support content-type of application/json on AJAX requests

[MegaphoneJon]

Overview

This is #29886, but I've addressed Coleman's concern by fixing the non-deprecated function as well.

I force-pushed my change and tried reopening that PR, but apparently you have to reopen before force-pushing or not at all.

Before

Can't submit JSON-formatted POST requests.

After

You can.

Technical Details

While I don't love the static variable, my profiling of Civi shows that we lose a ridiculous amount of time to serializing/deserializing data (including JSON), even though it uses internal functions. So we only decode the POST request once.

I didn't think this necessary on the deprecated function because it seems far less likely to get called multiple times (it retrieves all values, not just one) but I could be swayed to add it to both (or leave it off of both).

[civibot]

🤖 Thank you for contributing to CiviCRM! ❤️ We will need to test and review this PR. 👷

Introduction for new contributors...

• If this is your first PR, an admin will greenlight automated testing with the command ok to test or add to whitelist.
• A series of tests will automatically run. You can see the results at the bottom of this page (if there are any problems, it will include a link to see what went wrong).
• A demo site will be built where anyone can try out a version of CiviCRM that includes your changes.
• If this process needs to be repeated, an admin will issue the command test this please to rerun tests and build a new demo site.
• Before this PR can be merged, it needs to be reviewed. Please keep in mind that reviewers are volunteers, and their response time can vary from a few hours to a few weeks depending on their availability and their knowledge of this particular part of CiviCRM.
• A great way to speed up this process is to "trade reviews" with someone - find an open PR that you feel able to review, and leave a comment like "I'm reviewing this now, could you please review mine?" (include a link to yours). You don't have to wait for a response to get started (and you don't have to stop at one!) the more you review, the faster this process goes for everyone 😄
• To ensure that you are credited properly in the final release notes, please add yourself to contributor-key.yml
• For more information about contributing, see CONTRIBUTING.md.

Quick links for reviewers...

• ➡️ PR Demo site (can be rebuilt with the command test this please).
• 📖 Review standards
• 🗒️ Review template (brief or verbose)

➡️ Online demo of this PR 🔗

[MegaphoneJon]

test this please

[Sjord]

Does this give reasonable performance? The input JSON is decoded every time a value is requested, instead of only once per request.

[colemanw]

In practice, I don't think this is called very many times per request.

[Sjord]

Yes, I agree. Normally this is only called a couple of times, and json_decode is pretty fast.

However, this loop can become problematic. It will decode JSON again for every key in the request JSON. This quadratic complexity could be abused in a denial-of-service attack.

[MegaphoneJon]

@Sjord Shouldn't the static keyword on line 137 (static $post = NULL) prevent this from being decoded multiple times?

[Sjord]

Yes, you are right. Thanks for pointing that out. So it is decoded only once per request, I was mistaken about that.

[MegaphoneJon]

test this please

I think the test fails are unrelated, hopefully this will provide some insight.

[MegaphoneJon]

This is only failing on a test that looks like it's failing generally, api\v4\SearchDisplay\SearchRunTest.testRunWithTags.

[colemanw]

That test was fixed already in master so a rebase would get rid of the failure. Or you can just ignore it.