[Pkg-owncloud-commits] [owncloud] 05/32: Correctly process request parameters other than GET or POST, dont use globals in the class but inject it

David Prévot taffit at moszumanska.debian.org
Wed Apr 23 18:58:59 UTC 2014 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository owncloud.

commit 22485fe743e5c8da674ff92f812b762b822a03ac
Author: Bernhard Posselt <dev at bernhard-posselt.com>
Date:   Sat Apr 12 15:02:19 2014 +0200

    Correctly process request parameters other than GET or POST, dont use globals in the class but inject it
---
 lib/private/appframework/http/request.php | 80 ++++++++++++-------------------
 lib/private/server.php                    |  9 +++-
 2 files changed, 39 insertions(+), 50 deletions(-)

diff --git a/lib/private/appframework/http/request.php b/lib/private/appframework/http/request.php
index 3e1f4ff..5f43ece 100644
--- a/lib/private/appframework/http/request.php
+++ b/lib/private/appframework/http/request.php
@@ -60,7 +60,10 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 	 * @param string|false 'requesttoken' the requesttoken or false when not available
 	 * @see http://www.php.net/manual/en/reserved.variables.php
 	 */
-	public function __construct(array $vars=array()) {
+	public function __construct(array $vars=array(), $stream='php://input') {
+
+		$this->inputStream = $stream;
+		$this->items['params'] = array();
 
 		foreach($this->allowedKeys as $name) {
 			$this->items[$name] = isset($vars[$name])
@@ -68,25 +71,29 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 				: array();
 		}
 
-		if (defined('PHPUNIT_RUN') && PHPUNIT_RUN
-			&& in_array('fakeinput', stream_get_wrappers())) {
-			$this->inputStream = 'fakeinput://data';
-		} else {
-			$this->inputStream = 'php://input';
-		}
-
-		// Only 'application/x-www-form-urlencoded' requests are automatically
-		// transformed by PHP, 'application/json' must be decoded manually.
-		if ($this->method === 'POST'
-			&& strpos($this->getHeader('Content-Type'), 'application/json') !== false
-		) {
-			$this->items['params'] = $this->items['post'] = json_decode(file_get_contents($this->inputStream), true);
-		}
+		// 'application/json' must be decoded manually.
+		if (strpos($this->getHeader('Content-Type'), 'application/json') !== false) {
+			$params = json_decode(file_get_contents($this->inputStream), true);
+			if(count($params) > 0) {
+				$this->items['params'] = $params;
+			}
+		// Handle application/x-www-form-urlencoded for methods other than GET
+		// or post correctly
+		} elseif($vars['method'] !== 'GET'
+				&& $vars['method'] !== 'POST'
+				&& strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') !== false) {
+			
+			parse_str(file_get_contents($this->inputStream), $params);
+			if(is_array($params)) {
+				$this->items['params'] = $params;
+			}
+		} 
 
 		$this->items['parameters'] = array_merge(
 			$this->items['get'],
 			$this->items['post'],
-			$this->items['urlParams']
+			$this->items['urlParams'],
+			$this->items['params']
 		);
 
 	}
@@ -313,47 +320,22 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 	 * @throws \LogicException
 	 */
 	protected function getContent() {
-		if ($this->content === false && $this->method === 'PUT') {
-			throw new \LogicException(
-				'"put" can only be accessed once if not '
-				. 'application/x-www-form-urlencoded or application/json.'
-			);
-		}
-
 		// If the content can't be parsed into an array then return a stream resource.
 		if ($this->method === 'PUT'
 			&& strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') === false
 			&& strpos($this->getHeader('Content-Type'), 'application/json') === false
 		) {
+			if ($this->content === false) {
+				throw new \LogicException(
+					'"put" can only be accessed once if not '
+					. 'application/x-www-form-urlencoded or application/json.'
+				);
+			}
 			$this->content = false;
 			return fopen($this->inputStream, 'rb');
+		} else {
+			return $this->parameters;
 		}
-
-		if (is_null($this->content)) {
-			$this->content = file_get_contents($this->inputStream);
-
-			/*
-			* Normal jquery ajax requests are sent as application/x-www-form-urlencoded
-			* and in $_GET and $_POST PHP transformes the data into an array.
-			* The first condition mimics this.
-			* The second condition allows for sending raw application/json data while
-			* still getting the result as an array.
-			*
-			*/
-			if (strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') !== false) {
-				parse_str($this->content, $content);
-				if(is_array($content)) {
-					$this->content = $content;
-				}
-			} elseif (strpos($this->getHeader('Content-Type'), 'application/json') !== false) {
-				$content = json_decode($this->content, true);
-				if(is_array($content)) {
-					$this->content = $content;
-				}
-			}
-		}
-
-		return $this->content;
 	}
 
 	/**
diff --git a/lib/private/server.php b/lib/private/server.php
index bee70de..dc5658e 100644
--- a/lib/private/server.php
+++ b/lib/private/server.php
@@ -35,6 +35,13 @@ class Server extends SimpleContainer implements IServerContainer {
 				$requesttoken = false;
 			}
 
+			if (defined('PHPUNIT_RUN') && PHPUNIT_RUN
+			&& in_array('fakeinput', stream_get_wrappers())) {
+				$stream = 'fakeinput://data';
+			} else {
+				$stream = 'php://input';
+			}
+
 			return new Request(
 				array(
 					'get' => $_GET,
@@ -48,7 +55,7 @@ class Server extends SimpleContainer implements IServerContainer {
 						: null,
 					'urlParams' => $urlParams,
 					'requesttoken' => $requesttoken,
-				)
+				), $stream
 			);
 		});
 		$this->registerService('PreviewManager', function($c) {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

More information about the Pkg-owncloud-commits mailing list