From cb4fe38d415de5d188dd8ca28e31e36183671391 Mon Sep 17 00:00:00 2001 From: woodong Date: Mon, 4 Dec 2023 14:58:33 +0800 Subject: [PATCH 1/2] fix: Handle non-array JSON in validation --- system/HTTP/Exceptions/HTTPException.php | 11 +++++++++++ system/Language/en/HTTP.php | 1 + system/Validation/Validation.php | 5 +++++ tests/system/Validation/ValidationTest.php | 19 +++++++++++++++++++ 4 files changed, 36 insertions(+) diff --git a/system/HTTP/Exceptions/HTTPException.php b/system/HTTP/Exceptions/HTTPException.php index 32f9ceabd662..3fcfe73fa674 100644 --- a/system/HTTP/Exceptions/HTTPException.php +++ b/system/HTTP/Exceptions/HTTPException.php @@ -228,4 +228,15 @@ public static function forInvalidSameSiteSetting(string $samesite) { return new static(lang('Security.invalidSameSiteSetting', [$samesite])); } + + /** + * Thrown when the JSON format is not supported. + * This is specifically for cases where data validation is expected to work with key-value structures. + * + * @return HTTPException + */ + public static function forUnsupportedJSONFormat() + { + return new static(lang('HTTP.unsupportedJSONFormat')); + } } diff --git a/system/Language/en/HTTP.php b/system/Language/en/HTTP.php index e9082f85d185..ee5ca4f81f46 100644 --- a/system/Language/en/HTTP.php +++ b/system/Language/en/HTTP.php @@ -20,6 +20,7 @@ // IncomingRequest 'invalidNegotiationType' => '"{0}" is not a valid negotiation type. Must be one of: media, charset, encoding, language.', 'invalidJSON' => 'Failed to parse JSON string. Error: {0}', + 'unsupportedJSONFormat' => 'The provided JSON format is not supported.', // Message 'invalidHTTPProtocol' => 'Invalid HTTP Protocol Version: {0}', diff --git a/system/Validation/Validation.php b/system/Validation/Validation.php index b1612481b97b..f9bcc61bb511 100644 --- a/system/Validation/Validation.php +++ b/system/Validation/Validation.php @@ -12,6 +12,7 @@ namespace CodeIgniter\Validation; use Closure; +use CodeIgniter\HTTP\Exceptions\HTTPException; use CodeIgniter\HTTP\IncomingRequest; use CodeIgniter\HTTP\RequestInterface; use CodeIgniter\Validation\Exceptions\ValidationException; @@ -496,6 +497,10 @@ public function withRequest(RequestInterface $request): ValidationInterface if (strpos($request->getHeaderLine('Content-Type'), 'application/json') !== false) { $this->data = $request->getJSON(true); + if (! is_array($this->data)) { + throw HTTPException::forUnsupportedJSONFormat(); + } + return $this; } diff --git a/tests/system/Validation/ValidationTest.php b/tests/system/Validation/ValidationTest.php index 889338a09f41..f7f87549087a 100644 --- a/tests/system/Validation/ValidationTest.php +++ b/tests/system/Validation/ValidationTest.php @@ -809,6 +809,25 @@ public function testJsonInputInvalid(): void ->run(); } + public function testJsonInputNotKeyValue(): void + { + $this->expectException(HTTPException::class); + $this->expectExceptionMessage('The provided JSON format is not supported.'); + + $config = new App(); + $json = '4'; + $request = new IncomingRequest($config, new SiteURI($config), $json, new UserAgent()); + $request->setHeader('Content-Type', 'application/json'); + + $rules = [ + 'role' => 'if_exist|max_length[5]', + ]; + $this->validation + ->withRequest($request->withMethod('POST')) + ->setRules($rules) + ->run(); + } + /** * @see https://github.com/codeigniter4/CodeIgniter4/issues/6466 */ From e5c923e7e4e64a5d707afb5558456e09c33cfb97 Mon Sep 17 00:00:00 2001 From: woodong Date: Mon, 4 Dec 2023 15:00:50 +0800 Subject: [PATCH 2/2] docs: add changelog --- user_guide_src/source/changelogs/v4.4.4.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/user_guide_src/source/changelogs/v4.4.4.rst b/user_guide_src/source/changelogs/v4.4.4.rst index 7ee96a53556f..ee2e41cb6135 100644 --- a/user_guide_src/source/changelogs/v4.4.4.rst +++ b/user_guide_src/source/changelogs/v4.4.4.rst @@ -38,6 +38,7 @@ Message Changes *************** - Added ``HTTP.invalidJSON`` error message. +- Added ``HTTP.unsupportedJSONFormat`` error message. ******* Changes