From 3091a40783785a5a363644244a079a9036befa9e Mon Sep 17 00:00:00 2001
From: Alex Pott <alex.a.pott@googlemail.com>
Date: Thu, 11 Jul 2013 11:49:13 +0100
Subject: [PATCH] Issue #2032919 by klausi: Fixed PATCH and POST should return
 400 on NULL bodies.

---
 .../rest/Plugin/rest/resource/EntityResource.php     | 12 ++++++++++--
 .../rest/lib/Drupal/rest/Tests/CreateTest.php        |  4 ++++
 .../rest/lib/Drupal/rest/Tests/UpdateTest.php        |  4 ++++
 3 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/core/modules/rest/lib/Drupal/rest/Plugin/rest/resource/EntityResource.php b/core/modules/rest/lib/Drupal/rest/Plugin/rest/resource/EntityResource.php
index f1195dedb269..504fc5972861 100644
--- a/core/modules/rest/lib/Drupal/rest/Plugin/rest/resource/EntityResource.php
+++ b/core/modules/rest/lib/Drupal/rest/Plugin/rest/resource/EntityResource.php
@@ -71,7 +71,11 @@ public function get($id) {
    *
    * @throws \Symfony\Component\HttpKernel\Exception\HttpException
    */
-  public function post($id, EntityInterface $entity) {
+  public function post($id, EntityInterface $entity = NULL) {
+    if ($entity == NULL) {
+      throw new BadRequestHttpException(t('No entity content received.'));
+    }
+
     if (!$entity->access('create')) {
       throw new AccessDeniedHttpException();
     }
@@ -117,7 +121,11 @@ public function post($id, EntityInterface $entity) {
    *
    * @throws \Symfony\Component\HttpKernel\Exception\HttpException
    */
-  public function patch($id, EntityInterface $entity) {
+  public function patch($id, EntityInterface $entity = NULL) {
+    if ($entity == NULL) {
+      throw new BadRequestHttpException(t('No entity content received.'));
+    }
+
     if (empty($id)) {
       throw new NotFoundHttpException();
     }
diff --git a/core/modules/rest/lib/Drupal/rest/Tests/CreateTest.php b/core/modules/rest/lib/Drupal/rest/Tests/CreateTest.php
index 42c295003139..4ccc0b6bb08d 100644
--- a/core/modules/rest/lib/Drupal/rest/Tests/CreateTest.php
+++ b/core/modules/rest/lib/Drupal/rest/Tests/CreateTest.php
@@ -88,6 +88,10 @@ public function testCreate() {
     $this->httpRequest('entity/' . $entity_type, 'POST', 'kaboom!', $this->defaultMimeType);
     $this->assertResponse(400);
 
+    // Try to send no data at all, which does not make sense on POST requests.
+    $this->httpRequest('entity/' . $entity_type, 'POST', NULL, $this->defaultMimeType);
+    $this->assertResponse(400);
+
     // Try to create an entity without the CSRF token.
     $this->curlExec(array(
       CURLOPT_HTTPGET => FALSE,
diff --git a/core/modules/rest/lib/Drupal/rest/Tests/UpdateTest.php b/core/modules/rest/lib/Drupal/rest/Tests/UpdateTest.php
index 25d56c92d7a8..eca41bc60453 100644
--- a/core/modules/rest/lib/Drupal/rest/Tests/UpdateTest.php
+++ b/core/modules/rest/lib/Drupal/rest/Tests/UpdateTest.php
@@ -104,6 +104,10 @@ public function testPatchUpdate() {
     $entity->field_test_text->value = $this->randomString();
     $entity->save();
 
+    // Try to send no data at all, which does not make sense on PATCH requests.
+    $this->httpRequest('entity/' . $entity_type . '/' . $entity->id(), 'PATCH', NULL, $this->defaultMimeType);
+    $this->assertResponse(400);
+
     // Try to update a non-existing entity with ID 9999.
     $this->httpRequest('entity/' . $entity_type . '/9999', 'PATCH', $serialized, $this->defaultMimeType);
     $this->assertResponse(404);
-- 
GitLab