From e60c4bada151d9c3e0e3ebadf25b1c7d15a88aef Mon Sep 17 00:00:00 2001 From: Robin McCorkell Date: Sat, 29 Aug 2015 15:46:10 +0100 Subject: [PATCH] Decode request content only on getContent --- lib/private/appframework/http/request.php | 83 +++++++++++++---------- 1 file changed, 49 insertions(+), 34 deletions(-) diff --git a/lib/private/appframework/http/request.php b/lib/private/appframework/http/request.php index a210943917..b430673f9a 100644 --- a/lib/private/appframework/http/request.php +++ b/lib/private/appframework/http/request.php @@ -9,6 +9,7 @@ * @author Thomas Müller * @author Thomas Tanghus * @author Vincent Petry + * @author Robin McCorkell * * @copyright Copyright (c) 2015, ownCloud, Inc. * @license AGPL-3.0 @@ -71,6 +72,9 @@ class Request implements \ArrayAccess, \Countable, IRequest { /** @var ICrypto */ protected $crypto; + /** @var bool */ + protected $contentDecoded = false; + /** * @param array $vars An associative array with the following optional values: * - array 'urlParams' the parameters which were matched from the URL @@ -109,27 +113,6 @@ class Request implements \ArrayAccess, \Countable, IRequest { : array(); } - // 'application/json' must be decoded manually. - if (strpos($this->getHeader('Content-Type'), 'application/json') !== false) { - $params = json_decode(file_get_contents($this->inputStream), true); - if(count($params) > 0) { - $this->items['params'] = $params; - if($vars['method'] === 'POST') { - $this->items['post'] = $params; - } - } - // Handle application/x-www-form-urlencoded for methods other than GET - // or post correctly - } elseif($vars['method'] !== 'GET' - && $vars['method'] !== 'POST' - && strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') !== false) { - - parse_str(file_get_contents($this->inputStream), $params); - if(is_array($params)) { - $this->items['params'] = $params; - } - } - $this->items['parameters'] = array_merge( $this->items['get'], $this->items['post'], @@ -237,24 +220,19 @@ class Request implements \ArrayAccess, \Countable, IRequest { if($this->method !== strtoupper($name)) { throw new \LogicException(sprintf('%s cannot be accessed in a %s request.', $name, $this->method)); } + return $this->getContent(); case 'files': case 'server': case 'env': case 'cookies': + case 'urlParams': + case 'method': + return isset($this->items[$name]) + ? $this->items[$name] + : null; case 'parameters': case 'params': - case 'urlParams': - if(in_array($name, array('put', 'patch'))) { - return $this->getContent(); - } else { - return isset($this->items[$name]) - ? $this->items[$name] - : null; - } - break; - case 'method': - return $this->items['method']; - break; + return $this->getContent(); default; return isset($this[$name]) ? $this[$name] @@ -396,10 +374,47 @@ class Request implements \ArrayAccess, \Countable, IRequest { $this->content = false; return fopen($this->inputStream, 'rb'); } else { - return $this->parameters; + $this->decodeContent(); + return $this->items['parameters']; } } + /** + * Attempt to decode the content and populate parameters + */ + protected function decodeContent() { + if ($this->contentDecoded) { + return; + } + $params = []; + + // 'application/json' must be decoded manually. + if (strpos($this->getHeader('Content-Type'), 'application/json') !== false) { + $params = json_decode(file_get_contents($this->inputStream), true); + if(count($params) > 0) { + $this->items['params'] = $params; + if($this->method === 'POST') { + $this->items['post'] = $params; + } + } + + // Handle application/x-www-form-urlencoded for methods other than GET + // or post correctly + } elseif($this->method !== 'GET' + && $this->method !== 'POST' + && strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') !== false) { + + parse_str(file_get_contents($this->inputStream), $params); + if(is_array($params)) { + $this->items['params'] = $params; + } + } + + $this->items['parameters'] = array_merge($this->items['parameters'], $params); + $this->contentDecoded = true; + } + + /** * Checks if the CSRF check was correct * @return bool true if CSRF check passed