Merge pull request #18703 from owncloud/request-fix-stable8.1

[stable8.1] Decode request content only on getContent
author: Morris Jobke <hey@morrisjobke.de> 2015-09-15 09:17:13 +0200
committer: Morris Jobke <hey@morrisjobke.de> 2015-09-15 09:17:13 +0200
commit: 63e07b0525bdfec34403a0f3ca4295031004abfd (patch)
tree: a802863d7f9a65001703e7d5b142165fdb137770 /lib
parent: 690a4597e3755a84cd1f67268f68e186ee3c1f42 (diff)
parent: 0dfa839582a31ea6768c5fd35706a25167ddca4f (diff)
download: nextcloud-server-63e07b0525bdfec34403a0f3ca4295031004abfd.tar.gz
nextcloud-server-63e07b0525bdfec34403a0f3ca4295031004abfd.zip
1 files changed, 49 insertions, 34 deletions
diff --git a/lib/private/appframework/http/request.php b/lib/private/appframework/http/request.php
index d3ebcfc6925..5ca466d4734 100644
--- a/lib/private/appframework/http/request.php
+++ b/lib/private/appframework/http/request.php
@@ -9,6 +9,7 @@
  * @author Thomas Müller <thomas.mueller@tmit.eu>
  * @author Thomas Tanghus <thomas@tanghus.net>
  * @author Vincent Petry <pvince81@owncloud.com>
+ * @author Robin McCorkell <rmccorkell@owncloud.com>
  *
  * @copyright Copyright (c) 2015, ownCloud, Inc.
  * @license AGPL-3.0
@@ -68,6 +69,9 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 	/** @var string */
 	protected $requestId = '';
 
+	/** @var bool */
+	protected $contentDecoded = false;
+
 	/**
 	 * @param array $vars An associative array with the following optional values:
 	 *        - array 'urlParams' the parameters which were matched from the URL
@@ -103,27 +107,6 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 				: array();
 		}
 
-		// 'application/json' must be decoded manually.
-		if (strpos($this->getHeader('Content-Type'), 'application/json') !== false) {
-			$params = json_decode(file_get_contents($this->inputStream), true);
-			if(count($params) > 0) {
-				$this->items['params'] = $params;
-				if($vars['method'] === 'POST') {
-					$this->items['post'] = $params;
-				}
-			}
-		// Handle application/x-www-form-urlencoded for methods other than GET
-		// or post correctly
-		} elseif($vars['method'] !== 'GET'
-				&& $vars['method'] !== 'POST'
-				&& strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') !== false) {
-
-			parse_str(file_get_contents($this->inputStream), $params);
-			if(is_array($params)) {
-				$this->items['params'] = $params;
-			}
-		}
-
 		$this->items['parameters'] = array_merge(
 			$this->items['get'],
 			$this->items['post'],
@@ -231,24 +214,19 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 				if($this->method !== strtoupper($name)) {
 					throw new \LogicException(sprintf('%s cannot be accessed in a %s request.', $name, $this->method));
 				}
+				return $this->getContent();
 			case 'files':
 			case 'server':
 			case 'env':
 			case 'cookies':
-			case 'parameters':
-			case 'params':
 			case 'urlParams':
-				if(in_array($name, array('put', 'patch'))) {
-					return $this->getContent();
-				} else {
-					return isset($this->items[$name])
-						? $this->items[$name]
-						: null;
-				}
-				break;
 			case 'method':
-				return $this->items['method'];
-				break;
+				return isset($this->items[$name])
+					? $this->items[$name]
+					: null;
+			case 'parameters':
+			case 'params':
+				return $this->getContent();
 			default;
 				return isset($this[$name])
 					? $this[$name]
@@ -390,11 +368,48 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 			$this->content = false;
 			return fopen($this->inputStream, 'rb');
 		} else {
-			return $this->parameters;
+			$this->decodeContent();
+			return $this->items['parameters'];
 		}
 	}
 
 	/**
+	 * Attempt to decode the content and populate parameters
+	 */
+	protected function decodeContent() {
+		if ($this->contentDecoded) {
+			return;
+		}
+		$params = [];
+
+		// 'application/json' must be decoded manually.
+		if (strpos($this->getHeader('Content-Type'), 'application/json') !== false) {
+			$params = json_decode(file_get_contents($this->inputStream), true);
+			if(count($params) > 0) {
+				$this->items['params'] = $params;
+				if($this->method === 'POST') {
+					$this->items['post'] = $params;
+				}
+			}
+
+		// Handle application/x-www-form-urlencoded for methods other than GET
+		// or post correctly
+		} elseif($this->method !== 'GET'
+				&& $this->method !== 'POST'
+				&& strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') !== false) {
+
+			parse_str(file_get_contents($this->inputStream), $params);
+			if(is_array($params)) {
+				$this->items['params'] = $params;
+			}
+		}
+
+		$this->items['parameters'] = array_merge($this->items['parameters'], $params);
+		$this->contentDecoded = true;
+	}
+
+
+	/**
 	 * Checks if the CSRF check was correct
 	 * @return bool true if CSRF check passed
 	 * @see OC_Util::callRegister()
author	Morris Jobke <hey@morrisjobke.de>	2015-09-15 09:17:13 +0200
committer	Morris Jobke <hey@morrisjobke.de>	2015-09-15 09:17:13 +0200
commit	63e07b0525bdfec34403a0f3ca4295031004abfd (patch)
tree	a802863d7f9a65001703e7d5b142165fdb137770 /lib
parent	690a4597e3755a84cd1f67268f68e186ee3c1f42 (diff)
parent	0dfa839582a31ea6768c5fd35706a25167ddca4f (diff)
download	nextcloud-server-63e07b0525bdfec34403a0f3ca4295031004abfd.tar.gz nextcloud-server-63e07b0525bdfec34403a0f3ca4295031004abfd.zip