diff --git a/apps/dav/lib/BackgroundJob/UpdateCalendarResourcesRoomsBackgroundJob.php b/apps/dav/lib/BackgroundJob/UpdateCalendarResourcesRoomsBackgroundJob.php index f7addd58248..f0ff16d3f2f 100644 --- a/apps/dav/lib/BackgroundJob/UpdateCalendarResourcesRoomsBackgroundJob.php +++ b/apps/dav/lib/BackgroundJob/UpdateCalendarResourcesRoomsBackgroundJob.php @@ -339,7 +339,7 @@ class UpdateCalendarResourcesRoomsBackgroundJob extends TimedJob { * @return string */ private function serializeGroupRestrictions(array $groups): string { - return \json_encode($groups); + return \json_encode($groups, JSON_THROW_ON_ERROR); } /** diff --git a/apps/dav/lib/BulkUpload/BulkUploadPlugin.php b/apps/dav/lib/BulkUpload/BulkUploadPlugin.php index 0d5cce88d0d..dab4bbffc6e 100644 --- a/apps/dav/lib/BulkUpload/BulkUploadPlugin.php +++ b/apps/dav/lib/BulkUpload/BulkUploadPlugin.php @@ -75,7 +75,7 @@ class BulkUploadPlugin extends ServerPlugin { // Return early if an error occurs during parsing. $this->logger->error($e->getMessage()); $response->setStatus(Http::STATUS_BAD_REQUEST); - $response->setBody(json_encode($writtenFiles)); + $response->setBody(json_encode($writtenFiles, JSON_THROW_ON_ERROR)); return false; } @@ -109,7 +109,7 @@ class BulkUploadPlugin extends ServerPlugin { } $response->setStatus(Http::STATUS_OK); - $response->setBody(json_encode($writtenFiles)); + $response->setBody(json_encode($writtenFiles, JSON_THROW_ON_ERROR)); return false; } diff --git a/apps/dav/lib/CalDAV/ResourceBooking/AbstractPrincipalBackend.php b/apps/dav/lib/CalDAV/ResourceBooking/AbstractPrincipalBackend.php index 6fd69b7e3df..d2ad4cafb98 100644 --- a/apps/dav/lib/CalDAV/ResourceBooking/AbstractPrincipalBackend.php +++ b/apps/dav/lib/CalDAV/ResourceBooking/AbstractPrincipalBackend.php @@ -522,7 +522,7 @@ abstract class AbstractPrincipalBackend implements BackendInterface { } // group restrictions contains something, but not parsable, deny access and log warning - $json = json_decode($row['group_restrictions']); + $json = json_decode($row['group_restrictions'], null, 512, JSON_THROW_ON_ERROR); if (!\is_array($json)) { $this->logger->info('group_restrictions field could not be parsed for ' . $this->dbTableName . '::' . $row['id'] . ', denying access to resource'); return false; diff --git a/apps/dav/lib/Comments/CommentsPlugin.php b/apps/dav/lib/Comments/CommentsPlugin.php index a4932751897..f31e479c212 100644 --- a/apps/dav/lib/Comments/CommentsPlugin.php +++ b/apps/dav/lib/Comments/CommentsPlugin.php @@ -220,7 +220,7 @@ class CommentsPlugin extends ServerPlugin { */ private function createComment($objectType, $objectId, $data, $contentType = 'application/json') { if (explode(';', $contentType)[0] === 'application/json') { - $data = json_decode($data, true); + $data = json_decode($data, true, 512, JSON_THROW_ON_ERROR); } else { throw new UnsupportedMediaType(); } diff --git a/apps/dav/lib/Connector/Sabre/FilesPlugin.php b/apps/dav/lib/Connector/Sabre/FilesPlugin.php index 54919824864..f53c62afba2 100644 --- a/apps/dav/lib/Connector/Sabre/FilesPlugin.php +++ b/apps/dav/lib/Connector/Sabre/FilesPlugin.php @@ -321,11 +321,11 @@ class FilesPlugin extends ServerPlugin { $user->getUID() ); $ocmPermissions = $this->ncPermissions2ocmPermissions($ncPermissions); - return json_encode($ocmPermissions); + return json_encode($ocmPermissions, JSON_THROW_ON_ERROR); }); $propFind->handle(self::SHARE_ATTRIBUTES_PROPERTYNAME, function () use ($node, $httpRequest) { - return json_encode($node->getShareAttributes()); + return json_encode($node->getShareAttributes(), JSON_THROW_ON_ERROR); }); $propFind->handle(self::GETETAG_PROPERTYNAME, function () use ($node): string { @@ -350,7 +350,7 @@ class FilesPlugin extends ServerPlugin { }); $propFind->handle(self::HAS_PREVIEW_PROPERTYNAME, function () use ($node) { - return json_encode($this->previewManager->isAvailable($node->getFileInfo())); + return json_encode($this->previewManager->isAvailable($node->getFileInfo()), JSON_THROW_ON_ERROR); }); $propFind->handle(self::SIZE_PROPERTYNAME, function () use ($node): ?int { return $node->getSize(); @@ -422,7 +422,7 @@ class FilesPlugin extends ServerPlugin { if ($this->config->getSystemValueBool('enable_file_metadata', true)) { $propFind->handle(self::FILE_METADATA_SIZE, function () use ($node) { if (!str_starts_with($node->getFileInfo()->getMimetype(), 'image')) { - return json_encode((object)[]); + return json_encode((object)[], JSON_THROW_ON_ERROR); } if ($node->hasMetadata('size')) { @@ -438,7 +438,7 @@ class FilesPlugin extends ServerPlugin { \OC::$server->get(LoggerInterface::class)->debug('Inefficient fetching of metadata'); } - return json_encode((object)$sizeMetadata->getMetadata()); + return json_encode((object)$sizeMetadata->getMetadata(), JSON_THROW_ON_ERROR); }); } } diff --git a/apps/dav/lib/SystemTag/SystemTagPlugin.php b/apps/dav/lib/SystemTag/SystemTagPlugin.php index b6bd7d3b7cd..c21935edfdc 100644 --- a/apps/dav/lib/SystemTag/SystemTagPlugin.php +++ b/apps/dav/lib/SystemTag/SystemTagPlugin.php @@ -163,7 +163,7 @@ class SystemTagPlugin extends \Sabre\DAV\ServerPlugin { */ private function createTag($data, $contentType = 'application/json') { if (explode(';', $contentType)[0] === 'application/json') { - $data = json_decode($data, true); + $data = json_decode($data, true, 512, JSON_THROW_ON_ERROR); } else { throw new UnsupportedMediaType(); } diff --git a/apps/dav/lib/UserMigration/ContactsMigrator.php b/apps/dav/lib/UserMigration/ContactsMigrator.php index d2ba82eb2e5..196d0a6110a 100644 --- a/apps/dav/lib/UserMigration/ContactsMigrator.php +++ b/apps/dav/lib/UserMigration/ContactsMigrator.php @@ -248,7 +248,7 @@ class ContactsMigrator implements IMigrator, ISizeEstimationMigrator { $exportDestination->addFileContents($exportPath, $this->serializeCards($vCards)); $metadata = array_filter(['displayName' => $displayName, 'description' => $description]); - $exportDestination->addFileContents($metadataExportPath, json_encode($metadata)); + $exportDestination->addFileContents($metadataExportPath, json_encode($metadata, JSON_THROW_ON_ERROR)); } } catch (Throwable $e) { throw new CalendarMigratorException('Could not export address book', 0, $e);