fix(security): add error logging to JsonException catch blocks

gr8man · gr8man · commit 34bd2a9855de · 2026-05-31T00:58:01.000+02:00
diff --git a/system/Security/Security.php b/system/Security/Security.php
@@ -295,6 +295,7 @@ private function removeTokenInRequest(IncomingRequest $request): void
         try {
             $json = json_decode($body, flags: JSON_THROW_ON_ERROR);
         } catch (JsonException) {
+            log_message('error', 'Invalid JSON in request body during CSRF token removal');
             $json = null;
         }
 
@@ -346,6 +347,7 @@ private function getPostedToken(IncomingRequest $request): ?string
         try {
             $json = json_decode($body, flags: JSON_THROW_ON_ERROR);
         } catch (JsonException) {
+            log_message('error', 'Invalid JSON in request body during CSRF token retrieval');
             $json = null;
         }
 

Original file line number	Diff line number	Diff line change
`@@ -295,6 +295,7 @@ private function removeTokenInRequest(IncomingRequest $request): void`
`295`	`295`	`try {`
`296`	`296`	`$json = json_decode($body, flags: JSON_THROW_ON_ERROR);`
`297`	`297`	`} catch (JsonException) {`
	`298`	`+ log_message('error', 'Invalid JSON in request body during CSRF token removal');`
`298`	`299`	`$json = null;`
`299`	`300`	`}`
`300`	`301`
`@@ -346,6 +347,7 @@ private function getPostedToken(IncomingRequest $request): ?string`
`346`	`347`	`try {`
`347`	`348`	`$json = json_decode($body, flags: JSON_THROW_ON_ERROR);`
`348`	`349`	`} catch (JsonException) {`
	`350`	`+ log_message('error', 'Invalid JSON in request body during CSRF token retrieval');`
`349`	`351`	`$json = null;`
`350`	`352`	`}`
`351`	`353`