From 81f2857f340464d996caf454bb38e27a7fb970c1 Mon Sep 17 00:00:00 2001 From: Artur Neumann Date: Thu, 15 Dec 2022 13:06:02 +0545 Subject: check if params given to API are really an array Signed-off-by: Artur Neumann --- lib/private/AppFramework/Http/Request.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib/private/AppFramework/Http') diff --git a/lib/private/AppFramework/Http/Request.php b/lib/private/AppFramework/Http/Request.php index 496a845dd4a..286187c696c 100644 --- a/lib/private/AppFramework/Http/Request.php +++ b/lib/private/AppFramework/Http/Request.php @@ -431,13 +431,12 @@ class Request implements \ArrayAccess, \Countable, IRequest { // 'application/json' must be decoded manually. if (strpos($this->getHeader('Content-Type'), 'application/json') !== false) { $params = json_decode(file_get_contents($this->inputStream), true); - if ($params !== null && \count($params) > 0) { + if (\is_array($params) && \count($params) > 0) { $this->items['params'] = $params; if ($this->method === 'POST') { $this->items['post'] = $params; } } - // Handle application/x-www-form-urlencoded for methods other than GET // or post correctly } elseif ($this->method !== 'GET' -- cgit v1.2.3 From b6dd1a1d7b5a5eb8c5af4b1b793b06a1725bb53a Mon Sep 17 00:00:00 2001 From: Christoph Wurst Date: Thu, 15 Dec 2022 09:33:52 +0100 Subject: fix(app framework): Fix missing cast of double controller parameters ``settype`` allows 'double' as alias of 'float'. Signed-off-by: Christoph Wurst --- lib/private/AppFramework/Http/Dispatcher.php | 2 +- tests/lib/AppFramework/Http/DispatcherTest.php | 21 ++++++++++++++------- 2 files changed, 15 insertions(+), 8 deletions(-) (limited to 'lib/private/AppFramework/Http') diff --git a/lib/private/AppFramework/Http/Dispatcher.php b/lib/private/AppFramework/Http/Dispatcher.php index c1a203a7165..aaaf2ba6560 100644 --- a/lib/private/AppFramework/Http/Dispatcher.php +++ b/lib/private/AppFramework/Http/Dispatcher.php @@ -194,7 +194,7 @@ class Dispatcher { $arguments = []; // valid types that will be casted - $types = ['int', 'integer', 'bool', 'boolean', 'float']; + $types = ['int', 'integer', 'bool', 'boolean', 'float', 'double']; foreach ($this->reflector->getParameters() as $param => $default) { diff --git a/tests/lib/AppFramework/Http/DispatcherTest.php b/tests/lib/AppFramework/Http/DispatcherTest.php index 8f591f26e58..016bd7efb58 100644 --- a/tests/lib/AppFramework/Http/DispatcherTest.php +++ b/tests/lib/AppFramework/Http/DispatcherTest.php @@ -51,11 +51,12 @@ class TestController extends Controller { /** * @param int $int * @param bool $bool + * @param double $foo * @param int $test - * @param int $test2 + * @param integer $test2 * @return array */ - public function exec($int, $bool, $test = 4, $test2 = 1) { + public function exec($int, $bool, $foo, $test = 4, $test2 = 1) { $this->registerResponder('text', function ($in) { return new JSONResponse(['text' => $in]); }); @@ -315,7 +316,8 @@ class DispatcherTest extends \Test\TestCase { [ 'post' => [ 'int' => '3', - 'bool' => 'false' + 'bool' => 'false', + 'double' => 1.2, ], 'method' => 'POST' ], @@ -346,6 +348,7 @@ class DispatcherTest extends \Test\TestCase { 'post' => [ 'int' => '3', 'bool' => 'false', + 'double' => 1.2, 'test2' => 7 ], 'method' => 'POST', @@ -377,7 +380,8 @@ class DispatcherTest extends \Test\TestCase { [ 'post' => [ 'int' => '3', - 'bool' => 'false' + 'bool' => 'false', + 'double' => 1.2, ], 'urlParams' => [ 'format' => 'text' @@ -410,7 +414,8 @@ class DispatcherTest extends \Test\TestCase { [ 'post' => [ 'int' => '3', - 'bool' => 'false' + 'bool' => 'false', + 'double' => 1.2, ], 'urlParams' => [ 'format' => 'json' @@ -443,7 +448,8 @@ class DispatcherTest extends \Test\TestCase { [ 'post' => [ 'int' => '3', - 'bool' => 'false' + 'bool' => 'false', + 'double' => 1.2, ], 'server' => [ 'HTTP_ACCEPT' => 'application/text, test', @@ -477,7 +483,8 @@ class DispatcherTest extends \Test\TestCase { [ 'post' => [ 'int' => '3', - 'bool' => 'false' + 'bool' => 'false', + 'double' => 1.2, ], 'get' => [ 'format' => 'text' -- cgit v1.2.3