Merge pull request #6954 from michalsn/fix/getVar-getJsonVar

kenjis · web-flow · commit 10bbd5a51396 · 2022-12-12T07:57:40.000+09:00
fix: don't change the variable type and filter all values in JSON request
diff --git a/system/HTTP/IncomingRequest.php b/system/HTTP/IncomingRequest.php
@@ -518,20 +518,6 @@ public function getVar($index = null, $filter = null, $flags = null)
             strpos($this->getHeaderLine('Content-Type'), 'application/json') !== false
             && $this->body !== null
         ) {
-            if ($index === null) {
-                return $this->getJSON();
-            }
-
-            if (is_array($index)) {
-                $output = [];
-
-                foreach ($index as $key) {
-                    $output[$key] = $this->getJsonVar($key, false, $filter, $flags);
-                }
-
-                return $output;
-            }
-
             return $this->getJsonVar($index, false, $filter, $flags);
         }
 
@@ -561,35 +547,76 @@ public function getJSON(bool $assoc = false, int $depth = 512, int $options = 0)
     /**
      * Get a specific variable from a JSON input stream
      *
-     * @param string         $index  The variable that you want which can use dot syntax for getting specific values.
-     * @param bool           $assoc  If true, return the result as an associative array.
-     * @param int|null       $filter Filter Constant
-     * @param array|int|null $flags  Option
+     * @param array|string|null $index  The variable that you want which can use dot syntax for getting specific values.
+     * @param bool              $assoc  If true, return the result as an associative array.
+     * @param int|null          $filter Filter Constant
+     * @param array|int|null    $flags  Option
      *
      * @return array|bool|float|int|stdClass|string|null
      */
-    public function getJsonVar(string $index, bool $assoc = false, ?int $filter = null, $flags = null)
+    public function getJsonVar($index = null, bool $assoc = false, ?int $filter = null, $flags = null)
     {
         helper('array');
 
-        $json = $this->getJSON(true);
-        if (! is_array($json)) {
+        $data = $this->getJSON(true);
+        if (! is_array($data)) {
             return null;
         }
-        $data = dot_array_search($index, $json);
+
+        if (is_string($index)) {
+            $data = dot_array_search($index, $data);
+        } elseif (is_array($index)) {
+            $result = [];
+
+            foreach ($index as $key) {
+                $result[$key] = dot_array_search($key, $data);
+            }
+
+            [$data, $result] = [$result, null];
+        }
 
         if ($data === null) {
             return null;
         }
 
-        if (! is_array($data)) {
-            $filter ??= FILTER_DEFAULT;
-            $flags = is_array($flags) ? $flags : (is_numeric($flags) ? (int) $flags : 0);
+        $filter ??= FILTER_DEFAULT;
+        $flags = is_array($flags) ? $flags : (is_numeric($flags) ? (int) $flags : 0);
 
-            return filter_var($data, $filter, $flags);
+        if ($filter !== FILTER_DEFAULT
+            || (
+                (is_numeric($flags) && $flags !== 0)
+                || is_array($flags) && $flags !== []
+            )
+        ) {
+            if (is_array($data)) {
+                // Iterate over array and append filter and flags
+                array_walk_recursive($data, static function (&$val) use ($filter, $flags) {
+                    $valType = gettype($val);
+                    $val     = filter_var($val, $filter, $flags);
+
+                    if (in_array($valType, ['int', 'integer', 'float', 'double', 'bool', 'boolean'], true) && $val !== false) {
+                        settype($val, $valType);
+                    }
+                });
+            } else {
+                $dataType = gettype($data);
+                $data     = filter_var($data, $filter, $flags);
+
+                if (in_array($dataType, ['int', 'integer', 'float', 'double', 'bool', 'boolean'], true) && $data !== false) {
+                    settype($data, $dataType);
+                }
+            }
         }
 
         if (! $assoc) {
+            if (is_array($index)) {
+                foreach ($data as &$val) {
+                    $val = is_array($val) ? json_decode(json_encode($val)) : $val;
+                }
+
+                return $data;
+            }
+
             return json_decode(json_encode($data));
         }
 
diff --git a/tests/system/HTTP/IncomingRequestTest.php b/tests/system/HTTP/IncomingRequestTest.php
@@ -295,8 +295,13 @@ public function testCanGrabGetRawJSON()
     public function testCanGetAVariableFromJson()
     {
         $jsonObj = [
-            'foo' => 'bar',
-            'baz' => ['fizz' => 'buzz'],
+            'foo'   => 'bar',
+            'baz'   => ['fizz' => 'buzz'],
+            'int'   => 123,
+            'float' => 3.14,
+            'true'  => true,
+            'false' => false,
+            'null'  => null,
         ];
         $json = json_encode($jsonObj);
 
@@ -312,14 +317,24 @@ public function testCanGetAVariableFromJson()
         $this->assertIsObject($jsonVar);
         $this->assertSame('buzz', $jsonVar->fizz);
         $this->assertSame('buzz', $request->getJsonVar('baz.fizz'));
+        $this->assertSame(123, $request->getJsonVar('int'));
+        $this->assertSame(3.14, $request->getJsonVar('float'));
+        $this->assertTrue($request->getJsonVar('true'));
+        $this->assertFalse($request->getJsonVar('false'));
+        $this->assertNull($request->getJsonVar('null'));
     }
 
     public function testGetJsonVarAsArray()
     {
         $jsonObj = [
             'baz' => [
-                'fizz' => 'buzz',
-                'foo'  => 'bar',
+                'fizz'  => 'buzz',
+                'foo'   => 'bar',
+                'int'   => 123,
+                'float' => 3.14,
+                'true'  => true,
+                'false' => false,
+                'null'  => null,
             ],
         ];
         $json = json_encode($jsonObj);
@@ -333,6 +348,11 @@ public function testGetJsonVarAsArray()
         $this->assertIsArray($jsonVar);
         $this->assertSame('buzz', $jsonVar['fizz']);
         $this->assertSame('bar', $jsonVar['foo']);
+        $this->assertSame(123, $jsonVar['int']);
+        $this->assertSame(3.14, $jsonVar['float']);
+        $this->assertTrue($jsonVar['true']);
+        $this->assertFalse($jsonVar['false']);
+        $this->assertNull($jsonVar['null']);
     }
 
     public function testGetJsonVarCanFilter()
@@ -347,6 +367,59 @@ public function testGetJsonVarCanFilter()
         $this->assertFalse($request->getJsonVar('foo', false, FILTER_VALIDATE_INT));
     }
 
+    public function testGetJsonVarCanFilterArray()
+    {
+        $json = json_encode([
+            'string'      => 'hello123world',
+            'int'         => 123,
+            'float'       => 3.14,
+            'stringFloat' => 'hello3.14world',
+            'array'       => [
+                'string' => 'hello123world',
+                'int'    => 123,
+            ],
+        ]);
+
+        $config          = new App();
+        $config->baseURL = 'http://example.com/';
+
+        $request = new IncomingRequest($config, new URI(), $json, new UserAgent());
+        $request->setHeader('Content-Type', 'application/json');
+
+        $expected = [
+            'string'      => '123',
+            'int'         => 123,
+            'float'       => 3.14,
+            'stringFloat' => '3.14',
+            'array'       => [
+                'string' => '123',
+                'int'    => 123,
+            ],
+        ];
+
+        $this->assertSame(
+            $expected,
+            $request->getJsonVar(null, true, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)
+        );
+
+        $this->assertSame(
+            $expected['array'],
+            $request->getJsonVar('array', true, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)
+        );
+
+        $this->assertSame(
+            ['array' => $expected['array'], 'float' => $expected['float']],
+            $request->getJsonVar(['array', 'float'], true, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION)
+        );
+
+        $result = $request->getJsonVar(['array', 'float'], false, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
+        $this->assertIsObject($result['array']);
+        $this->assertSame(
+            ['array' => $expected['array'], 'float' => $expected['float']],
+            ['array' => json_decode(json_encode($result['array']), true), 'float' => $result['float']],
+        );
+    }
+
     public function testGetVarWorksWithJson()
     {
         $json = json_encode(['foo' => 'bar', 'fizz' => 'buzz']);
diff --git a/user_guide_src/source/changelogs/v4.3.0.rst b/user_guide_src/source/changelogs/v4.3.0.rst
@@ -185,6 +185,8 @@ Others
     - ``Debug\Exceptions::__construct()``
     - ``Services::exceptions()``
 
+- **Request:** The ``$index`` parameter of ``IncomingRequest::getJsonVar()`` now accepts an ``array``, ``string`` or ``null`` value.
+
 Enhancements
 ************
 
@@ -343,3 +345,5 @@ Bugs Fixed
 **********
 
 - Fixed a bug when all types of ``Prepared Queries`` were returning a ``Result`` object instead of a bool value for write-type queries.
+- Fixed a bug with variable filtering in JSON requests using with ``IncomingRequest::getVar()`` or ``IncomingRequest::getJsonVar()`` methods.
+- Fixed a bug when variable type may be changed when using a specified index with ``IncomingRequest::getVar()`` or ``IncomingRequest::getJsonVar()`` methods.
