use JSON for ajax

CONTRIBUTING.md

@@ -16,6 +16,8 @@
   This will enforce conditions even in production.
 - No code should call `json_encode()`, instead `\jsonEncode()`.
   This will throw errors and escape slashes by default.
+- No code should call `json_decode()`, instead `\jsonDecode()`.
+  This will throw an exception rather than returning `null`.
 - No code should call `mb_convert_encoding()`, instead `\mbConvertEncoding()`.
   This will throw an exception rather than returning `false`.
 - No code should call `mb_detect_encoding()`, instead `\mbDetectEncoding()`.

resources/lib/UnityGithub.php

@@ -18,7 +18,7 @@ public function getSshPublicKeys(string $username): array
         if ($curl_output === false) {
             throw new CurlException(curl_error($curl));
         }
-        $keys = json_decode($curl_output, false);
+        $keys = jsonDecode($curl_output, false);
         curl_close($curl);
 
         // normally returns array of objects each with a ->key attribute

resources/lib/utils.php

@@ -30,6 +30,15 @@ function jsonEncode(mixed $value, int $flags = 0, int $depth = 512): string
     return json_encode($value, $flags, $depth);
 }
 
+function jsonDecode(...$args): mixed
+{
+    $output = json_decode(...$args);
+    if ($output === null) {
+        throw new Exception("json_decode returned null");
+    }
+    return $output;
+}
+
 function mbConvertEncoding(
     string $string,
     string $to_encoding,

test/assert-utils-used.bash

@@ -8,6 +8,7 @@ fi
 declare -A utils=(
     ["assert"]="ensure"
     ["json_encode"]="jsonEncode"
+    ["json_decode"]="jsonDecode"
     ["mb_detect_encoding"]="mbDetectEncoding"
     ["mb_convert_encoding"]="mbConvertEncoding"
     ["intval"]="str2int"

test/unit/AjaxSshValidateTest.php

@@ -24,11 +24,8 @@ public function testSshValidate(bool $is_valid, string $pubkey)
         $_POST["key"] = $pubkey;
         ob_start();
         include __DIR__ . "/../../webroot/js/ajax/ssh_validate.php";
-        $output = ob_get_clean();
-        if ($is_valid) {
-            $this->assertEquals("true", $output);
-        } else {
-            $this->assertEquals("false", $output);
-        }
+        $output_str = ob_get_clean();
+        $output = jsonDecode($output_str, true);
+        $this->assertEquals($is_valid, $output["is_valid"]);
     }
 }

webroot/admin/ajax/get_page_contents.php

@@ -10,4 +10,5 @@
 
 $pageid = UnityHTTPD::getQueryParameter("pageid");
 $page = $SQL->getPage($pageid);
-echo $page["content"];
+header('Content-Type: application/json; charset=utf-8');
+echo jsonEncode(["content" => $page["content"]]);

webroot/admin/content.php

@@ -57,8 +57,9 @@
     $("#pageForm > select[name=pageSel]").change(function(e) {
         $.ajax({
             url: `${url}?pageid=` + $(this).val(),
+            dataType: "json",
             success: function(result) {
-            mainEditor.setData(result);
+                mainEditor.setData(result.content);
         }});
     });
 

webroot/js/ajax/ssh_generate.php

@@ -5,20 +5,13 @@
 use phpseclib3\Crypt\EC;
 use UnityWebPortal\lib\UnityHTTPD;
 
-echo "<pre>";
-
 $private = EC::createKey('Ed25519');
 $public = $private->getPublicKey();
-
-echo "<section class='pubKey'>";
-echo $public->toString('OpenSSH');
-echo "</section>";
-echo "<section class='privKey'>";
+$public_str = $public->toString('OpenSSH');
 if (UnityHTTPD::getQueryParameter("type", false) == "ppk") {
-    echo $private->toString('PuTTY');
+    $private_str = $private->toString('PuTTY');
 } else {
-    echo $private->toString('OpenSSH');
+    $private_str = $private->toString('OpenSSH');
 }
-echo "</section>";
-
-echo "</pre>";
+header('Content-Type: application/json; charset=utf-8');
+echo jsonEncode(["public" => $public_str, "private" => $private_str]);

webroot/js/ajax/ssh_validate.php

@@ -2,5 +2,9 @@
 
 require_once __DIR__ . "/../../../vendor/autoload.php";
 require_once __DIR__ . "/../../../resources/lib/utils.php";
+require_once __DIR__ . "/../../../resources/lib/UnityHTTPD.php";
 
-echo testValidSSHKey($_POST["key"]) ? "true" : "false";
+use UnityWebPortal\lib\UnityHTTPD;
+
+header('Content-Type: application/json; charset=utf-8');
+echo jsonEncode(["is_valid" => testValidSSHKey(UnityHTTPD::getPostData("key"))]);

webroot/panel/modal/new_key.php

@@ -69,21 +69,12 @@
     });
 
     function generateKey(type) {
-        var pubSection = "<section class='pubKey'>";
-        var privSection = "<section class='privKey'>";
-        var endingSection = "</section>";
-
         $.ajax({
             url: "<?php echo getURL("js/ajax/ssh_generate.php"); ?>?type=" + type,
+            dataType: "json",
             success: function(result) {
-                var pubKey = result.substr(result.indexOf(pubSection) + pubSection.length,
-                result.indexOf(endingSection) - result.indexOf(pubSection) - pubSection.length);
-                var privKey = result.substr(result.indexOf(privSection) + privSection.length,
-                result.indexOf(endingSection, result.indexOf(endingSection) + 1) -
-                result.indexOf(privSection) - privSection.length);
-                $("input[type=hidden][name=gen_key]").val(pubKey);
-                downloadFile(privKey, "privkey." + type); // Force download of private key
-
+                $("input[type=hidden][name=gen_key]").val(result.public);
+                downloadFile(result.private, "privkey." + type); // Force download of private key
                 $("#newKeyform").submit();
             }
         });
@@ -104,13 +95,13 @@ function generateKey(type) {
         var key = $(this).val();
         $.ajax({
             url: "<?php echo getURL("js/ajax/ssh_validate.php"); ?>",
+            dataType: "json",
             type: "POST",
             data: {
                 key: key
             },
             success: function(result) {
-                const res = result.replace(key, "");
-                if (res == "true") {
+                if (result.is_valid) {
                     $("input[id=add-key]").prop("disabled", false);
                     $("textarea[name=key]").css("box-shadow", "none");
                 } else {