Merge pull request #10637 from uberbrady/report_invalid_json

Alert when invalid JSON is submitted to something that wants it

app/Exceptions/Handler.php

@@ -8,6 +8,7 @@ use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
 use App\Helpers\Helper;
 use Illuminate\Validation\ValidationException;
 use Log;
+use JsonException;
 
 
 class Handler extends ExceptionHandler
@@ -26,6 +27,7 @@ class Handler extends ExceptionHandler
         \Illuminate\Validation\ValidationException::class,
         \Intervention\Image\Exception\NotSupportedException::class,
         \League\OAuth2\Server\Exception\OAuthServerException::class,
+        JsonException::class
     ];
 
     /**
@@ -60,6 +62,12 @@ class Handler extends ExceptionHandler
             return redirect()->back()->with('error', trans('general.token_expired'));
         }
 
+        // Invalid JSON exception
+        // TODO: don't understand why we have to do this when we have the invalidJson() method, below, but, well, whatever
+        if ($e instanceof JsonException) {
+            return response()->json(Helper::formatStandardApiResponse('error', null, 'invalid JSON'), 422);
+        }
+
 
         // Handle Ajax requests that fail because the model doesn't exist
         if ($request->ajax() || $request->wantsJson()) {

app/Http/Requests/Request.php

@@ -8,6 +8,14 @@ abstract class Request extends FormRequest
 {
     protected $rules = [];
 
+    public function json($key = null, $default = null)
+    {
+        if ($this->ajax() || $this->wantsJson()) {
+            json_decode($this->getContent(), false, 512, JSON_THROW_ON_ERROR); // ignore output, just throw
+        }
+        return parent::json($key, $default);
+    }
+
     public function rules()
     {
         return $this->rules;