refactor JSON response processing

- avoid translating JSON error messages twice
- separation of concerns, JSON response preparation should not mix handling errors and results, provide two functions instead of one
- callers of JSON error method are responsible for translation of errors

CHANGELOG.md

@@ -1,6 +1,7 @@
 # PrivateBin version history
 
 ## 2.0.4 (not yet released)
+* CHANGED: Deduplicate JSON error message translations.
 
 ## 2.0.3 (2025-11-12)
 * FIXED: Prevent arbitrary PHP file inclusion when enabling template switching (CVE-2025-64714)

lib/Controller.php

@@ -271,7 +271,8 @@ class Controller
         try {
             TrafficLimiter::canPass();
         } catch (Exception $e) {
-            $this->_return_message(1, $e->getMessage());
+            // traffic limiter exceptions come translated
+            $this->_json_error($e->getMessage());
             return;
         }
 
@@ -281,14 +282,13 @@ class Controller
             array_key_exists('parentid', $data) &&
             !empty($data['parentid']);
         if (!FormatV2::isValid($data, $isComment)) {
-            $this->_return_message(1, I18n::_('Invalid data.'));
+            $this->_json_error(I18n::_('Invalid data.'));
             return;
         }
         $sizelimit = $this->_conf->getKey('sizelimit');
         // Ensure content is not too big.
         if (strlen($data['ct']) > $sizelimit) {
-            $this->_return_message(
+            $this->_json_error(
-                1,
                 I18n::_(
                     'Document is limited to %s of encrypted data.',
                     Filter::formatHumanReadableSize($sizelimit)
@@ -306,12 +306,13 @@ class Controller
                     $comment->setData($data);
                     $comment->store();
                 } catch (Exception $e) {
-                    $this->_return_message(1, $e->getMessage());
+                    // comment exceptions need translation
+                    $this->_json_error(I18n::_($e->getMessage()));
                     return;
                 }
-                $this->_return_message(0, $comment->getId());
+                $this->_json_result($comment->getId());
             } else {
-                $this->_return_message(1, I18n::_('Invalid data.'));
+                $this->_json_error(I18n::_('Invalid data.'));
             }
         }
         // The user posts a standard paste.
@@ -329,10 +330,11 @@ class Controller
                 $paste->setData($data);
                 $paste->store();
             } catch (Exception $e) {
-                $this->_return_message(1, $e->getMessage());
+                // paste exceptions need translation
+                $this->_json_error(I18n::_($e->getMessage()));
                 return;
             }
-            $this->_return_message(0, $paste->getId(), array('deletetoken' => $paste->getDeleteToken()));
+            $this->_json_result($paste->getId(), array('deletetoken' => $paste->getDeleteToken()));
         }
     }
 
@@ -367,9 +369,9 @@ class Controller
         }
         if ($this->_request->isJsonApiCall()) {
             if (empty($this->_error)) {
-                $this->_return_message(0, $dataid);
+                $this->_json_result($dataid);
             } else {
-                $this->_return_message(1, $this->_error);
+                $this->_json_error(I18n::_($this->_error));
             }
         }
     }
@@ -393,12 +395,13 @@ class Controller
                 if (array_key_exists('salt', $data['meta'])) {
                     unset($data['meta']['salt']);
                 }
-                $this->_return_message(0, $dataid, (array) $data);
+                $this->_json_result($dataid, (array) $data);
             } else {
-                $this->_return_message(1, self::GENERIC_ERROR);
+                $this->_json_error(I18n::_(self::GENERIC_ERROR));
             }
         } catch (Exception $e) {
-            $this->_return_message(1, $e->getMessage());
+            // paste exceptions need translation
+            $this->_json_error(I18n::_($e->getMessage()));
         }
     }
 
@@ -537,6 +540,38 @@ class Controller
         echo $content;
     }
 
+    /**
+     * prepares JSON encoded error message
+     *
+     * @access private
+     * @param  string $error
+     */
+    private function _json_error($error)
+    {
+        $result = array(
+            'status'  => 1,
+            'message' => $error
+        );
+        $this->_json = Json::encode($result);
+    }
+
+    /**
+     * prepares JSON encoded result message
+     *
+     * @access private
+     * @param  string $dataid
+     * @param  array $other
+     */
+    private function _json_result($dataid, $other = array())
+    {
+        $result = array(
+            'status' => 0,
+            'id'     => $dataid,
+            'url'    => $this->_urlBase . '?' . $dataid
+        ) + $other;
+        $this->_json = Json::encode($result);
+    }
+
     /**
      * Proxies a link using the specified proxy class, and updates the status or error with the response.
      *
@@ -551,25 +586,4 @@ class Controller
             $this->_status = $proxy->getUrl();
         }
     }
-
-    /**
-     * prepares JSON encoded status message
-     *
-     * @access private
-     * @param  int $status
-     * @param  string $message
-     * @param  array $other
-     */
-    private function _return_message($status, $message, $other = array())
-    {
-        $result = array('status' => $status);
-        if ($status) {
-            $result['message'] = I18n::_($message);
-        } else {
-            $result['id']  = $message;
-            $result['url'] = $this->_urlBase . '?' . $message;
-        }
-        $result += $other;
-        $this->_json = Json::encode($result);
-    }
 }