Packages and Tools: Ensure proper flags are used with json_encode()

projects/packages/account-protection/changelog/fix-audit_json_encode_flags

@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+Ensure proper flags are used with `json_encode()`.

projects/packages/account-protection/tests/php/Email_Service_Test.php

@@ -147,7 +147,7 @@ function ( $body ) {
 			)->willReturn(
 				array(
 					'response' => array( 'code' => 200 ),
-					'body'     => json_encode( array( 'email_send_success' => true ) ),
+					'body'     => json_encode( array( 'email_send_success' => true ), JSON_UNESCAPED_SLASHES ),
 				)
 			);
 
@@ -197,7 +197,8 @@ public function test_api_send_auth_email_returns_error_if_response_code_is_not_2
 							'code'               => 'email_send_error',
 							'message'            => 'Failed to send authentication code.',
 							'email_send_success' => true,
-						)
+						),
+						JSON_UNESCAPED_SLASHES
 					),
 				)
 			);
@@ -252,7 +253,7 @@ public function test_api_send_auth_email_returns_error_if_response_from_api_is_f
 			->willReturn(
 				array(
 					'response' => array( 'code' => 200 ),
-					'body'     => json_encode( array( 'email_sent' => false ) ),
+					'body'     => json_encode( array( 'email_sent' => false ), JSON_UNESCAPED_SLASHES ),
 				)
 			);
 

projects/packages/account-protection/tests/php/Validation_Service_Test.php

@@ -237,7 +237,8 @@ public function test_returns_true_if_password_is_compromised() {
 					'body'     => json_encode(
 						array(
 							'compromised' => array( 'c90fcfd699f0ddbdcb30c2c9183d2d933ea' ),
-						)
+						),
+						JSON_UNESCAPED_SLASHES
 					),
 				)
 			);
@@ -261,7 +262,8 @@ public function test_returns_true_if_password_is_common() {
 					'body'     => json_encode(
 						array(
 							'common' => array( 'c90fcfd699f0ddbdcb30c2c9183d2d933ea' ),
-						)
+						),
+						JSON_UNESCAPED_SLASHES
 					),
 				)
 			);
@@ -286,7 +288,8 @@ public function test_returns_false_if_password_is_not_leaked() {
 						array(
 							'compromised' => array( '1234' ),
 							'common'      => array(),
-						)
+						),
+						JSON_UNESCAPED_SLASHES
 					),
 				)
 			);

projects/packages/analyzer/changelog/fix-audit_json_encode_flags

@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+Ensure proper flags are used with `json_encode()`.

projects/packages/analyzer/src/Declarations/class-class-method.php

@@ -34,7 +34,7 @@ function to_csv_array() {
 			$this->class_name,
 			$this->method_name,
 			$this->static,
-			json_encode( $this->params ),
+			json_encode( $this->params, JSON_UNESCAPED_SLASHES ),
 			$this->deprecated,
 		);
 	}

projects/packages/analyzer/src/Declarations/class-function.php

@@ -30,7 +30,7 @@ function to_csv_array() {
 			'',
 			$this->func_name,
 			'',
-			json_encode( $this->params ),
+			json_encode( $this->params, JSON_UNESCAPED_SLASHES ),
 			$this->deprecated,
 		);
 	}

projects/packages/analyzer/src/api/class-model.php

@@ -87,7 +87,7 @@ public function persist( $arr = null ) {
 		if ( $arr === null ) {
 			$arr = $this->content;
 		}
-		file_put_contents( $this->db_file, json_encode( $arr ) );
+		file_put_contents( $this->db_file, json_encode( $arr ), JSON_UNESCAPED_SLASHES );
 	}
 
 	public function reset() {

projects/packages/analyzer/src/class-PersistentList.php

@@ -79,7 +79,8 @@ function ( $item ) {
 						return $item->to_map();
 					},
 					$this->items
-				)
+				),
+				JSON_UNESCAPED_SLASHES
 			)
 		);
 	}

projects/packages/assets/changelog/fix-audit_json_encode_flags

@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+Ensure proper flags are used with `json_encode()`.

projects/packages/assets/src/class-assets.php

@@ -530,7 +530,7 @@ public static function wp_default_scripts_hook( $wp_scripts ) {
 		} else {
 			$data['domainMap']   = (object) $data['domainMap']; // Ensure it becomes a json object.
 			$data['domainPaths'] = (object) $data['domainPaths']; // Ensure it becomes a json object.
-			$wp_scripts->add_inline_script( $handle, 'wp.jpI18nLoader.state = ' . wp_json_encode( $data, JSON_UNESCAPED_SLASHES ) . ';' );
+			$wp_scripts->add_inline_script( $handle, 'wp.jpI18nLoader.state = ' . wp_json_encode( $data, JSON_UNESCAPED_SLASHES | JSON_HEX_TAG | JSON_HEX_AMP ) . ';' );
 		}
 
 		// Deprecated state module: Depend on wp-i18n to ensure global `wp` exists and because anything needing this will need that too.

projects/packages/autoloader/changelog/fix-audit_json_encode_flags

@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+Ensure proper flags are used with `json_encode()`.

projects/packages/autoloader/tests/php/lib/class-test-plugin-factory.php

@@ -538,7 +538,7 @@ private function has_plugin_changed( $plugin_dir, $plugin_file, &$composer_confi
 		// Prepare a checksum object for comparison and store it in the composer config so we can retrieve it later.
 		$factory_checksum = array(
 			'plugin'   => hash( 'crc32', $plugin_file ),
-			'composer' => hash( 'crc32', json_encode( $composer_config ) ),
+			'composer' => hash( 'crc32', json_encode( $composer_config, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE ) ),
 			'files'    => array(),
 		);
 		foreach ( $this->files as $path => $content ) {

projects/packages/backup/changelog/fix-audit_json_encode_flags

@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+Ensure proper flags are used with `json_encode()`.

projects/packages/backup/src/class-initial-state.php

@@ -64,6 +64,6 @@ private function get_data() {
 	public function render() {
 		add_action( 'jetpack_use_iframe_authorization_flow', '__return_true' );
 
-		return 'var JPBACKUP_INITIAL_STATE=JSON.parse(decodeURIComponent("' . rawurlencode( wp_json_encode( $this->get_data() ) ) . '"));';
+		return 'var JPBACKUP_INITIAL_STATE=' . wp_json_encode( $this->get_data(), JSON_UNESCAPED_SLASHES | JSON_HEX_TAG | JSON_HEX_AMP ) . ';';
 	}
 }

projects/packages/backup/tests/php/REST_Controller_Test.php

@@ -112,7 +112,7 @@ public function test_install_backup_helper_script_unauthorized() {
 		);
 		$request = new WP_REST_Request( 'POST', '/jetpack/v4/backup-helper-script' );
 		$request->set_header( 'content-type', 'application/json' );
-		$request->set_body( wp_json_encode( $body ) );
+		$request->set_body( wp_json_encode( $body, JSON_UNESCAPED_SLASHES ) );
 		$response = $this->server->dispatch( $request );
 		$this->assertEquals( 403, $response->get_status() );
 		$this->assertEquals( 'You are not allowed to perform this action.', $response->get_data()['message'] );
@@ -128,7 +128,7 @@ public function test_install_backup_helper_script_success() {
 
 		$request = new WP_REST_Request( 'POST', '/jetpack/v4/backup-helper-script' );
 		$request->set_header( 'content-type', 'application/json' );
-		$request->set_body( wp_json_encode( $body ) );
+		$request->set_body( wp_json_encode( $body, JSON_UNESCAPED_SLASHES ) );
 
 		$response      = $this->dispatch_request_signed_with_blog_token( $request );
 		$response_data = $response->get_data();
@@ -167,7 +167,7 @@ public function test_install_backup_helper_script_bad_header() {
 
 		$request = new WP_REST_Request( 'POST', '/jetpack/v4/backup-helper-script' );
 		$request->set_header( 'content-type', 'application/json' );
-		$request->set_body( wp_json_encode( $body ) );
+		$request->set_body( wp_json_encode( $body, JSON_UNESCAPED_SLASHES ) );
 
 		$response = $this->dispatch_request_signed_with_blog_token( $request );
 		$this->assertEquals( 400, $response->get_status() );
@@ -196,7 +196,7 @@ public function test_delete_backup_helper_script_unauthorized() {
 
 		$request = new WP_REST_Request( 'DELETE', '/jetpack/v4/backup-helper-script' );
 		$request->set_header( 'content-type', 'application/json' );
-		$request->set_body( wp_json_encode( $body ) );
+		$request->set_body( wp_json_encode( $body, JSON_UNESCAPED_SLASHES ) );
 		$response = $this->server->dispatch( $request );
 
 		$this->assertEquals( 403, $response->get_status() );
@@ -213,7 +213,7 @@ public function test_delete_backup_helper_script_success() {
 
 		$request = new WP_REST_Request( 'DELETE', '/jetpack/v4/backup-helper-script' );
 		$request->set_header( 'content-type', 'application/json' );
-		$request->set_body( wp_json_encode( $body ) );
+		$request->set_body( wp_json_encode( $body, JSON_UNESCAPED_SLASHES ) );
 
 		$response = $this->dispatch_request_signed_with_blog_token( $request );
 		$this->assertEquals( 200, $response->get_status() );
@@ -232,7 +232,7 @@ public function test_delete_backup_helper_script_bad_header() {
 
 		$request = new WP_REST_Request( 'DELETE', '/jetpack/v4/backup-helper-script' );
 		$request->set_header( 'content-type', 'application/json' );
-		$request->set_body( wp_json_encode( $body ) );
+		$request->set_body( wp_json_encode( $body, JSON_UNESCAPED_SLASHES ) );
 
 		$response = $this->dispatch_request_signed_with_blog_token( $request );
 		$this->assertEquals( 500, $response->get_status() );

projects/packages/blaze/changelog/fix-audit_json_encode_flags

@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+Ensure proper flags are used with `json_encode()`.

projects/packages/blaze/src/class-dashboard-config-data.php

@@ -50,7 +50,8 @@ public function __construct( $admin_page = 'tools.php', $menu_slug = 'advertisin
 	 */
 	public function get_js_config_data( $config_data = null ) {
 		return 'window.configData = ' . wp_json_encode(
-			$config_data === null ? $this->get_data() : $config_data
+			$config_data === null ? $this->get_data() : $config_data,
+			JSON_UNESCAPED_SLASHES | JSON_HEX_TAG | JSON_HEX_AMP
 		) . ';';
 	}
 

projects/packages/blaze/src/class-dashboard-rest-controller.php

@@ -863,7 +863,7 @@ protected function add_prices_in_posts( $posts ) {
 	 */
 	protected function request_as_user( $path, $version = '2', $args = array(), $body = null, $base_api_path = 'wpcom', $use_cache = false ) {
 		// Arrays are serialized without considering the order of objects, but it's okay atm.
-		$cache_key = 'BLAZE_REST_RESP_' . md5( implode( '|', array( $path, $version, wp_json_encode( $args ), wp_json_encode( $body ), $base_api_path ) ) );
+		$cache_key = 'BLAZE_REST_RESP_' . md5( implode( '|', array( $path, $version, wp_json_encode( $args, JSON_UNESCAPED_SLASHES ), wp_json_encode( $body, JSON_UNESCAPED_SLASHES ), $base_api_path ) ) );
 
 		if ( $use_cache ) {
 			$response_body_content = get_transient( $cache_key );

projects/packages/blaze/tests/php/Blaze_Test.php

@@ -206,7 +206,7 @@ public function test_site_supports_blaze( $eligibility_details, $expected_eligib
 			set_transient( 'jetpack_blaze_site_supports_blaze_0', $eligibility_details['transient'] );
 		} else {
 			if ( isset( $eligibility_details['body'] ) ) {
-				$eligibility_details['body'] = wp_json_encode( $eligibility_details['body'] );
+				$eligibility_details['body'] = wp_json_encode( $eligibility_details['body'], JSON_UNESCAPED_SLASHES );
 			}
 
 			$remote_request_happened = true;

projects/packages/boost-core/changelog/fix-audit_json_encode_flags

@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+Ensure proper flags are used with `json_encode()`.

projects/packages/boost-core/src/lib/class-utils.php

@@ -38,7 +38,7 @@ public static function standardize_error( $error ) {
 		if ( is_object( $error ) ) {
 			return array(
 				'name'    => 'Error',
-				'message' => json_decode( wp_json_encode( $error ), true ),
+				'message' => json_decode( wp_json_encode( $error, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE ), true ),
 			);
 		}
 
@@ -114,7 +114,7 @@ public static function send_wpcom_request( $method, $endpoint, $args = null, $bo
 			$endpoint,
 			'2',
 			array_merge( $default_args, empty( $args ) ? array() : $args ),
-			empty( $body ) ? null : wp_json_encode( $body ),
+			empty( $body ) ? null : wp_json_encode( $body, JSON_UNESCAPED_SLASHES ),
 			'wpcom'
 		);
 

projects/packages/changelogger/changelog/fix-audit_json_encode_flags

@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+Ensure proper flags are used with `json_encode()`.

projects/packages/changelogger/tests/php/tests/lib/ChangeEntryTest.php

@@ -410,7 +410,7 @@ public function testJson( $json, $change ) {
 			$this->expectExceptionMessage( $change );
 			ChangeEntry::jsonUnserialize( json_decode( $json ) );
 		} else {
-			$this->assertSame( $json, json_encode( $change ) );
+			$this->assertSame( $json, json_encode( $change, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE ) );
 			$this->assertEquals( $change, ChangeEntry::jsonUnserialize( json_decode( $json ) ) );
 		}
 	}

projects/packages/changelogger/tests/php/tests/lib/ChangelogEntryTest.php

@@ -234,7 +234,7 @@ public function testJson( $json, $entry ) {
 			$this->expectExceptionMessage( $entry );
 			ChangelogEntry::jsonUnserialize( json_decode( $json ) );
 		} else {
-			$this->assertSame( $json, json_encode( $entry ) );
+			$this->assertSame( $json, json_encode( $entry, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE ) );
 			$this->assertEquals( $entry, ChangelogEntry::jsonUnserialize( json_decode( $json ) ) );
 		}
 	}
@@ -249,7 +249,7 @@ public static function provideJson() {
 				( new ChangelogEntry( '1.0' ) )->setTimestamp( '2021-02-18' ),
 			),
 			'Serialization with data'           => array(
-				'{"__class__":"Automattic\\\\Jetpack\\\\Changelog\\\\ChangelogEntry","version":"1.0","link":"https:\\/\\/example.org","timestamp":"2021-02-18T12:07:16-0500","prologue":"Foo","epilogue":"Bar","changes":[{"__class__":"Automattic\\\\Jetpack\\\\Changelog\\\\ChangeEntry","significance":null,"timestamp":"2021-02-17T00:00:00+0000","subheading":"","author":"","content":""},{"__class__":"Automattic\\\\Jetpack\\\\Changelog\\\\ChangeEntry","significance":null,"timestamp":"2021-02-18T00:00:00+0000","subheading":"","author":"","content":""}]}',
+				'{"__class__":"Automattic\\\\Jetpack\\\\Changelog\\\\ChangelogEntry","version":"1.0","link":"https://example.org","timestamp":"2021-02-18T12:07:16-0500","prologue":"Foo","epilogue":"Bar","changes":[{"__class__":"Automattic\\\\Jetpack\\\\Changelog\\\\ChangeEntry","significance":null,"timestamp":"2021-02-17T00:00:00+0000","subheading":"","author":"","content":""},{"__class__":"Automattic\\\\Jetpack\\\\Changelog\\\\ChangeEntry","significance":null,"timestamp":"2021-02-18T00:00:00+0000","subheading":"","author":"","content":""}]}',
 				( new ChangelogEntry( '1.0' ) )->setTimestamp( '2021-02-18T12:07:16-0500' )->setPrologue( 'Foo' )->setEpilogue( 'Bar' )->setLink( 'https://example.org' )->setChanges(
 					array(
 						new ChangeEntry( array( 'timestamp' => '2021-02-17' ) ),

projects/packages/changelogger/tests/php/tests/lib/ChangelogTest.php

@@ -104,7 +104,7 @@ public function testJson( $json, $changelog ) {
 			$this->expectExceptionMessage( $changelog );
 			Changelog::jsonUnserialize( json_decode( $json ) );
 		} else {
-			$this->assertSame( $json, json_encode( $changelog ) );
+			$this->assertSame( $json, json_encode( $changelog, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE ) );
 			$this->assertEquals( $changelog, Changelog::jsonUnserialize( json_decode( $json ) ) );
 		}
 	}

projects/packages/changelogger/tests/php/tests/src/UtilsTest.php

@@ -460,7 +460,7 @@ function ( $data ) {
 
 		$this->assertSame(
 			'{"a":{"__class__":"Automattic\\\\Jetpack\\\\Changelog\\\\ChangeEntry","significance":"minor","timestamp":"2021-02-22T00:00:00+0000","subheading":"Added!","author":"","content":"AAAAA"},"b":{"__class__":"Automattic\\\\Jetpack\\\\Changelog\\\\ChangeEntry","significance":"minor","timestamp":"2021-02-24T00:00:00+0000","subheading":"Unknown","author":"","content":"BBBBB"}}',
-			json_encode( $ret )
+			json_encode( $ret, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE )
 		);
 		$this->assertSame(
 			array(

projects/packages/classic-theme-helper/changelog/fix-audit_json_encode_flags

@@ -0,0 +1,4 @@
+Significance: patch
+Type: fixed
+
+Ensure proper flags are used with `json_encode()`.

projects/packages/classic-theme-helper/src/custom-content-types.php

@@ -54,16 +54,15 @@ function jetpack_custom_post_types_loaded() {
 		if ( ! isset( $_GET['page'] ) || 'jetpack' !== $_GET['page'] ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- We are not processing any data here.
 			return;
 		}
-		$initial_state = 'var CUSTOM_CONTENT_TYPE__INITIAL_STATE; typeof CUSTOM_CONTENT_TYPE__INITIAL_STATE === "object" || (CUSTOM_CONTENT_TYPE__INITIAL_STATE = JSON.parse(decodeURIComponent("' . rawurlencode(
-			wp_json_encode(
-				array(
-					'active'                   => classic_theme_helper_cpt_should_be_active(),
-					'over_ride'                => false,
-					'should_show_testimonials' => Jetpack_Testimonial::site_should_display_testimonials() ? true : false,
-					'should_show_portfolios'   => Jetpack_Portfolio::site_should_display_portfolios() ? true : false,
-				)
-			)
-		) . '")));';
+		$initial_state = 'var CUSTOM_CONTENT_TYPE__INITIAL_STATE; typeof CUSTOM_CONTENT_TYPE__INITIAL_STATE === "object" || (CUSTOM_CONTENT_TYPE__INITIAL_STATE = ' . wp_json_encode(
+			array(
+				'active'                   => classic_theme_helper_cpt_should_be_active(),
+				'over_ride'                => false,
+				'should_show_testimonials' => Jetpack_Testimonial::site_should_display_testimonials() ? true : false,
+				'should_show_portfolios'   => Jetpack_Portfolio::site_should_display_portfolios() ? true : false,
+			),
+			JSON_UNESCAPED_SLASHES | JSON_HEX_TAG | JSON_HEX_AMP
+		) . ');';
 
 			// Create a global variable with the custom content type feature status so that the value is available
 			// earlier than the API method above allows, preventing delayed loading of the settings card.

projects/packages/codesniffer/Jetpack/Sniffs/PHPUnit/AttributesSniff/CoverageHandler.php

@@ -184,15 +184,17 @@ public function process( File $phpcsFile, $stackPtr, array $attributes, array $a
 							'type'  => 'class',
 							'class' => $d->class,
 							'alias' => $d->alias,
-						)
+						),
+						JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE
 					);
 					$ktrait = json_encode(
 						array(
 							'which' => $d->which,
 							'type'  => 'trait',
 							'class' => $d->class,
 							'alias' => $d->alias,
-						)
+						),
+						JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE
 					);
 					if ( isset( $attributes[ $kclass ] ) ) {
 						$annotations[ $kclass ] = $annotations[ $k ];
@@ -219,7 +221,8 @@ public function process( File $phpcsFile, $stackPtr, array $attributes, array $a
 						'type'  => 'class',
 						'class' => $d->class,
 						'alias' => $d->alias,
-					)
+					),
+					JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE
 				);
 				if ( isset( $attributes[ $kclass ] ) ) {
 					unset( $attributes[ $k ] );
@@ -253,13 +256,14 @@ public function process( File $phpcsFile, $stackPtr, array $attributes, array $a
 			if ( isset( $annotationsByType[ $which ]['function'] ) ) {
 				foreach ( $annotationsByType[ $which ]['function'] as $k => $d ) {
 					$k2                 = json_encode(
-						(object) array(
+						array(
 							'which'  => $d->which,
 							'type'   => 'method',
 							'class'  => $dc->class,
 							'alias'  => $dc->alias,
 							'method' => $d->function,
-						)
+						),
+						JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE
 					);
 					$annotations[ $k2 ] = $annotations[ $k ];
 					unset( $annotations[ $k ] );

projects/packages/codesniffer/Jetpack/Sniffs/PHPUnit/AttributesSniff/DependsHandler.php

@@ -140,7 +140,7 @@ public function parseAnnotation( File $phpcsFile, array $data, $applies ) { // p
 			}
 		}
 
-		return json_encode( $ret );
+		return json_encode( $ret, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE );
 	}
 
 	/** {@inheritdoc} */