From bed87f3d27d193a4bb117597671ebd07ac26568e Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Tue, 28 Feb 2017 17:02:00 +0100
Subject: [PATCH] (mvc) send post requests as json body, url encoding isn't
 always typesafe

---
 .../controllers/OPNsense/Base/ApiControllerBase.php    |  2 ++
 .../app/controllers/OPNsense/Base/ControllerBase.php   |  2 +-
 src/opnsense/www/js/opnsense.js                        | 10 ++++++----
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
index fc4ac2b51..84af4c9d3 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ApiControllerBase.php
@@ -192,6 +192,8 @@ class ApiControllerBase extends ControllerRoot
                 $this->response->setStatusCode(403, "Forbidden");
                 return false;
             }
+            // when request is using a json body (based on content type), parse it first
+            $this->parseJsonBodyData();
         }
     }
 
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
index ed7ab84e9..ac4a8a142 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Base/ControllerBase.php
@@ -202,7 +202,7 @@ class ControllerBase extends ControllerRoot
             $csrf_token = $this->security->getToken();
             $csrf_tokenKey = $this->security->getTokenKey();
         }
-        $this->view->setVars(['csrf_tokenKey' => $csrf_tokenKey,'csrf_token' => $csrf_token]);
+        $this->view->setVars(['csrf_tokenKey' => $csrf_tokenKey, 'csrf_token' => $csrf_token]);
 
         // link menu system to view, append /ui in uri because of rewrite
         $menu = new Menu\MenuSystem();
diff --git a/src/opnsense/www/js/opnsense.js b/src/opnsense/www/js/opnsense.js
index 9deb15636..969405013 100644
--- a/src/opnsense/www/js/opnsense.js
+++ b/src/opnsense/www/js/opnsense.js
@@ -185,12 +185,13 @@ function clearFormValidation(parent) {
  * @param callback callback function
  * @return deferred object
  */
-function ajaxCall(url,sendData,callback) {
+function ajaxCall(url, sendData, callback) {
     return $.ajax({
         type: "POST",
         url: url,
         dataType:"json",
-        complete: function(data,status) {
+        contentType: "application/json",
+        complete: function(data, status) {
             if ( callback == null ) {
                 null;
             } else if ( "responseJSON" in data ) {
@@ -199,7 +200,7 @@ function ajaxCall(url,sendData,callback) {
                 callback(data,status);
             }
         },
-        data:sendData
+        data: JSON.stringify(sendData)
     });
 }
 
@@ -215,6 +216,7 @@ function ajaxGet(url,sendData,callback) {
         type: "GET",
         url: url,
         dataType:"json",
+        contentType: "application/json",
         complete: function(data,status) {
             if ( callback == null ) {
                 null;
@@ -224,7 +226,7 @@ function ajaxGet(url,sendData,callback) {
                 callback({},status);
             }
         },
-        data:sendData
+        data: sendData
     });
 }