feat: better validation of invalid JSON payloads

wilr · web-flow · commit 720aaf53a47a · 2024-03-05T09:19:43.000+13:00
diff --git a/src/Controllers/ApiController.php b/src/Controllers/ApiController.php
@@ -46,12 +46,27 @@ public function init()
         $contentType = (string) $this->request->getHeader('Content-Type');
 
         if (strpos($contentType, 'application/json') !== false) {
-            $input = json_decode(file_get_contents("php://input"), true);
+            $jsonPayload = trim(file_get_contents("php://input"));
+            $input = json_decode($jsonPayload, true);
 
             if ($input) {
                 $this->vars = array_merge($input, $this->request->getVars());
+            } else if ($jsonPayload) {
+                $error = json_last_error();
+
+                switch ($error) {
+                    case JSON_ERROR_NONE:
+                        $this->vars = $this->request->getVars();
+                    break;
+                    default:
+                        $this->failure([
+                            'error' => 'Invalid JSON',
+                            'code' => $error
+                        ]);
+                    break;
+                }
             } else {
-                $this->vars = $this->request->getVars();
+                $this->vars = $this->request->requestVars();
             }
         } else {
             $this->vars = $this->request->requestVars();
@@ -377,7 +392,6 @@ public function getVar($name)
     public function hasVar($name)
     {
         $key = strtolower($name);
-
         return (isset($this->vars[$key]));
     }
 
