wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Decode request content only on getContent

Browse source
This commit is contained in:
Robin McCorkell 2015-08-29 15:46:10 +01:00
parent 84bb9be4b7
commit e60c4bada1
1 changed files with 49 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

83
lib/private/appframework/http/request.php
View file

@ -9,6 +9,7 @@
* @author Thomas Müller <thomas.mueller@tmit.eu>
* @author Thomas Tanghus <thomas@tanghus.net>
* @author Vincent Petry <pvince81@owncloud.com>
* @author Robin McCorkell <rmccorkell@owncloud.com>
*
* @copyright Copyright (c) 2015, ownCloud, Inc.
* @license AGPL-3.0
@ -71,6 +72,9 @@ class Request implements \ArrayAccess, \Countable, IRequest {
/** @var ICrypto */
protected $crypto;
/** @var bool */
protected $contentDecoded = false;
/**
* @param array $vars An associative array with the following optional values:
* - array 'urlParams' the parameters which were matched from the URL
@ -109,27 +113,6 @@ class Request implements \ArrayAccess, \Countable, IRequest {
: array();
}
// 'application/json' must be decoded manually.
if (strpos($this->getHeader('Content-Type'), 'application/json') !== false) {
$params = json_decode(file_get_contents($this->inputStream), true);
if(count($params) > 0) {
$this->items['params'] = $params;
if($vars['method'] === 'POST') {
$this->items['post'] = $params;
}
}
// Handle application/x-www-form-urlencoded for methods other than GET
// or post correctly
} elseif($vars['method'] !== 'GET'
&& $vars['method'] !== 'POST'
&& strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') !== false) {
parse_str(file_get_contents($this->inputStream), $params);
if(is_array($params)) {
$this->items['params'] = $params;
}
}
$this->items['parameters'] = array_merge(
$this->items['get'],
$this->items['post'],
@ -237,24 +220,19 @@ class Request implements \ArrayAccess, \Countable, IRequest {
if($this->method !== strtoupper($name)) {
throw new \LogicException(sprintf('%s cannot be accessed in a %s request.', $name, $this->method));
}
return $this->getContent();
case 'files':
case 'server':
case 'env':
case 'cookies':
case 'urlParams':
case 'method':
return isset($this->items[$name])
? $this->items[$name]
: null;
case 'parameters':
case 'params':
case 'urlParams':
if(in_array($name, array('put', 'patch'))) {
return $this->getContent();
} else {
return isset($this->items[$name])
? $this->items[$name]
: null;
}
break;
case 'method':
return $this->items['method'];
break;
return $this->getContent();
default;
return isset($this[$name])
? $this[$name]
@ -396,10 +374,47 @@ class Request implements \ArrayAccess, \Countable, IRequest {
$this->content = false;
return fopen($this->inputStream, 'rb');
} else {
return $this->parameters;
$this->decodeContent();
return $this->items['parameters'];
}
}
/**
* Attempt to decode the content and populate parameters
*/
protected function decodeContent() {
if ($this->contentDecoded) {
return;
}
$params = [];
// 'application/json' must be decoded manually.
if (strpos($this->getHeader('Content-Type'), 'application/json') !== false) {
$params = json_decode(file_get_contents($this->inputStream), true);
if(count($params) > 0) {
$this->items['params'] = $params;
if($this->method === 'POST') {
$this->items['post'] = $params;
}
}
// Handle application/x-www-form-urlencoded for methods other than GET
// or post correctly
} elseif($this->method !== 'GET'
&& $this->method !== 'POST'
&& strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') !== false) {
parse_str(file_get_contents($this->inputStream), $params);
if(is_array($params)) {
$this->items['params'] = $params;
}
}
$this->items['parameters'] = array_merge($this->items['parameters'], $params);
$this->contentDecoded = true;
}
/**
* Checks if the CSRF check was correct
* @return bool true if CSRF check passed