Merge pull request #8288 from woodongwong/fix-Validation-withRequest

fix: Handle non-array JSON in validation
codeigniter4 · Dec 7, 2023 · b367f2f · b367f2f
2 parents b75a73f + e5c923e
commit b367f2f
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 0 deletions.
diff --git a/system/HTTP/Exceptions/HTTPException.php b/system/HTTP/Exceptions/HTTPException.php
@@ -228,4 +228,15 @@ public static function forInvalidSameSiteSetting(string $samesite)
     {
         return new static(lang('Security.invalidSameSiteSetting', [$samesite]));
     }
+
+    /**
+     * Thrown when the JSON format is not supported.
+     * This is specifically for cases where data validation is expected to work with key-value structures.
+     *
+     * @return HTTPException
+     */
+    public static function forUnsupportedJSONFormat()
+    {
+        return new static(lang('HTTP.unsupportedJSONFormat'));
+    }
 }
diff --git a/system/Language/en/HTTP.php b/system/Language/en/HTTP.php
@@ -20,6 +20,7 @@
     // IncomingRequest
     'invalidNegotiationType' => '"{0}" is not a valid negotiation type. Must be one of: media, charset, encoding, language.',
     'invalidJSON'            => 'Failed to parse JSON string. Error: {0}',
+    'unsupportedJSONFormat'  => 'The provided JSON format is not supported.',
 
     // Message
     'invalidHTTPProtocol' => 'Invalid HTTP Protocol Version: {0}',

diff --git a/system/Validation/Validation.php b/system/Validation/Validation.php
@@ -12,6 +12,7 @@
 namespace CodeIgniter\Validation;
 
 use Closure;
+use CodeIgniter\HTTP\Exceptions\HTTPException;
 use CodeIgniter\HTTP\IncomingRequest;
 use CodeIgniter\HTTP\RequestInterface;
 use CodeIgniter\Validation\Exceptions\ValidationException;
@@ -496,6 +497,10 @@ public function withRequest(RequestInterface $request): ValidationInterface
         if (strpos($request->getHeaderLine('Content-Type'), 'application/json') !== false) {
             $this->data = $request->getJSON(true);
 
+            if (! is_array($this->data)) {
+                throw HTTPException::forUnsupportedJSONFormat();
+            }
+
             return $this;
         }
 

diff --git a/tests/system/Validation/ValidationTest.php b/tests/system/Validation/ValidationTest.php
@@ -809,6 +809,25 @@ public function testJsonInputInvalid(): void
             ->run();
     }
 
+    public function testJsonInputNotKeyValue(): void
+    {
+        $this->expectException(HTTPException::class);
+        $this->expectExceptionMessage('The provided JSON format is not supported.');
+
+        $config  = new App();
+        $json    = '4';
+        $request = new IncomingRequest($config, new SiteURI($config), $json, new UserAgent());
+        $request->setHeader('Content-Type', 'application/json');
+
+        $rules = [
+            'role' => 'if_exist|max_length[5]',
+        ];
+        $this->validation
+            ->withRequest($request->withMethod('POST'))
+            ->setRules($rules)
+            ->run();
+    }
+
     /**
      * @see https://github.com/codeigniter4/CodeIgniter4/issues/6466
      */

diff --git a/user_guide_src/source/changelogs/v4.4.4.rst b/user_guide_src/source/changelogs/v4.4.4.rst
@@ -44,6 +44,7 @@ Message Changes
 ***************
 
 - Added ``HTTP.invalidJSON`` error message.
+- Added ``HTTP.unsupportedJSONFormat`` error message.
 
 *******
 Changes
-Original file line number
+Diff line change
@@ Expand Up / @@ -44,6 +44,7 @@ Message Changes @@
     ***************
     - Added ``HTTP.invalidJSON`` error message.
+    - Added ``HTTP.unsupportedJSONFormat`` error message.
     *******
     Changes
@@ Expand Down @@