Merge pull request #10637 from uberbrady/report_invalid_json

Alert when invalid JSON is submitted to something that wants it
This commit is contained in:
snipe 2022-02-08 12:17:20 -08:00 committed by GitHub
commit 7a117a22c8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 0 deletions

View file

@ -8,6 +8,7 @@ use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
use App\Helpers\Helper;
use Illuminate\Validation\ValidationException;
use Log;
use JsonException;
class Handler extends ExceptionHandler
@ -26,6 +27,7 @@ class Handler extends ExceptionHandler
\Illuminate\Validation\ValidationException::class,
\Intervention\Image\Exception\NotSupportedException::class,
\League\OAuth2\Server\Exception\OAuthServerException::class,
JsonException::class
];
/**
@ -60,6 +62,12 @@ class Handler extends ExceptionHandler
return redirect()->back()->with('error', trans('general.token_expired'));
}
// Invalid JSON exception
// TODO: don't understand why we have to do this when we have the invalidJson() method, below, but, well, whatever
if ($e instanceof JsonException) {
return response()->json(Helper::formatStandardApiResponse('error', null, 'invalid JSON'), 422);
}
// Handle Ajax requests that fail because the model doesn't exist
if ($request->ajax() || $request->wantsJson()) {

View file

@ -8,6 +8,14 @@ abstract class Request extends FormRequest
{
protected $rules = [];
public function json($key = null, $default = null)
{
if ($this->ajax() || $this->wantsJson()) {
json_decode($this->getContent(), false, 512, JSON_THROW_ON_ERROR); // ignore output, just throw
}
return parent::json($key, $default);
}
public function rules()
{
return $this->rules;