From 38574f0196d041597e25046740b644d1a2def892 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Mon, 12 Dec 2022 20:46:47 +0100 Subject: [PATCH] return invalid data error on API instead of exception --- lib/Request.php | 12 +++++++++--- tst/ControllerTest.php | 7 +++++-- tst/RequestTest.php | 21 +++++++++++++++++---- 3 files changed, 31 insertions(+), 9 deletions(-) diff --git a/lib/Request.php b/lib/Request.php index 0d5f096..5e1bb3f 100644 --- a/lib/Request.php +++ b/lib/Request.php @@ -12,6 +12,8 @@ namespace PrivateBin; +use Exception; + /** * Request * @@ -110,9 +112,13 @@ class Request case 'POST': // it might be a creation or a deletion, the latter is detected below $this->_operation = 'create'; - $this->_params = Json::decode( - file_get_contents(self::$_inputStream) - ); + try { + $this->_params = Json::decode( + file_get_contents(self::$_inputStream) + ); + } catch (Exception $e) { + // ignore error, $this->_params will remain empty + } break; default: $this->_params = $_GET; diff --git a/tst/ControllerTest.php b/tst/ControllerTest.php index 698d5f8..c1876f7 100644 --- a/tst/ControllerTest.php +++ b/tst/ControllerTest.php @@ -436,8 +436,6 @@ class ControllerTest extends PHPUnit_Framework_TestCase * silently removed, check that this case is handled * * @runInSeparateProcess - * @expectedException Exception - * @expectedExceptionCode 90 */ public function testCreateBrokenUpload() { @@ -449,7 +447,12 @@ class ControllerTest extends PHPUnit_Framework_TestCase $_SERVER['REQUEST_METHOD'] = 'POST'; $_SERVER['REMOTE_ADDR'] = '::1'; $this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste does not exists before posting data'); + ob_start(); new Controller; + $content = ob_get_contents(); + ob_end_clean(); + $response = json_decode($content, true); + $this->assertEquals(1, $response['status'], 'outputs error status'); $this->assertFalse($this->_data->exists(Helper::getPasteId()), 'paste exists after posting data'); } diff --git a/tst/RequestTest.php b/tst/RequestTest.php index 9b440be..38501c5 100644 --- a/tst/RequestTest.php +++ b/tst/RequestTest.php @@ -97,7 +97,7 @@ class RequestTest extends PHPUnit_Framework_TestCase Request::setInputStream($file); $request = new Request; unlink($file); - $this->assertTrue($request->isJsonApiCall(), 'is JSON Api call'); + $this->assertTrue($request->isJsonApiCall(), 'is JSON API call'); $this->assertEquals('create', $request->getOperation()); $this->assertEquals('foo', $request->getParam('ct')); } @@ -111,7 +111,7 @@ class RequestTest extends PHPUnit_Framework_TestCase file_put_contents($file, '{"ct":"foo"}'); Request::setInputStream($file); $request = new Request; - $this->assertTrue($request->isJsonApiCall(), 'is JSON Api call'); + $this->assertTrue($request->isJsonApiCall(), 'is JSON API call'); $this->assertEquals('create', $request->getOperation()); $this->assertEquals('foo', $request->getParam('ct')); } @@ -125,7 +125,7 @@ class RequestTest extends PHPUnit_Framework_TestCase $_SERVER['QUERY_STRING'] = $id; $_GET[$id] = ''; $request = new Request; - $this->assertTrue($request->isJsonApiCall(), 'is JSON Api call'); + $this->assertTrue($request->isJsonApiCall(), 'is JSON API call'); $this->assertEquals($id, $request->getParam('pasteid')); $this->assertEquals('read', $request->getOperation()); } @@ -142,12 +142,25 @@ class RequestTest extends PHPUnit_Framework_TestCase file_put_contents($file, '{"deletetoken":"bar"}'); Request::setInputStream($file); $request = new Request; - $this->assertTrue($request->isJsonApiCall(), 'is JSON Api call'); + $this->assertTrue($request->isJsonApiCall(), 'is JSON API call'); $this->assertEquals('delete', $request->getOperation()); $this->assertEquals($id, $request->getParam('pasteid')); $this->assertEquals('bar', $request->getParam('deletetoken')); } + public function testPostGarbage() + { + $this->reset(); + $_SERVER['REQUEST_METHOD'] = 'POST'; + $file = tempnam(sys_get_temp_dir(), 'FOO'); + file_put_contents($file, random_bytes(256)); + Request::setInputStream($file); + $request = new Request; + unlink($file); + $this->assertFalse($request->isJsonApiCall(), 'is HTML call'); + $this->assertEquals('create', $request->getOperation()); + } + public function testReadWithNegotiation() { $this->reset();