Merge pull request #18691 from owncloud/request-no-read

Decode request content only on getContent

lib/private/appframework/http/request.php

@@ -9,6 +9,7 @@
  * @author Thomas Müller <thomas.mueller@tmit.eu>
  * @author Thomas Tanghus <thomas@tanghus.net>
  * @author Vincent Petry <pvince81@owncloud.com>
+ * @author Robin McCorkell <rmccorkell@owncloud.com>
  *
  * @copyright Copyright (c) 2015, ownCloud, Inc.
  * @license AGPL-3.0
@@ -71,6 +72,9 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 	/** @var ICrypto */
 	protected $crypto;
 
+	/** @var bool */
+	protected $contentDecoded = false;
+
 	/**
 	 * @param array $vars An associative array with the following optional values:
 	 *        - array 'urlParams' the parameters which were matched from the URL
@@ -109,27 +113,6 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 				: array();
 		}
 
-		// 'application/json' must be decoded manually.
-		if (strpos($this->getHeader('Content-Type'), 'application/json') !== false) {
-			$params = json_decode(file_get_contents($this->inputStream), true);
-			if(count($params) > 0) {
-				$this->items['params'] = $params;
-				if($vars['method'] === 'POST') {
-					$this->items['post'] = $params;
-				}
-			}
-		// Handle application/x-www-form-urlencoded for methods other than GET
-		// or post correctly
-		} elseif($vars['method'] !== 'GET'
-				&& $vars['method'] !== 'POST'
-				&& strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') !== false) {
-
-			parse_str(file_get_contents($this->inputStream), $params);
-			if(is_array($params)) {
-				$this->items['params'] = $params;
-			}
-		}
-
 		$this->items['parameters'] = array_merge(
 			$this->items['get'],
 			$this->items['post'],
@@ -237,24 +220,19 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 				if($this->method !== strtoupper($name)) {
 					throw new \LogicException(sprintf('%s cannot be accessed in a %s request.', $name, $this->method));
 				}
+				return $this->getContent();
 			case 'files':
 			case 'server':
 			case 'env':
 			case 'cookies':
-			case 'parameters':
-			case 'params':
 			case 'urlParams':
-				if(in_array($name, array('put', 'patch'))) {
-					return $this->getContent();
-				} else {
-					return isset($this->items[$name])
-						? $this->items[$name]
-						: null;
-				}
-				break;
 			case 'method':
-				return $this->items['method'];
-				break;
+				return isset($this->items[$name])
+					? $this->items[$name]
+					: null;
+			case 'parameters':
+			case 'params':
+				return $this->getContent();
 			default;
 				return isset($this[$name])
 					? $this[$name]
@@ -396,10 +374,47 @@ class Request implements \ArrayAccess, \Countable, IRequest {
 			$this->content = false;
 			return fopen($this->inputStream, 'rb');
 		} else {
-			return $this->parameters;
+			$this->decodeContent();
+			return $this->items['parameters'];
 		}
 	}
 
+	/**
+	 * Attempt to decode the content and populate parameters
+	 */
+	protected function decodeContent() {
+		if ($this->contentDecoded) {
+			return;
+		}
+		$params = [];
+
+		// 'application/json' must be decoded manually.
+		if (strpos($this->getHeader('Content-Type'), 'application/json') !== false) {
+			$params = json_decode(file_get_contents($this->inputStream), true);
+			if(count($params) > 0) {
+				$this->items['params'] = $params;
+				if($this->method === 'POST') {
+					$this->items['post'] = $params;
+				}
+			}
+
+		// Handle application/x-www-form-urlencoded for methods other than GET
+		// or post correctly
+		} elseif($this->method !== 'GET'
+				&& $this->method !== 'POST'
+				&& strpos($this->getHeader('Content-Type'), 'application/x-www-form-urlencoded') !== false) {
+
+			parse_str(file_get_contents($this->inputStream), $params);
+			if(is_array($params)) {
+				$this->items['params'] = $params;
+			}
+		}
+
+		$this->items['parameters'] = array_merge($this->items['parameters'], $params);
+		$this->contentDecoded = true;
+	}
+
+
 	/**
 	 * Checks if the CSRF check was correct
 	 * @return bool true if CSRF check passed