extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-29 11:23:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

* CalDAV/CardDAV: fix encoding of control chars stalling iOS sync

Browse Source 
eg. \xb is not allowed in XML and caused iOS sync to stall, as it's XML parser fails
use htmlspecialchars option ENT_XML1|ENT_DISALLOWED (PHP 5.4+) to ensure proper XML encoding
This commit is contained in:
Ralf Becker 2017-11-10 15:40:49 +01:00
parent 5b8edcfdb1
commit 3055190ea7
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
api/src/WebDAV/Server.php
View File

@ -1003,7 +1003,7 @@ class HTTP_WebDAV_Server
} elseif (isset($prop['raw'])) { } elseif (isset($prop['raw'])) {
$val = $this->_prop_encode('<![CDATA['.$prop['val'].']]>'); $val = $this->_prop_encode('<![CDATA['.$prop['val'].']]>');
} else { } else {
$val = $this->_prop_encode(htmlspecialchars($prop['val'], ENT_NOQUOTES, 'utf-8')); $val = $this->_prop_encode(htmlspecialchars($prop['val'], ENT_NOQUOTES|ENT_XML1|ENT_DISALLOWED, 'utf-8'));
} }
echo ' <'.($this->crrnd?'':'D:')."$prop[name]$ns_defs>$val". echo ' <'.($this->crrnd?'':'D:')."$prop[name]$ns_defs>$val".
'</'.($this->crrnd?'':'D:')."$prop[name]>\n"; '</'.($this->crrnd?'':'D:')."$prop[name]>\n";
@ -1049,7 +1049,7 @@ class HTTP_WebDAV_Server
{ {
foreach($subprop['val'] as $attr => $val) foreach($subprop['val'] as $attr => $val)
{ {
$vals .= ' '.$attr.'="'.htmlspecialchars($val, ENT_NOQUOTES, 'utf-8').'"'; $vals .= ' '.$attr.'="'.htmlspecialchars($val, ENT_NOQUOTES|ENT_XML1|ENT_DISALLOWED, 'utf-8').'"';
} }
$vals .= '/>'; $vals .= '/>';
} }
@ -1061,7 +1061,7 @@ class HTTP_WebDAV_Server
$vals .= '<![CDATA['.$subprop['val'].']]>'; $vals .= '<![CDATA['.$subprop['val'].']]>';
} else { } else {
if($subprop['name'] == 'href') $subprop['val'] = $this->_urlencode($subprop['val']); if($subprop['name'] == 'href') $subprop['val'] = $this->_urlencode($subprop['val']);
$vals .= htmlspecialchars($subprop['val'], ENT_NOQUOTES, 'utf-8'); $vals .= htmlspecialchars($subprop['val'], ENT_NOQUOTES|ENT_XML1|ENT_DISALLOWED, 'utf-8');
} }
$vals .= "</$ns_name$subprop[name]>"; $vals .= "</$ns_name$subprop[name]>";
} }
@ -1072,7 +1072,7 @@ class HTTP_WebDAV_Server
{ {
$val = '<![CDATA['.$prop['val'].']]>'; $val = '<![CDATA['.$prop['val'].']]>';
} else { } else {
$val = htmlspecialchars($prop['val'], ENT_NOQUOTES, 'utf-8'); $val = htmlspecialchars($prop['val'], ENT_NOQUOTES|ENT_XML1|ENT_DISALLOWED, 'utf-8');
} }
$val = $this->_prop_encode($val); $val = $this->_prop_encode($val);
// properties from namespaces != "DAV:" or without any namespace // properties from namespaces != "DAV:" or without any namespace
@ -1199,7 +1199,7 @@ class HTTP_WebDAV_Server
if ($responsedescr) { if ($responsedescr) {
echo ' <'.($this->crrnd?'':'D:')."responsedescription>". echo ' <'.($this->crrnd?'':'D:')."responsedescription>".
$this->_prop_encode(htmlspecialchars($responsedescr, ENT_NOQUOTES, 'utf-8')). $this->_prop_encode(htmlspecialchars($responsedescr, ENT_NOQUOTES|ENT_XML1|ENT_DISALLOWED, 'utf-8')).
'</'.($this->crrnd?'':'D:')."responsedescription>\n"; '</'.($this->crrnd?'':'D:')."responsedescription>\n";
} }
@ -2794,7 +2794,7 @@ class HTTP_WebDAV_Server
foreach($subprop as $attr => $val) foreach($subprop as $attr => $val)
{ {
$vals .= ' '.$attr.'="'.htmlspecialchars($val, ENT_NOQUOTES, 'utf-8').'"'; $vals .= ' '.$attr.'="'.htmlspecialchars($val, ENT_NOQUOTES|ENT_XML1|ENT_DISALLOWED, 'utf-8').'"';
} }
$ret .= '<'.($prop['ns'] == $ns ? ($this->crrnd ? '' : $ns_hash[$ns].':') : $ns_hash[$prop['ns']].':').$prop['name']. $ret .= '<'.($prop['ns'] == $ns ? ($this->crrnd ? '' : $ns_hash[$ns].':') : $ns_hash[$prop['ns']].':').$prop['name'].