Fixed XF\Http\Request: Non-array-like JSON input triggers PHP error

Steffen · 2026-01-07T07:20:38+0000

To reproduce, send JSON input to XenForo that PHP's json_decode function does not turn into an array (but into a string/int/boolean/...). For example:

Code:

curl -X POST -H "Content-Type: application/json" -d "true" https://xenforo.com/community/

Then XF\Http\Request::getPhpInputJson returns a scalar value (instead of an array) which causes the following error in XF\Http\Request::__construct:

Code:

Uncaught TypeError: Unsupported operand types: array + bool in src/XF/Http/Request.php:912

Possible fix:

Diff:

--- a/src/XF/Http/Request.php
+++ b/src/XF/Http/Request.php
@@ -963,7 +963,8 @@ class Request
            $rawInput = @file_get_contents("php://input");
            if ($rawInput)
            {
-               return json_decode($rawInput, true) ?: [];
+               $json = json_decode($rawInput, true);
+               return is_array($json) ? $json : [];
            }
        }

XF Bug Bot · 2026-01-07T12:02:29+0000

Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.3.8).

Change log:

Fix TypeError when non-array JSON input is submitted (#1223)

There may be a delay before changes are rolled out to the XenForo Community.

Fixed XF\Http\Request: Non-array-like JSON input triggers PHP error

Steffen

Well-known member

XF Bug Bot

XenForo bug fixer bot

Similar threads

We value your privacy