switching to full JSON API without POST array use, ensure all JSON operations are done with error detection

2019-05-13 22:31:52 +02:00
parent be1e7babc0
commit cc1c55129f
14 changed files with 187 additions and 103 deletions
--- a/lib/Controller.php
+++ b/lib/Controller.php
@@ -154,6 +154,7 @@ class Controller
     * initialize PrivateBin
     *
     * @access private
+     * @throws Exception
     */
    private function _init()
    {
@@ -206,7 +207,6 @@ class Controller
            );
        }

-        // Ensure content is not too big.
        $data      = $this->_request->getData();
        $isComment = array_key_exists('pasteid', $data) &&
            !empty($data['pasteid']) &&
@@ -216,6 +216,7 @@ class Controller
            return $this->_return_message(1, 'Invalid data.');
        }
        $sizelimit = $this->_conf->getKey('sizelimit');
+        // Ensure content is not too big.
        if (strlen($data['ct']) > $sizelimit) {
            return $this->_return_message(
                1,
@@ -432,6 +433,6 @@ class Controller
            $result['url'] = $this->_urlBase . '?' . $message;
        }
        $result += $other;
-        $this->_json = json_encode($result);
+        $this->_json = Json::encode($result);
    }
 }
--- a/lib/Data/Database.php
+++ b/lib/Data/Database.php
@@ -16,6 +16,7 @@ use Exception;
 use PDO;
 use PDOException;
 use PrivateBin\Controller;
+use PrivateBin\Json;

 /**
 * Database
@@ -204,12 +205,12 @@ class Database extends AbstractData
            ' VALUES(?,?,?,?,?,?,?,?,?)',
            array(
                $pasteid,
-                $isVersion1 ? $paste['data'] : json_encode($paste),
+                $isVersion1 ? $paste['data'] : Json::encode($paste),
                $created,
                $expire_date,
                (int) $opendiscussion,
                (int) $burnafterreading,
-                json_encode($meta),
+                Json::encode($meta),
                $attachment,
                $attachmentname,
            )
@@ -239,7 +240,7 @@ class Database extends AbstractData
            return false;
        }
        // create array
-        $data       = json_decode($paste['data'], true);
+        $data       = Json::decode($paste['data']);
        $isVersion2 = array_key_exists('v', $data) && $data['v'] >= 2;
        if ($isVersion2) {
            self::$_cache[$pasteid] = $data;
@@ -249,7 +250,7 @@ class Database extends AbstractData
            list($createdKey)       = self::_getVersionedKeys(1);
        }

-        $paste['meta'] = json_decode($paste['meta'], true);
+        $paste['meta'] = Json::decode($paste['meta']);
        if (!is_array($paste['meta'])) {
            $paste['meta'] = array();
        }
@@ -338,7 +339,7 @@ class Database extends AbstractData
            $data    = $comment['data'];
        } else {
            $version = 2;
-            $data    = json_encode($comment);
+            $data    = Json::encode($comment);
        }
        list($createdKey, $iconKey) = self::_getVersionedKeys($version);
        $meta                       = $comment['meta'];
@@ -382,7 +383,7 @@ class Database extends AbstractData
        if (count($rows)) {
            foreach ($rows as $row) {
                $i    = $this->getOpenSlot($comments, (int) $row['postdate']);
-                $data = json_decode($row['data'], true);
+                $data = Json::decode($row['data']);
                if (array_key_exists('v', $data) && $data['v'] >= 2) {
                    $version      = 2;
                    $comments[$i] = $data;
--- a/lib/I18n.php
+++ b/lib/I18n.php
@@ -156,9 +156,8 @@ class I18n

        // load translations
        self::$_language     = $match;
-        self::$_translations = ($match == 'en') ? array() : json_decode(
-            file_get_contents(self::_getPath($match . '.json')),
-            true
+        self::$_translations = ($match == 'en') ? array() : Json::decode(
+            file_get_contents(self::_getPath($match . '.json'))
        );
    }

@@ -244,7 +243,7 @@ class I18n
    {
        $file = self::_getPath('languages.json');
        if (count(self::$_languageLabels) == 0 && is_readable($file)) {
-            self::$_languageLabels = json_decode(file_get_contents($file), true);
+            self::$_languageLabels = Json::decode(file_get_contents($file));
        }
        if (count($languages) == 0) {
            return self::$_languageLabels;
--- a/lib/Json.php
+++ b/lib/Json.php
@@ -33,9 +33,39 @@ class Json
    public static function encode($input)
    {
        $jsonString = json_encode($input);
+        self::_detectError();
+        return $jsonString;
+    }
+
+    /**
+     * Returns an array with the contents as described in the given JSON input
+     *
+     * @access public
+     * @static
+     * @param  string $input
+     * @throws Exception
+     * @return array
+     */
+    public static function decode($input)
+    {
+        $array = json_decode($input, true);
+        self::_detectError();
+        return $array;
+    }
+
+    /**
+     * Detects JSON errors and raises an exception if one is found
+     *
+     * @access private
+     * @static
+     * @throws Exception
+     * @return void
+     */
+    private static function _detectError()
+    {
        $errorCode  = json_last_error();
        if ($errorCode === JSON_ERROR_NONE) {
-            return $jsonString;
+            return;
        }

        $message = 'A JSON error occurred';
--- a/lib/Model/Paste.php
+++ b/lib/Model/Paste.php
@@ -98,7 +98,7 @@ class Paste extends AbstractModel
        if (
            $this->_store->create(
                $this->getId(),
-                json_decode(json_encode($this->_data), true)
+                $this->_data
            ) === false
        ) {
            throw new Exception('Error saving paste. Sorry.', 76);
--- a/lib/Persistence/DataStore.php
+++ b/lib/Persistence/DataStore.php
@@ -45,7 +45,10 @@ class DataStore extends AbstractPersistence
            $filename = substr($filename, strlen($path));
        }
        try {
-            self::_store($filename, self::PROTECTION_LINE . PHP_EOL . Json::encode($data));
+            self::_store(
+                $filename,
+                self::PROTECTION_LINE . PHP_EOL . Json::encode($data)
+            );
            return true;
        } catch (Exception $e) {
            return false;
@@ -62,7 +65,12 @@ class DataStore extends AbstractPersistence
     */
    public static function get($filename)
    {
-        return json_decode(substr(file_get_contents($filename), strlen(self::PROTECTION_LINE . PHP_EOL)), true);
+        return Json::decode(
+            substr(
+                file_get_contents($filename),
+                strlen(self::PROTECTION_LINE . PHP_EOL)
+            )
+        );
    }

    /**
--- a/lib/Request.php
+++ b/lib/Request.php
@@ -107,10 +107,10 @@ class Request
        switch (array_key_exists('REQUEST_METHOD', $_SERVER) ? $_SERVER['REQUEST_METHOD'] : 'GET') {
            case 'DELETE':
            case 'PUT':
-                parse_str(file_get_contents(self::$_inputStream), $this->_params);
-                break;
            case 'POST':
-                $this->_params = $_POST;
+                $this->_params = Json::decode(
+                    file_get_contents(self::$_inputStream)
+                );
                break;
            default:
                $this->_params = $_GET;
@@ -161,15 +161,15 @@ class Request
    public function getData()
    {
        $data = array(
-            'adata' => json_decode($this->getParam('adata', '[]'), true),
+            'adata' => $this->getParam('adata', array()),
        );
        $required_keys = array('v', 'ct');
-        $meta          = $this->getParam('meta');
+        $meta          = $this->getParam('meta', array());
        if (empty($meta)) {
            $required_keys[] = 'pasteid';
            $required_keys[] = 'parentid';
        } else {
-            $data['meta'] = json_decode($meta, true);
+            $data['meta'] = $meta;
        }
        foreach ($required_keys as $key) {
            $data[$key] = $this->getParam($key);