diff options
author | Morris Jobke <hey@morrisjobke.de> | 2015-08-31 14:58:48 +0200 |
---|---|---|
committer | Morris Jobke <hey@morrisjobke.de> | 2015-08-31 14:58:48 +0200 |
commit | c34fbea1975517cfbb4779813fc6a805ab547c8f (patch) | |
tree | 97739ff8f239a3de48b0f887aa7830a86d883280 /lib | |
parent | 65784227d6460a9464b287cc698d3e0a54f6d0d3 (diff) | |
parent | e60c4bada151d9c3e0e3ebadf25b1c7d15a88aef (diff) | |
download | nextcloud-server-c34fbea1975517cfbb4779813fc6a805ab547c8f.tar.gz nextcloud-server-c34fbea1975517cfbb4779813fc6a805ab547c8f.zip |
Merge pull request #18691 from owncloud/request-no-read
Decode request content only on getContent
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/appframework/http/request.php | 83 |
1 files changed, 49 insertions, 34 deletions
diff --git a/lib/private/appframework/http/request.php b/lib/private/appframework/http/request.php index a2109439177..b430673f9a9 100644 --- a/lib/private/appframework/http/request.php +++ b/lib/private/appframework/http/request.php @@ -9,6 +9,7 @@ * @author Thomas Müller <thomas.mueller@tmit.eu> * @author Thomas Tanghus <thomas@tanghus.net> * @author Vincent Petry <pvince81@owncloud.com> + * @author Robin McCorkell <rmccorkell@owncloud.com> * * @copyright Copyright (c) 2015, ownCloud, Inc. * @license AGPL-3.0 @@ -71,6 +72,9 @@ class Request implements \ArrayAccess, \Countable, IRequest { /** @var ICrypto */ protected $crypto; + /** @var bool */ + protected $contentDecoded = false; + /** * @param array $vars An associative array with the following optional values: * - array 'urlParams' the parameters which were matched from the URL @@ -109,27 +113,6 @@ class Request implements \ArrayAccess, \Countable, IRequest { : array(); } - // 'application/json' must be decoded manually. - if (strpos($this->getHeader('Content-Type'), 'application/json') !== false) { - $params = json_decode(file_get_contents($this->inputStream), true); - if(count($params) > 0) { - $this->items['params'] = $params; - if($vars['method'] === 'POST') { - $this->items['post'] = $params; - } - } - // Handle application/x-www-form-urlencoded for methods other than GET - // or post correctly - } elseif($vars['method'] !== 'GET' - && $vars['method'] !== 'POST' - && strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') !== false) { - - parse_str(file_get_contents($this->inputStream), $params); - if(is_array($params)) { - $this->items['params'] = $params; - } - } - $this->items['parameters'] = array_merge( $this->items['get'], $this->items['post'], @@ -237,24 +220,19 @@ class Request implements \ArrayAccess, \Countable, IRequest { if($this->method !== strtoupper($name)) { throw new \LogicException(sprintf('%s cannot be accessed in a %s request.', $name, $this->method)); } + return $this->getContent(); case 'files': case 'server': case 'env': case 'cookies': - case 'parameters': - case 'params': case 'urlParams': - if(in_array($name, array('put', 'patch'))) { - return $this->getContent(); - } else { - return isset($this->items[$name]) - ? $this->items[$name] - : null; - } - break; case 'method': - return $this->items['method']; - break; + return isset($this->items[$name]) + ? $this->items[$name] + : null; + case 'parameters': + case 'params': + return $this->getContent(); default; return isset($this[$name]) ? $this[$name] @@ -396,11 +374,48 @@ class Request implements \ArrayAccess, \Countable, IRequest { $this->content = false; return fopen($this->inputStream, 'rb'); } else { - return $this->parameters; + $this->decodeContent(); + return $this->items['parameters']; } } /** + * Attempt to decode the content and populate parameters + */ + protected function decodeContent() { + if ($this->contentDecoded) { + return; + } + $params = []; + + // 'application/json' must be decoded manually. + if (strpos($this->getHeader('Content-Type'), 'application/json') !== false) { + $params = json_decode(file_get_contents($this->inputStream), true); + if(count($params) > 0) { + $this->items['params'] = $params; + if($this->method === 'POST') { + $this->items['post'] = $params; + } + } + + // Handle application/x-www-form-urlencoded for methods other than GET + // or post correctly + } elseif($this->method !== 'GET' + && $this->method !== 'POST' + && strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') !== false) { + + parse_str(file_get_contents($this->inputStream), $params); + if(is_array($params)) { + $this->items['params'] = $params; + } + } + + $this->items['parameters'] = array_merge($this->items['parameters'], $params); + $this->contentDecoded = true; + } + + + /** * Checks if the CSRF check was correct * @return bool true if CSRF check passed * @see OC_Util::callRegister() |