Fixed bug #73793 (WDDX uses wrong decimal seperator)

The WDDX specification[1] requires to serialize floats with a decimal
point, but `snprintf()` is locale-dependent and may use a decimal
comma. We fix that afterwards by replacing an eventual comma with a
point.

[1] <http://xml.coverpages.org/wddx0090-dtd-19980928.txt>

Author: cmb69

NEWS

@@ -58,6 +58,9 @@ PHP                                                                        NEWS
   . Fixed bug #75054 (A Denial of Service Vulnerability was found when
     performing deserialization). (Nikita)
 
+- WDDX:
+  . Fixed bug #73793 (WDDX uses wrong decimal seperator). (cmb)
+
 - XMLRPC:
   . Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared
     properties). (blar)

ext/wddx/tests/bug73793.phpt

@@ -0,0 +1,18 @@
+--TEST--
+Bug #73793 (WDDX uses wrong decimal seperator)
+--SKIPIF--
+<?php
+if (!extension_loaded('wddx')) print 'skip wddx extension not available';
+if (setlocale(LC_NUMERIC, ['de_DE', 'de_DE.UTF-8', 'de-DE']) === false) {
+    print 'skip German locale not available';
+}
+?>
+--FILE--
+<?php
+setlocale(LC_NUMERIC , ['de_DE', 'de_DE.UTF-8', 'de-DE']);
+var_dump(wddx_serialize_value(['foo' => 5.1]));
+?>
+===DONE===
+--EXPECT--
+string(120) "<wddxPacket version='1.0'><header/><data><struct><var name='foo'><number>5.1</number></var></struct></data></wddxPacket>"
+===DONE===

ext/wddx/wddx.c

@@ -420,11 +420,15 @@ static void php_wddx_serialize_string(wddx_packet *packet, zval *var)
  */
 static void php_wddx_serialize_number(wddx_packet *packet, zval *var)
 {
-	char tmp_buf[WDDX_BUF_LEN];
+	char tmp_buf[WDDX_BUF_LEN], *dec_point;
 	zend_string *str = zval_get_string(var);
 	snprintf(tmp_buf, sizeof(tmp_buf), WDDX_NUMBER, ZSTR_VAL(str));
 	zend_string_release(str);
 
+	dec_point = strchr(tmp_buf, ',');
+	if (dec_point) {
+		*dec_point = '.';
+	}
 	php_wddx_add_chunk(packet, tmp_buf);
 }
 /* }}} */