(mvc) send post requests as json body, url encoding isn't always typesafe

2026-03-15 00:54:41 +00:00 · 2017-02-28 17:02:00 +01:00 · 2017-02-28 17:02:00 +01:00 · bed87f3d27
commit bed87f3d27
parent 29e3bb3e6f
3 changed files with 9 additions and 5 deletions
--- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
@ -192,6 +192,8 @@ class ApiControllerBase extends ControllerRoot
                $this->response->setStatusCode(403, "Forbidden");
                return false;
            }
+            // when request is using a json body (based on content type), parse it first
+            $this->parseJsonBodyData();
        }
    }

--- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
@ -202,7 +202,7 @@ class ControllerBase extends ControllerRoot
            $csrf_token = $this->security->getToken();
            $csrf_tokenKey = $this->security->getTokenKey();
        }
-        $this->view->setVars(['csrf_tokenKey' => $csrf_tokenKey,'csrf_token' => $csrf_token]);
+        $this->view->setVars(['csrf_tokenKey' => $csrf_tokenKey, 'csrf_token' => $csrf_token]);

        // link menu system to view, append /ui in uri because of rewrite
        $menu = new Menu\MenuSystem();
--- a/src/opnsense/www/js/opnsense.js
+++ b/src/opnsense/www/js/opnsense.js
@ -185,12 +185,13 @@ function clearFormValidation(parent) {
 * @param callback callback function
 * @return deferred object
 */
-function ajaxCall(url,sendData,callback) {
+function ajaxCall(url, sendData, callback) {
    return $.ajax({
        type: "POST",
        url: url,
        dataType:"json",
-        complete: function(data,status) {
+        contentType: "application/json",
+        complete: function(data, status) {
            if ( callback == null ) {
                null;
            } else if ( "responseJSON" in data ) {
@ -199,7 +200,7 @@ function ajaxCall(url,sendData,callback) {
                callback(data,status);
            }
        },
-        data:sendData
+        data: JSON.stringify(sendData)
    });
 }

@ -215,6 +216,7 @@ function ajaxGet(url,sendData,callback) {
        type: "GET",
        url: url,
        dataType:"json",
+        contentType: "application/json",
        complete: function(data,status) {
            if ( callback == null ) {
                null;
@ -224,7 +226,7 @@ function ajaxGet(url,sendData,callback) {
                callback({},status);
            }
        },
-        data:sendData
+        data: sendData
    });
 }