0

I am working on a slash command that'll invoke a dialog.

 $dialog = [
        'callback_id' => 'ryde-46e2b0',
        'title' => 'Request a Ride',
        'submit_label' => 'Request',
        'elements' => [
            [
                'type' => 'text',
                'label' => 'Pickup Location',
                'name' => 'loc_origin'
            ],
            [
                'type' => 'text',
                'label' => 'Dropoff Location',
                'name' => 'loc_destination'
            ]
        ]
    ];

    // get trigger ID from incoming slash request
    $trigger = filter_input(INPUT_POST, "trigger_id");

    // define POST query parameters
    $query = [
        'token' => 'XXXXXXXXX MY TOKEN XXXXXXXXX',
        'dialog' => json_encode($dialog),
        'trigger_id' => $trigger
    ];

    // define the curl request
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, 'https://slack.com/api/dialog.open');
    curl_setopt($ch, CURLOPT_HTTPHEADER, [
        'Content-Type: application/x-www-form-urlencoded'
    ]);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

    // set the POST query parameters
    curl_setopt($ch, CURLOPT_POST, true);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($query));

    // execute curl request
    $response = curl_exec($ch);

    // close
    curl_close($ch);

    var_export($response);

When I issue the slash command, my test dialog opens successfully

enter image description here

I then fill two test values test1 and test2 in the fields and submit the request. My endpoint is being hit with the dialog data payload correctly, but the data sent is not valid JSON:

The value of $_POST is: (I've masked all identifying tokens/IDs with xxx)

{"payload":"{\\\"type\\\":\\\"dialog_submission\\\",\\\"token\\\":\\\"XXX\\\",\\\"action_ts\\\":\\\"1536603864.688426\\\",\\\"team\\\":{\\\"id\\\":\\\"xxx\\\",\\\"domain\\\":\\\"ourdomain\\\"},\\\"user\\\":{\\\"id\\\":\\\"xxx\\\",\\\"name\\\":\\\"my_name\\\"},\\\"channel\\\":{\\\"id\\\":\\\"xxx\\\",\\\"name\\\":\\\"directmessage\\\"},\\\"submission\\\":{\\\"loc_origin\\\":\\\"test1\\\",\\\"loc_destination\\\":\\\"test2\\\"},\\\"callback_id\\\":\\\"ryde-46e2b0\\\",\\\"response_url\\\":\\\"https:\\\\/\\\\/hooks.slack.com\\\\/app\\\\/XXX\\\\/XXX\\\\/XXX\\\",\\\"state\\\":\\\"\\\"}"}

This is an invalid JSON, even when the "\\" instances are removed. Why is this happening?

Here is the code that handles the POST from Slack:

error_log(" -- dialog response: " . json_encode($_POST) . "\n", 3, './runtime.log');

Which results in the output above.

JasonGenX
  • 4,952
  • 27
  • 106
  • 198
  • `payload` is a json string itself, so it needs to be escaped. I don't know why they do it this way, but... it also looks like a sideffect of the dead addslashes() behavior in older PHP. Weird issue you have here. – IncredibleHat Sep 10 '18 at 19:37
  • I'm on version PHP 7.1 – JasonGenX Sep 10 '18 at 20:07
  • @JasonGenX, can you show the code that accepts the post data? Based on [the documentation](https://api.slack.com/dialogs#evaluating_submission_responses), what you are showing does not look like what Slack should be sending. – Sean Bright Sep 10 '18 at 20:17
  • simple. error_log(" -- dialog response: " . json_encode($_POST) . "\n", 3, './runtime.log'); this brings out the weird JSON format I've shown above. – JasonGenX Sep 10 '18 at 20:27
  • In the future, when someone asks for additional information you should edit it into your question, not add it as a comment. I've done that for you in this case. – Sean Bright Sep 10 '18 at 20:31

1 Answers1

1

I'm not sure why you are calling json_encode($_POST). The documentation is very clear on the format that will be sent:

$payload = filter_input(INPUT_POST, 'payload');
$decoded = json_decode($payload);

var_dump($decoded);
Sean Bright
  • 118,630
  • 17
  • 138
  • 146
  • Yep. That one did it. `filter_input` was the thing I was missing. I was calling $_POST directly just for debugging purposes after experiencing the JSON weirdness. I wanted to check the 'source' for my data. In any case-- thanks for your help. – JasonGenX Sep 10 '18 at 20:38
  • There is nothing wrong with using `$_POST`. You were calling `json_encode()` on POST data. That POST data contained JSON. That is why the JSON appeared to be double escaped. – Sean Bright Sep 10 '18 at 20:44