From 73e1502485862eedc1a8bc2c3f134eaeb05181d7 Mon Sep 17 00:00:00 2001
From: Andrea Faulds <ajf@ajf.me>
Date: Tue, 17 Sep 2013 19:12:29 +0000
Subject: [PATCH 1/2] Fixed case part of bug #64874 ("json_decode handles
 whitespace and case-sensitivity incorrectly")

---
 ext/json/json.c                    |  6 ++---
 ext/json/tests/bug64874_part2.phpt | 41 ++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 ext/json/tests/bug64874_part2.phpt

diff --git a/ext/json/json.c b/ext/json/json.c
index a786fef45c744..93fd6bf400bbd 100644
--- a/ext/json/json.c
+++ b/ext/json/json.c
@@ -701,14 +701,14 @@ PHP_JSON_API void php_json_decode_ex(zval *return_value, char *str, int str_len,
 
 		RETVAL_NULL();
 		if (trim_len == 4) {
-			if (!strncasecmp(trim, "null", trim_len)) {
+			if (!strncmp(trim, "null", trim_len)) {
 				/* We need to explicitly clear the error because its an actual NULL and not an error */
 				jp->error_code = PHP_JSON_ERROR_NONE;
 				RETVAL_NULL();
-			} else if (!strncasecmp(trim, "true", trim_len)) {
+			} else if (!strncmp(trim, "true", trim_len)) {
 				RETVAL_BOOL(1);
 			}
-		} else if (trim_len == 5 && !strncasecmp(trim, "false", trim_len)) {
+		} else if (trim_len == 5 && !strncmp(trim, "false", trim_len)) {
 			RETVAL_BOOL(0);
 		}
 
diff --git a/ext/json/tests/bug64874_part2.phpt b/ext/json/tests/bug64874_part2.phpt
new file mode 100644
index 0000000000000..e284821e8faac
--- /dev/null
+++ b/ext/json/tests/bug64874_part2.phpt
@@ -0,0 +1,41 @@
+--TEST--
+Case-sensitivity part of bug #64874 ("json_decode handles whitespace and case-sensitivity incorrectly")
+--SKIPIF--
+<?php if (!extension_loaded("json")) print "skip"; ?>
+--FILE--
+<?php
+function decode($json) {
+    var_dump(json_decode($json));
+    var_dump(json_last_error() !== 0);
+    echo "\n";
+}
+
+// Only lowercase should work
+decode('true');
+decode('True');
+decode('false');
+decode('False');
+decode('null');
+decode('Null');
+
+echo "Done\n";
+--EXPECT--
+bool(true)
+bool(false)
+
+NULL
+bool(true)
+
+bool(false)
+bool(false)
+
+NULL
+bool(true)
+
+NULL
+bool(false)
+
+NULL
+bool(true)
+
+Done

From a7a85b7c44a0cc48fa85c38910c9c7db617b0fd8 Mon Sep 17 00:00:00 2001
From: Andrea Faulds <ajf@ajf.me>
Date: Tue, 15 Oct 2013 22:37:12 +0000
Subject: [PATCH 2/2] NEWS and UPGRADING

---
 NEWS      | 4 ++++
 UPGRADING | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/NEWS b/NEWS
index c2cf3d76d21d9..5ebf56d38f877 100644
--- a/NEWS
+++ b/NEWS
@@ -29,6 +29,10 @@ PHP                                                                        NEWS
 - Hash:
   . Added gost-crypto (CryptoPro S-box) GOST hash algo. (Manuel Mausz)
 
+- JSON:
+  . Fixed bug #64874 ("json_decode handles whitespace and case-sensitivity
+    incorrectly")
+
 - mysqlnd:
   . Disabled flag for SP OUT variables for 5.5+ servers as they are not natively
     supported by the overlying APIs. (Andrey)
diff --git a/UPGRADING b/UPGRADING
index b19c3dd5410e5..9c772c31062c7 100755
--- a/UPGRADING
+++ b/UPGRADING
@@ -30,6 +30,14 @@ PHP X.Y UPGRADE NOTES
   }
   ?>
 
+- JSON:
+  Fixed bug #64874 ("json_decode handles whitespace and case-sensitivity
+  incorrectly")
+  This means that when a non-lowercase JSON text containing only JSON true,
+  false or null is passed to json_decode(), it will error. Please note however
+  that non-lowercase true, false or null have never been accepted inside JSON
+  arrays or JSON strings. This only applies to deserialising single values.
+  
 ========================================
 2. New Features
 ========================================