diff options
| author | Bernhard Posselt <dev@bernhard-posselt.com> | 2014-04-12 15:02:19 +0200 |
|---|---|---|
| committer | Bernhard Posselt <dev@bernhard-posselt.com> | 2014-04-18 16:13:01 +0200 |
| commit | 22485fe743e5c8da674ff92f812b762b822a03ac (patch) | |
| tree | 13e01ff619ac0c80e9e92b5c4cd800f2dd45cae6 | |
| parent | a7bc716b95e5a1a07ef2756d56e4e9f7915b2fcd (diff) | |
| download | nextcloud-server-22485fe743e5c8da674ff92f812b762b822a03ac.tar.gz nextcloud-server-22485fe743e5c8da674ff92f812b762b822a03ac.zip | |
Correctly process request parameters other than GET or POST, dont use globals in the class but inject it
| -rw-r--r-- | lib/private/appframework/http/request.php | 80 | ||||
| -rw-r--r-- | lib/private/server.php | 9 |
2 files changed, 39 insertions, 50 deletions
diff --git a/lib/private/appframework/http/request.php b/lib/private/appframework/http/request.php index 3e1f4ff87ed..5f43ece6a44 100644 --- a/lib/private/appframework/http/request.php +++ b/lib/private/appframework/http/request.php @@ -60,7 +60,10 @@ class Request implements \ArrayAccess, \Countable, IRequest { * @param string|false 'requesttoken' the requesttoken or false when not available * @see http://www.php.net/manual/en/reserved.variables.php */ - public function __construct(array $vars=array()) { + public function __construct(array $vars=array(), $stream='php://input') { + + $this->inputStream = $stream; + $this->items['params'] = array(); foreach($this->allowedKeys as $name) { $this->items[$name] = isset($vars[$name]) @@ -68,25 +71,29 @@ class Request implements \ArrayAccess, \Countable, IRequest { : array(); } - if (defined('PHPUNIT_RUN') && PHPUNIT_RUN - && in_array('fakeinput', stream_get_wrappers())) { - $this->inputStream = 'fakeinput://data'; - } else { - $this->inputStream = 'php://input'; - } - - // Only 'application/x-www-form-urlencoded' requests are automatically - // transformed by PHP, 'application/json' must be decoded manually. - if ($this->method === 'POST' - && strpos($this->getHeader('Content-Type'), 'application/json') !== false - ) { - $this->items['params'] = $this->items['post'] = json_decode(file_get_contents($this->inputStream), true); - } + // 'application/json' must be decoded manually. + if (strpos($this->getHeader('Content-Type'), 'application/json') !== false) { + $params = json_decode(file_get_contents($this->inputStream), true); + if(count($params) > 0) { + $this->items['params'] = $params; + } + // Handle application/x-www-form-urlencoded for methods other than GET + // or post correctly + } elseif($vars['method'] !== 'GET' + && $vars['method'] !== 'POST' + && strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') !== false) { + + parse_str(file_get_contents($this->inputStream), $params); + if(is_array($params)) { + $this->items['params'] = $params; + } + } $this->items['parameters'] = array_merge( $this->items['get'], $this->items['post'], - $this->items['urlParams'] + $this->items['urlParams'], + $this->items['params'] ); } @@ -313,47 +320,22 @@ class Request implements \ArrayAccess, \Countable, IRequest { * @throws \LogicException */ protected function getContent() { - if ($this->content === false && $this->method === 'PUT') { - throw new \LogicException( - '"put" can only be accessed once if not ' - . 'application/x-www-form-urlencoded or application/json.' - ); - } - // If the content can't be parsed into an array then return a stream resource. if ($this->method === 'PUT' && strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') === false && strpos($this->getHeader('Content-Type'), 'application/json') === false ) { + if ($this->content === false) { + throw new \LogicException( + '"put" can only be accessed once if not ' + . 'application/x-www-form-urlencoded or application/json.' + ); + } $this->content = false; return fopen($this->inputStream, 'rb'); + } else { + return $this->parameters; } - - if (is_null($this->content)) { - $this->content = file_get_contents($this->inputStream); - - /* - * Normal jquery ajax requests are sent as application/x-www-form-urlencoded - * and in $_GET and $_POST PHP transformes the data into an array. - * The first condition mimics this. - * The second condition allows for sending raw application/json data while - * still getting the result as an array. - * - */ - if (strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') !== false) { - parse_str($this->content, $content); - if(is_array($content)) { - $this->content = $content; - } - } elseif (strpos($this->getHeader('Content-Type'), 'application/json') !== false) { - $content = json_decode($this->content, true); - if(is_array($content)) { - $this->content = $content; - } - } - } - - return $this->content; } /** diff --git a/lib/private/server.php b/lib/private/server.php index bee70dec2df..dc5658e2582 100644 --- a/lib/private/server.php +++ b/lib/private/server.php @@ -35,6 +35,13 @@ class Server extends SimpleContainer implements IServerContainer { $requesttoken = false; } + if (defined('PHPUNIT_RUN') && PHPUNIT_RUN + && in_array('fakeinput', stream_get_wrappers())) { + $stream = 'fakeinput://data'; + } else { + $stream = 'php://input'; + } + return new Request( array( 'get' => $_GET, @@ -48,7 +55,7 @@ class Server extends SimpleContainer implements IServerContainer { : null, 'urlParams' => $urlParams, 'requesttoken' => $requesttoken, - ) + ), $stream ); }); $this->registerService('PreviewManager', function($c) { |