forked from extern/egroupware
* CalDAV/CardDAV: fix encoding of control chars stalling iOS sync
eg. \xb is not allowed in XML and caused iOS sync to stall, as it's XML parser fails use htmlspecialchars option ENT_XML1|ENT_DISALLOWED (PHP 5.4+) to ensure proper XML encoding
This commit is contained in:
parent
2a2aac0215
commit
0e40bd7cb5
@ -1003,7 +1003,7 @@ class HTTP_WebDAV_Server
|
|||||||
} elseif (isset($prop['raw'])) {
|
} elseif (isset($prop['raw'])) {
|
||||||
$val = $this->_prop_encode('<![CDATA['.$prop['val'].']]>');
|
$val = $this->_prop_encode('<![CDATA['.$prop['val'].']]>');
|
||||||
} else {
|
} else {
|
||||||
$val = $this->_prop_encode(htmlspecialchars($prop['val'], ENT_NOQUOTES, 'utf-8'));
|
$val = $this->_prop_encode(htmlspecialchars($prop['val'], ENT_NOQUOTES|ENT_XML1|ENT_DISALLOWED, 'utf-8'));
|
||||||
}
|
}
|
||||||
echo ' <'.($this->crrnd?'':'D:')."$prop[name]$ns_defs>$val".
|
echo ' <'.($this->crrnd?'':'D:')."$prop[name]$ns_defs>$val".
|
||||||
'</'.($this->crrnd?'':'D:')."$prop[name]>\n";
|
'</'.($this->crrnd?'':'D:')."$prop[name]>\n";
|
||||||
@ -1049,7 +1049,7 @@ class HTTP_WebDAV_Server
|
|||||||
{
|
{
|
||||||
foreach($subprop['val'] as $attr => $val)
|
foreach($subprop['val'] as $attr => $val)
|
||||||
{
|
{
|
||||||
$vals .= ' '.$attr.'="'.htmlspecialchars($val, ENT_NOQUOTES, 'utf-8').'"';
|
$vals .= ' '.$attr.'="'.htmlspecialchars($val, ENT_NOQUOTES|ENT_XML1|ENT_DISALLOWED, 'utf-8').'"';
|
||||||
}
|
}
|
||||||
$vals .= '/>';
|
$vals .= '/>';
|
||||||
}
|
}
|
||||||
@ -1061,7 +1061,7 @@ class HTTP_WebDAV_Server
|
|||||||
$vals .= '<![CDATA['.$subprop['val'].']]>';
|
$vals .= '<![CDATA['.$subprop['val'].']]>';
|
||||||
} else {
|
} else {
|
||||||
if($subprop['name'] == 'href') $subprop['val'] = $this->_urlencode($subprop['val']);
|
if($subprop['name'] == 'href') $subprop['val'] = $this->_urlencode($subprop['val']);
|
||||||
$vals .= htmlspecialchars($subprop['val'], ENT_NOQUOTES, 'utf-8');
|
$vals .= htmlspecialchars($subprop['val'], ENT_NOQUOTES|ENT_XML1|ENT_DISALLOWED, 'utf-8');
|
||||||
}
|
}
|
||||||
$vals .= "</$ns_name$subprop[name]>";
|
$vals .= "</$ns_name$subprop[name]>";
|
||||||
}
|
}
|
||||||
@ -1072,7 +1072,7 @@ class HTTP_WebDAV_Server
|
|||||||
{
|
{
|
||||||
$val = '<![CDATA['.$prop['val'].']]>';
|
$val = '<![CDATA['.$prop['val'].']]>';
|
||||||
} else {
|
} else {
|
||||||
$val = htmlspecialchars($prop['val'], ENT_NOQUOTES, 'utf-8');
|
$val = htmlspecialchars($prop['val'], ENT_NOQUOTES|ENT_XML1|ENT_DISALLOWED, 'utf-8');
|
||||||
}
|
}
|
||||||
$val = $this->_prop_encode($val);
|
$val = $this->_prop_encode($val);
|
||||||
// properties from namespaces != "DAV:" or without any namespace
|
// properties from namespaces != "DAV:" or without any namespace
|
||||||
@ -1199,7 +1199,7 @@ class HTTP_WebDAV_Server
|
|||||||
|
|
||||||
if ($responsedescr) {
|
if ($responsedescr) {
|
||||||
echo ' <'.($this->crrnd?'':'D:')."responsedescription>".
|
echo ' <'.($this->crrnd?'':'D:')."responsedescription>".
|
||||||
$this->_prop_encode(htmlspecialchars($responsedescr, ENT_NOQUOTES, 'utf-8')).
|
$this->_prop_encode(htmlspecialchars($responsedescr, ENT_NOQUOTES|ENT_XML1|ENT_DISALLOWED, 'utf-8')).
|
||||||
'</'.($this->crrnd?'':'D:')."responsedescription>\n";
|
'</'.($this->crrnd?'':'D:')."responsedescription>\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2794,7 +2794,7 @@ class HTTP_WebDAV_Server
|
|||||||
|
|
||||||
foreach($subprop as $attr => $val)
|
foreach($subprop as $attr => $val)
|
||||||
{
|
{
|
||||||
$vals .= ' '.$attr.'="'.htmlspecialchars($val, ENT_NOQUOTES, 'utf-8').'"';
|
$vals .= ' '.$attr.'="'.htmlspecialchars($val, ENT_NOQUOTES|ENT_XML1|ENT_DISALLOWED, 'utf-8').'"';
|
||||||
}
|
}
|
||||||
|
|
||||||
$ret .= '<'.($prop['ns'] == $ns ? ($this->crrnd ? '' : $ns_hash[$ns].':') : $ns_hash[$prop['ns']].':').$prop['name'].
|
$ret .= '<'.($prop['ns'] == $ns ? ($this->crrnd ? '' : $ns_hash[$ns].':') : $ns_hash[$prop['ns']].':').$prop['name'].
|
||||||
|
Loading…
Reference in New Issue
Block a user