25 10:06:13 2016 +0100 Avoid notice if packing an invalid UTF-8 string. ~~Bug: 14522~~ framework/Pack/lib/Horde/Pack/Driver/Json.php \| 2 ++ framework/Pack/test/Horde/Pack/Driver/JsonTest.php \| 9 +++++++++ 2 files changed, 11 insertions(+) http://github.com/horde/horde/commit/f3c5faddd3663d6cf78f4c74ef6c2c96d89a8a4b

11/24/2016 06:21:08 PM	horde (dot) wayne (at) ptaff (dot) ca	Comment #2	Reply to this comment
Forgot to mention, the culprit method is Horde_Session->set(), inside framework/Core/lib/Horde/Session.php

11/24/2016 06:17:47 PM	horde (dot) wayne (at) ptaff (dot) ca	Comment #1 Priority ⇒ 1. Low Patch ⇒ No Milestone ⇒ Queue ⇒ Horde Framework Packages Summary ⇒ Invalid UTF-8 session data gets passed to json_encode() Type ⇒ Bug State ⇒ Unconfirmed	Reply to this comment
Have had these PHP errors in syslog for ages on my horde-5.2.16 webmail installation (and previous versions): PHP ERROR: json_encode(): Invalid UTF-8 sequence in argument [pid 30552 on line 48 of ".../pear/php/Horde/Pack/Driver/Json.php"] I finally decided to dig into it and find if the cause is a local problem or systematic. Confirmed, a 44-byte binary (non UTF-8) string gets passed to json_encode(). I could get a backtrace: '#0 /var/www/sites/horde5.ptaff.ca/pear/php/Horde/Pack.php(130): Horde_Pack_Driver_Json->pack(Array) #1 /var/www/sites/horde5.ptaff.ca/pear/php/Horde/Session.php(430): Horde_Pack->pack(Array, Array) #2 /var/www/sites/horde5.ptaff.ca/pear/php/Horde/Registry.php(2458): Horde_Session->set(\'horde\', \'auth_app/gollem\', Array, 4) #3 /var/www/sites/horde5.ptaff.ca/pear/php/Horde/Registry.php(2581): Horde_Registry->setAuthCredential(Array, NULL, \'gollem\') It thus seems like a regression happened with that commit: https://github.com/horde/horde/commit/54a1644952151bea3dc942e0b334e07810e9e188 Where PHP's serialize() would be happy to be fed binary data, and json_encode() is not. Not sure about the right approach here to fix this as JSON's not designed to handle raw binary data.