refactor JSON response processing

- avoid translating JSON error messages twice - separation of concerns, JSON response preparation should not mix handling errors and results, provide two functions instead of one - callers of JSON error method are responsible for translation of errors
2026-01-23 02:35:23 +00:00 · 2025-11-14 10:04:41 +01:00 · 2025-11-14 10:04:41 +01:00 · d78c33438d
commit d78c33438d
parent 9b3647141d
2 changed files with 50 additions and 35 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,6 +1,7 @@
 # PrivateBin version history

 ## 2.0.4 (not yet released)
+* CHANGED: Deduplicate JSON error message translations.

 ## 2.0.3 (2025-11-12)
 * FIXED: Prevent arbitrary PHP file inclusion when enabling template switching (CVE-2025-64714)
--- a/lib/Controller.php
+++ b/lib/Controller.php
@ -271,7 +271,8 @@ class Controller
        try {
            TrafficLimiter::canPass();
        } catch (Exception $e) {
-            $this->_return_message(1, $e->getMessage());
+            // traffic limiter exceptions come translated
+            $this->_json_error($e->getMessage());
            return;
        }

@ -281,14 +282,13 @@ class Controller
            array_key_exists('parentid', $data) &&
            !empty($data['parentid']);
        if (!FormatV2::isValid($data, $isComment)) {
-            $this->_return_message(1, I18n::_('Invalid data.'));
+            $this->_json_error(I18n::_('Invalid data.'));
            return;
        }
        $sizelimit = $this->_conf->getKey('sizelimit');
        // Ensure content is not too big.
        if (strlen($data['ct']) > $sizelimit) {
-            $this->_return_message(
-                1,
+            $this->_json_error(
                I18n::_(
                    'Document is limited to %s of encrypted data.',
                    Filter::formatHumanReadableSize($sizelimit)
@ -306,12 +306,13 @@ class Controller
                    $comment->setData($data);
                    $comment->store();
                } catch (Exception $e) {
-                    $this->_return_message(1, $e->getMessage());
+                    // comment exceptions need translation
+                    $this->_json_error(I18n::_($e->getMessage()));
                    return;
                }
-                $this->_return_message(0, $comment->getId());
+                $this->_json_result($comment->getId());
            } else {
-                $this->_return_message(1, I18n::_('Invalid data.'));
+                $this->_json_error(I18n::_('Invalid data.'));
            }
        }
        // The user posts a standard paste.
@ -329,10 +330,11 @@ class Controller
                $paste->setData($data);
                $paste->store();
            } catch (Exception $e) {
-                $this->_return_message(1, $e->getMessage());
+                // paste exceptions need translation
+                $this->_json_error(I18n::_($e->getMessage()));
                return;
            }
-            $this->_return_message(0, $paste->getId(), array('deletetoken' => $paste->getDeleteToken()));
+            $this->_json_result($paste->getId(), array('deletetoken' => $paste->getDeleteToken()));
        }
    }

@ -367,9 +369,9 @@ class Controller
        }
        if ($this->_request->isJsonApiCall()) {
            if (empty($this->_error)) {
-                $this->_return_message(0, $dataid);
+                $this->_json_result($dataid);
            } else {
-                $this->_return_message(1, $this->_error);
+                $this->_json_error(I18n::_($this->_error));
            }
        }
    }
@ -393,12 +395,13 @@ class Controller
                if (array_key_exists('salt', $data['meta'])) {
                    unset($data['meta']['salt']);
                }
-                $this->_return_message(0, $dataid, (array) $data);
+                $this->_json_result($dataid, (array) $data);
            } else {
-                $this->_return_message(1, self::GENERIC_ERROR);
+                $this->_json_error(I18n::_(self::GENERIC_ERROR));
            }
        } catch (Exception $e) {
-            $this->_return_message(1, $e->getMessage());
+            // paste exceptions need translation
+            $this->_json_error(I18n::_($e->getMessage()));
        }
    }

@ -537,6 +540,38 @@ class Controller
        echo $content;
    }

+    /**
+     * prepares JSON encoded error message
+     *
+     * @access private
+     * @param  string $error
+     */
+    private function _json_error($error)
+    {
+        $result = array(
+            'status'  => 1,
+            'message' => $error
+        );
+        $this->_json = Json::encode($result);
+    }
+
+    /**
+     * prepares JSON encoded result message
+     *
+     * @access private
+     * @param  string $dataid
+     * @param  array $other
+     */
+    private function _json_result($dataid, $other = array())
+    {
+        $result = array(
+            'status' => 0,
+            'id'     => $dataid,
+            'url'    => $this->_urlBase . '?' . $dataid
+        ) + $other;
+        $this->_json = Json::encode($result);
+    }
+
    /**
     * Proxies a link using the specified proxy class, and updates the status or error with the response.
     *
@ -551,25 +586,4 @@ class Controller
            $this->_status = $proxy->getUrl();
        }
    }
-
-    /**
-     * prepares JSON encoded status message
-     *
-     * @access private
-     * @param  int $status
-     * @param  string $message
-     * @param  array $other
-     */
-    private function _return_message($status, $message, $other = array())
-    {
-        $result = array('status' => $status);
-        if ($status) {
-            $result['message'] = I18n::_($message);
-        } else {
-            $result['id']  = $message;
-            $result['url'] = $this->_urlBase . '?' . $message;
-        }
-        $result += $other;
-        $this->_json = Json::encode($result);
-    }
 }