mahdahar/gdc_cmod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sanitize request payload recursively before JSON response

Browse Source 
Replace telephone-only normalization with recursive UTF-8 sanitization across response arrays. Sanitize each request row and top-level payload before setJSON to prevent malformed UTF-8 encoding failures. Add JSON probe with explicit error logging and return a 500 error payload when encoding still fails.
This commit is contained in:
mahdahar 2026-04-22 15:43:09 +07:00
parent 741ca13b04
commit ee40438b0e
1 changed files with 33 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
app/Controllers/RequestsController.php
View File

@ -83,7 +83,7 @@ class RequestsController extends BaseController
foreach ($rows as &$row) { foreach ($rows as &$row) {
$row['COLLECTIONDATE'] = date('Y-m-d H:i', strtotime($row['COLLECTIONDATE'])); $row['COLLECTIONDATE'] = date('Y-m-d H:i', strtotime($row['COLLECTIONDATE']));
$row['REQDATE'] = date('Y-m-d H:i', strtotime($row['REQDATE'])); $row['REQDATE'] = date('Y-m-d H:i', strtotime($row['REQDATE']));
$this->normalizeTelephoneFields($row); $row = $this->sanitizeUtf8Array($row);
} }
$data = [ $data = [
@ -105,6 +105,20 @@ class RequestsController extends BaseController
'validatedCount' => (int) ($counterRow['Validated'] ?? 0), 'validatedCount' => (int) ($counterRow['Validated'] ?? 0),
]; ];
$data = $this->sanitizeUtf8Array($data);
$jsonProbe = json_encode($data, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
if ($jsonProbe === false) {
log_message('error', 'RequestsController::index JSON encoding failed after UTF-8 sanitization: {error}', [
'error' => json_last_error_msg(),
]);
return $this->response->setStatusCode(500)->setJSON([
'status' => 'error',
'message' => 'Failed to encode response payload',
]);
}
return $this->response->setJSON($data); return $this->response->setJSON($data);
} }
@ -276,13 +290,26 @@ class RequestsController extends BaseController
return $this->response->setJSON($data); return $this->response->setJSON($data);
} }
private function normalizeTelephoneFields(array &$row): void private function sanitizeUtf8Array(array $input): array
{ {
foreach (['TELEPHON', 'TELEPHONE'] as $field) { foreach ($input as $key => $value) {
if (isset($row[$field]) && is_string($row[$field])) { $input[$key] = $this->sanitizeUtf8Value($value);
$row[$field] = $this->ensureUtf8($row[$field]);
} }
return $input;
} }
private function sanitizeUtf8Value(mixed $value): mixed
{
if (is_string($value)) {
return $this->ensureUtf8($value);
}
if (is_array($value)) {
return $this->sanitizeUtf8Array($value);
}
return $value;
} }
private function ensureUtf8(string $value): string private function ensureUtf8(string $value): string