From c8fa04fe62be11c9639c4659f775fc28ace70c49 Mon Sep 17 00:00:00 2001 From: Artur Neumann Date: Thu, 15 Dec 2022 13:06:02 +0545 Subject: [PATCH] check if params given to API are really an array Signed-off-by: Artur Neumann --- lib/private/AppFramework/Http/Request.php | 3 +-- tests/lib/AppFramework/Http/RequestTest.php | 15 +++++++++++++-- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/lib/private/AppFramework/Http/Request.php b/lib/private/AppFramework/Http/Request.php index 496a845dd4a..286187c696c 100644 --- a/lib/private/AppFramework/Http/Request.php +++ b/lib/private/AppFramework/Http/Request.php @@ -431,13 +431,12 @@ class Request implements \ArrayAccess, \Countable, IRequest { // 'application/json' must be decoded manually. if (strpos($this->getHeader('Content-Type'), 'application/json') !== false) { $params = json_decode(file_get_contents($this->inputStream), true); - if ($params !== null && \count($params) > 0) { + if (\is_array($params) && \count($params) > 0) { $this->items['params'] = $params; if ($this->method === 'POST') { $this->items['post'] = $params; } } - // Handle application/x-www-form-urlencoded for methods other than GET // or post correctly } elseif ($this->method !== 'GET' diff --git a/tests/lib/AppFramework/Http/RequestTest.php b/tests/lib/AppFramework/Http/RequestTest.php index cf5ebdca2f0..78f4f80f8be 100644 --- a/tests/lib/AppFramework/Http/RequestTest.php +++ b/tests/lib/AppFramework/Http/RequestTest.php @@ -207,9 +207,20 @@ class RequestTest extends \Test\TestCase { $this->assertSame('Joey', $request['nickname']); } - public function testNotJsonPost() { + public function notJsonDataProvider() { + return [ + ['this is not valid json'], + ['"just a string"'], + ['{"just a string"}'], + ]; + } + + /** + * @dataProvider notJsonDataProvider + */ + public function testNotJsonPost($testData) { global $data; - $data = 'this is not valid json'; + $data = $testData; $vars = [ 'method' => 'POST', 'server' => ['CONTENT_TYPE' => 'application/json; utf-8'] -- 2.39.5