The format of the posted data (FormData, JSON)

[JanisE]

Hello!

The PHP JSNLog logger on the server side reads raw POST data and know it to be JSON to parse.

However, our app (or rather the PHP engine) that the logger is incorporated in, expects POST data to be in FormData format, and parses it as such (and presents it in the $_POST superglobal array).

As a result, in some cases $_POST array may contain some random data as parsed out of the data sent by JL. For example, a request from JS: JL('onerrorLogger').fatalException('?confirm=1&action=doit&redirect=1') populates $_POST with:

$_POST = Array
(
    [{"r":"","lg":_{"l":6000,"m":"?confirm] => 1
    [action] => doit
    [redirect] => 1","n":"onerrorLogger","t":1483118770674}]}
)

You can see that debugging data may accidentally become a request to "action=doit".

What would be the best solution here?

[mperdeck]

I have no experience with PHP, so I'm not sure I can be of much help.

Firstly, I would check whether the PHP engine you use has some configuration option so it interprets the JSON string in the incoming POST body correctly. On the other hand, changing such a config setting may break the rest of your app.

Another approach would be to modify your PHP code to read the raw POST body of incoming log messages, and then deserialize the JSON string. This instead of relying on the PHP engine to interpret the POST body for you.

Some googling turned up these links on ow to read the POST body http://stackoverflow.com/questions/7047870/issue-reading-http-request-body-from-a-json-post-in-php http://stackoverflow.com/questions/8945879/how-to-get-body-of-a-post-in-php

How to deserialize a JSON string http://stackoverflow.com/questions/25701154/how-to-deserialize-a-json-encoded-array-in-php

The format of the JSON log messages that are sent to the server: http://js.jsnlog.com/Documentation/DownloadInstall

If you are using the JSPHPLOG library, you may want to update their code and send them a pull request: https://github.com/pnellesen/JSPHPLog