diff options
| author | Artur Neumann <artur@jankaritech.com> | 2022-12-15 13:06:02 +0545 |
|---|---|---|
| committer | backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com> | 2022-12-16 10:50:41 +0000 |
| commit | 8cf9878fd231a01e8ed6e9a0dc2a4827b82caa59 (patch) | |
| tree | 4ae1f72d2f3cefb9a2fd1ee181395c887dc672b2 /lib | |
| parent | 4a4dbab61a986ad337fc972ce2c2f820b9da636c (diff) | |
| download | nextcloud-server-8cf9878fd231a01e8ed6e9a0dc2a4827b82caa59.tar.gz nextcloud-server-8cf9878fd231a01e8ed6e9a0dc2a4827b82caa59.zip | |
check if params given to API are really an array
Signed-off-by: Artur Neumann <artur@jankaritech.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/AppFramework/Http/Request.php | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/private/AppFramework/Http/Request.php b/lib/private/AppFramework/Http/Request.php index 010d889070e..770946c80d5 100644 --- a/lib/private/AppFramework/Http/Request.php +++ b/lib/private/AppFramework/Http/Request.php @@ -429,13 +429,12 @@ class Request implements \ArrayAccess, \Countable, IRequest { // 'application/json' must be decoded manually. if (strpos($this->getHeader('Content-Type'), 'application/json') !== false) { $params = json_decode(file_get_contents($this->inputStream), true); - if ($params !== null && \count($params) > 0) { + if (\is_array($params) && \count($params) > 0) { $this->items['params'] = $params; if ($this->method === 'POST') { $this->items['post'] = $params; } } - // Handle application/x-www-form-urlencoded for methods other than GET // or post correctly } elseif ($this->method !== 'GET' |