diff --git a/core/ajax/cmd.ajax.php b/core/ajax/cmd.ajax.php index 9b858a2dbc..14ed21c286 100644 --- a/core/ajax/cmd.ajax.php +++ b/core/ajax/cmd.ajax.php @@ -92,7 +92,7 @@ if ($cmd->getType() == 'action' && $cmd->getConfiguration('actionConfirm') == 1 && init('confirmAction') != 1) { throw new Exception(__('Cette action nécessite une confirmation', __FILE__), -32006); } - $options = is_json(init('value'), array()); + $options = parseJsonAsArray(getRequestParameterAsString('value'), false); if (init('user_login') != '') { $options['user_login'] = init('user_login'); } @@ -350,9 +350,10 @@ $data = array(); $dateStart = null; $dateEnd = null; - if (init('dateRange') != '' && init('dateRange') != 'all') { - if (is_json(init('dateRange'))) { - $dateRange = json_decode(init('dateRange'), true); + $initDateRange = init('dateRange'); + if ($initDateRange != '' && $initDateRange != 'all') { + if (is_string($initDateRange) && canBeDecodedAsJsonArray($initDateRange)) { + $dateRange = parseJsonAsArray($initDateRange); if (isset($dateRange['start'])) { $dateStart = $dateRange['start']; } @@ -361,7 +362,7 @@ } } else { $dateEnd = date('Y-m-d H:i:s'); - $dateStart = date('Y-m-d H:i:s', strtotime('- ' . init('dateRange') . ' ' . $dateEnd)); + $dateStart = date('Y-m-d H:i:s', strtotime('- ' . $initDateRange . ' ' . $dateEnd)); } } diff --git a/core/class/listener.class.php b/core/class/listener.class.php index f9c532df38..7978d62642 100644 --- a/core/class/listener.class.php +++ b/core/class/listener.class.php @@ -327,8 +327,12 @@ public function getId() { return $this->id; } - public function getEvent() { - return is_json($this->event, array()); + public function getEvent(): array { + if (!is_string($this->event)) { + return []; + } + + return parseJsonAsArray($this->event); } public function getClass() { diff --git a/core/php/utils.inc.php b/core/php/utils.inc.php index 08b0613c92..dab1b9d464 100644 --- a/core/php/utils.inc.php +++ b/core/php/utils.inc.php @@ -150,6 +150,30 @@ function init($_name, $_default = '') { return $_default; } +function getRequestParameterAsString(string $parameterName, string $fallbackValue = ''): string +{ + $value = init($parameterName, $fallbackValue); + + if (!is_scalar($value)) { + return $fallbackValue; + } + + $stringValue = (string) $value; + return $stringValue === '' ? $fallbackValue : $stringValue; +} + +function getRequestParameterAsInteger(string $parameterName, int $fallbackValue = 0): int +{ + $value = init($parameterName, $fallbackValue); + + if (!is_scalar($value)) { + return $fallbackValue; + } + + $intValue = (int) $value; + return $intValue === 0 ? $fallbackValue : $intValue; +} + function sendVarToJS($_varName, $_value = '') { if (!is_array($_varName)) { $_varName = [$_varName => $_value]; @@ -259,23 +283,54 @@ function displayException($e) { } function is_json($_string, $_default = null) { - if ($_default !== null) { - if (!is_string($_string)) { - return $_default; - } - $return = json_decode($_string, true, 512, JSON_BIGINT_AS_STRING); - if (!is_array($return)) { - return $_default; - } - return $return; - } - return ((is_string($_string) && is_array(json_decode($_string, true, 512, JSON_BIGINT_AS_STRING)))) ? true : false; + $potentialJson = $_string; + $fallbackValue = $_default; + if (!is_string($potentialJson)) { + return $fallbackValue ?? false; + } + + if (null === $fallbackValue) { + return canBeDecodedAsJsonArray($potentialJson); + } + + try { + return parseJsonAsArray($potentialJson); + } catch (DomainException $exception) { + return $fallbackValue; + } +} + +function canBeDecodedAsJsonArray(string $potentialJson): bool +{ + try { + parseJsonAsArray($potentialJson); + } catch (DomainException $e) { + return false; + } + + return true; +} + +function parseJsonAsArray(string $json, bool $shouldThrowOnError = true): array +{ + $parsedJson = json_decode($json, true, 512, JSON_BIGINT_AS_STRING); + + if (is_array($parsedJson)) { + return $parsedJson; + } + + if ($shouldThrowOnError) { + throw new \DomainException(sprintf('Unable to parse JSON as array: %s', $json)); + } + + return []; } function is_sha1($_string = '') { if ($_string == '') { return false; } + return preg_match('/^[0-9a-f]{40}$/i', $_string); } diff --git a/testIsJson.php b/testIsJson.php new file mode 100644 index 0000000000..35d1395308 --- /dev/null +++ b/testIsJson.php @@ -0,0 +1,54 @@ + ', var_export($actual, true), PHP_EOL; + } +} + + +foreach ([ + ['', null, false], + [1, null, false], + [1, 'foo', 'foo'], + [1, true, true], + ['1', null, false], // ceci est un json valide, retourne false + ['1', 'foo', 'foo'], + ['1', false, false], + ['null', null, false], // ceci est un json valide, retourne false + ['null', 'foo', 'foo'], + ['null', false, false], + ['"null"', null, false], // ceci est un json valide, retourne false + ['"null"', 'foo', 'foo'], + ['"null"', true, true], + ['true', null, false], // ceci est un json valide, retourne false + ['true', 'foo', 'foo'], + ['true', true, true], + ['false', null, false], // ceci est un json valide, retourne false + ['false', 'foo', 'foo'], + ['false', true, true], + ['{}', null, true], + ['{}', false, []], + ['[]', null, true], + ['[]', array(), []], + ['[]', false, []], + ['["a"]', null, true], + ['["a"]', array(), ['a']], + ['["a"]', false, ['a']], + [['a' => 1], null, false], + ['["a":1]', null, false], + ['{"a":1,"b":2}', true, ['a' => 1, 'b' => 2]], + ] as $case) { + testIsJson($case); +} \ No newline at end of file