Sanitize request payload recursively before JSON response

Replace telephone-only normalization with recursive UTF-8 sanitization across response arrays. Sanitize each request row and top-level payload before setJSON to prevent malformed UTF-8 encoding failures. Add JSON probe with explicit error logging and return a 500 error payload when encoding still fails.
2026-04-22 15:43:09 +07:00 · 2026-04-22 15:43:09 +07:00 · ee40438b0e
commit ee40438b0e
parent 741ca13b04
1 changed files with 33 additions and 6 deletions
--- a/app/Controllers/RequestsController.php
+++ b/app/Controllers/RequestsController.php
@ -83,7 +83,7 @@ class RequestsController extends BaseController
    foreach ($rows as &$row) {
      $row['COLLECTIONDATE'] = date('Y-m-d H:i', strtotime($row['COLLECTIONDATE']));
      $row['REQDATE'] = date('Y-m-d H:i', strtotime($row['REQDATE']));
-      $this->normalizeTelephoneFields($row);
+      $row = $this->sanitizeUtf8Array($row);
    }

    $data = [
@ -105,6 +105,20 @@ class RequestsController extends BaseController
      'validatedCount' => (int) ($counterRow['Validated'] ?? 0),
    ];

+    $data = $this->sanitizeUtf8Array($data);
+
+    $jsonProbe = json_encode($data, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
+    if ($jsonProbe === false) {
+      log_message('error', 'RequestsController::index JSON encoding failed after UTF-8 sanitization: {error}', [
+        'error' => json_last_error_msg(),
+      ]);
+
+      return $this->response->setStatusCode(500)->setJSON([
+        'status' => 'error',
+        'message' => 'Failed to encode response payload',
+      ]);
+    }
+
    return $this->response->setJSON($data);
  }

@ -276,13 +290,26 @@ class RequestsController extends BaseController
    return $this->response->setJSON($data);
  }

-  private function normalizeTelephoneFields(array &$row): void
+  private function sanitizeUtf8Array(array $input): array
  {
-    foreach (['TELEPHON', 'TELEPHONE'] as $field) {
-      if (isset($row[$field]) && is_string($row[$field])) {
-        $row[$field] = $this->ensureUtf8($row[$field]);
-      }
+    foreach ($input as $key => $value) {
+      $input[$key] = $this->sanitizeUtf8Value($value);
    }
+
+    return $input;
+  }
+
+  private function sanitizeUtf8Value(mixed $value): mixed
+  {
+    if (is_string($value)) {
+      return $this->ensureUtf8($value);
+    }
+
+    if (is_array($value)) {
+      return $this->sanitizeUtf8Array($value);
+    }
+
+    return $value;
  }

  private function ensureUtf8(string $value): string