[BUGFIX] Use Json-based response for RequireJsController 48/59548/4
authorBenni Mack <benni@typo3.org>
Tue, 22 Jan 2019 12:13:59 +0000 (13:13 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 22 Jan 2019 15:11:00 +0000 (16:11 +0100)
This is a regression due to a very unfortunate
rebasing of a security backport which had the
exact code as changed here in the original change
which was tested.

The main reason is that JsonResponse is only
available in v9 or later.

Resolves: #87519
Releases: 8.7
Change-Id: Ib99cacb32e20d99b8e48940326385bcf5f4a19fa
Reviewed-on: https://review.typo3.org/59548
Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de>
Reviewed-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: Susanne Moog <susanne.moog@typo3.org>
Tested-by: TYPO3com <noreply@typo3.com>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/core/Classes/Controller/RequireJsController.php

index 23b88cf..138d3dd 100644 (file)
@@ -17,7 +17,7 @@ namespace TYPO3\CMS\Core\Controller;
 
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
-use TYPO3\CMS\Core\Http\JsonResponse;
+use TYPO3\CMS\Core\Http\Response;
 use TYPO3\CMS\Core\Page\PageRenderer;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 
@@ -65,10 +65,10 @@ class RequireJsController
     {
         $name = $request->getQueryParams()['name'] ?? null;
         if (empty($name) || !is_string($name)) {
-            return new JsonResponse(null, 404);
+            return $this->createJsonResponse(null, 404);
         }
         $configuration = $this->findConfiguration($name);
-        return new JsonResponse($configuration, !empty($configuration) ? 200 : 404);
+        return $this->createJsonResponse($configuration, !empty($configuration) ? 200 : 404);
     }
 
     /**
@@ -106,4 +106,24 @@ class RequireJsController
 
         return $relevantConfiguration;
     }
+
+    /**
+     * @param array|null $configuration
+     * @param int $statusCode
+     * @return Response
+     */
+    protected function createJsonResponse($configuration, int $statusCode): Response
+    {
+        $response = (new Response())
+            ->withStatus($statusCode)
+            ->withHeader('Content-Type', 'application/json; charset=utf-8');
+
+        if (!empty($configuration)) {
+            $options = JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT | JSON_UNESCAPED_SLASHES;
+            $response->getBody()->write(json_encode($configuration ?: null, $options));
+            $response->getBody()->rewind();
+        }
+
+        return $response;
+    }
 }