check if params given to API are really an array

Signed-off-by: Artur Neumann <[email protected]>

Author: individual-it

lib/private/AppFramework/Http/Request.php

@@ -431,13 +431,12 @@ protected function decodeContent() {
 		// 'application/json' must be decoded manually.
 		if (strpos($this->getHeader('Content-Type'), 'application/json') !== false) {
 			$params = json_decode(file_get_contents($this->inputStream), true);
-			if ($params !== null && \count($params) > 0) {
-				$this->items['params'] = $params;
-				if ($this->method === 'POST') {
-					$this->items['post'] = $params;
+			if (\is_array($params) && \count($params) > 0) {
+					$this->items['params'] = $params;
+					if ($this->method === 'POST') {
+						$this->items['post'] = $params;
+					}
 				}
-			}
-
 			// Handle application/x-www-form-urlencoded for methods other than GET
 		// or post correctly
 		} elseif ($this->method !== 'GET'

tests/lib/AppFramework/Http/RequestTest.php

@@ -207,9 +207,20 @@ public function testJsonPost() {
 		$this->assertSame('Joey', $request['nickname']);
 	}
 
-	public function testNotJsonPost() {
+	public function notJsonDataProvider() {
+		return [
+			['this is not valid json'],
+			['"just a string"'],
+			['{"just a string"}'],
+		];
+	}
+
+	/**
+	 * @dataProvider notJsonDataProvider
+	 */
+	public function testNotJsonPost($testData) {
 		global $data;
-		$data = 'this is not valid json';
+		$data = $testData;
 		$vars = [
 			'method' => 'POST',
 			'server' => ['CONTENT_TYPE' => 'application/json; utf-8']