fix: Handle non-array JSON in validation

woodongwong · woodongwong · commit cb4fe38d415d · 2023-12-06T20:47:45.000+08:00
diff --git a/system/HTTP/Exceptions/HTTPException.php b/system/HTTP/Exceptions/HTTPException.php
@@ -228,4 +228,15 @@ public static function forInvalidSameSiteSetting(string $samesite)
     {
         return new static(lang('Security.invalidSameSiteSetting', [$samesite]));
     }
+
+    /**
+     * Thrown when the JSON format is not supported.
+     * This is specifically for cases where data validation is expected to work with key-value structures.
+     *
+     * @return HTTPException
+     */
+    public static function forUnsupportedJSONFormat()
+    {
+        return new static(lang('HTTP.unsupportedJSONFormat'));
+    }
 }
diff --git a/system/Language/en/HTTP.php b/system/Language/en/HTTP.php
@@ -20,6 +20,7 @@
     // IncomingRequest
     'invalidNegotiationType' => '"{0}" is not a valid negotiation type. Must be one of: media, charset, encoding, language.',
     'invalidJSON'            => 'Failed to parse JSON string. Error: {0}',
+    'unsupportedJSONFormat'  => 'The provided JSON format is not supported.',
 
     // Message
     'invalidHTTPProtocol' => 'Invalid HTTP Protocol Version: {0}',
diff --git a/system/Validation/Validation.php b/system/Validation/Validation.php
@@ -12,6 +12,7 @@
 namespace CodeIgniter\Validation;
 
 use Closure;
+use CodeIgniter\HTTP\Exceptions\HTTPException;
 use CodeIgniter\HTTP\IncomingRequest;
 use CodeIgniter\HTTP\RequestInterface;
 use CodeIgniter\Validation\Exceptions\ValidationException;
@@ -496,6 +497,10 @@ public function withRequest(RequestInterface $request): ValidationInterface
         if (strpos($request->getHeaderLine('Content-Type'), 'application/json') !== false) {
             $this->data = $request->getJSON(true);
 
+            if (! is_array($this->data)) {
+                throw HTTPException::forUnsupportedJSONFormat();
+            }
+
             return $this;
         }
 
diff --git a/tests/system/Validation/ValidationTest.php b/tests/system/Validation/ValidationTest.php
@@ -809,6 +809,25 @@ public function testJsonInputInvalid(): void
             ->run();
     }
 
+    public function testJsonInputNotKeyValue(): void
+    {
+        $this->expectException(HTTPException::class);
+        $this->expectExceptionMessage('The provided JSON format is not supported.');
+
+        $config  = new App();
+        $json    = '4';
+        $request = new IncomingRequest($config, new SiteURI($config), $json, new UserAgent());
+        $request->setHeader('Content-Type', 'application/json');
+
+        $rules = [
+            'role' => 'if_exist|max_length[5]',
+        ];
+        $this->validation
+            ->withRequest($request->withMethod('POST'))
+            ->setRules($rules)
+            ->run();
+    }
+
     /**
      * @see https://github.com/codeigniter4/CodeIgniter4/issues/6466
      */

Original file line number	Diff line number	Diff line change
`@@ -228,4 +228,15 @@ public static function forInvalidSameSiteSetting(string $samesite)`
`228`	`228`	`{`
`229`	`229`	`return new static(lang('Security.invalidSameSiteSetting', [$samesite]));`
`230`	`230`	`}`
	`231`	`+`
	`232`	`+ /**`
	`233`	`+ * Thrown when the JSON format is not supported.`
	`234`	`+ * This is specifically for cases where data validation is expected to work with key-value structures.`
	`235`	`+ *`
	`236`	`+ * @return HTTPException`
	`237`	`+ */`
	`238`	`+ public static function forUnsupportedJSONFormat()`
	`239`	`+ {`
	`240`	`+ return new static(lang('HTTP.unsupportedJSONFormat'));`
	`241`	`+ }`
`231`	`242`	`}`