From: Philipp Schüle <p.schuele@metaways.de>
Date: Thu, 18 Sep 2014 13:02:04 +0000 (+0200)
Subject: 0012180: fix broken xml input
X-Git-Tag: 2016.09.6~2^2^2^2~49
X-Git-Url: http://git.tine20.org/?p=tine20;a=commitdiff_plain;h=47eb80cfb398d105cccaefe5e5b35a7fcedff03d

0012180: fix broken xml input

* adds helper function for filtering invalid chars

https://forge.tine20.org/view.php?id=12180

Change-Id: Iaad1a610ea719ddfcf85c53cf3ac2c44fa09013c
Reviewed-on: http://gerrit.tine20.com/customers/3527
Tested-by: Jenkins CI (http://ci.tine20.com/)
Reviewed-by: Philipp Schüle <p.schuele@metaways.de>
---

diff --git a/tests/tine20/Calendar/Import/CalDAVTest.php b/tests/tine20/Calendar/Import/CalDAVTest.php
index 94b4644..41d0582 100644
--- a/tests/tine20/Calendar/Import/CalDAVTest.php
+++ b/tests/tine20/Calendar/Import/CalDAVTest.php
@@ -124,4 +124,14 @@ class Calendar_Import_CalDAVTest extends Calendar_TestCase
         $updatedEvent = $events->filter('etag', '"aa3621a20e9045d8679075db57e881dd"')->getFirstRecord();
         $this->assertEquals('test update', $updatedEvent->summary);
     }
+    
+    /**
+     * testBrokenXml
+     */
+    public function testBrokenXml()
+    {
+        $brokenBody = file_get_contents(dirname(__FILE__) . '/files/broken_ics.xml');
+        $result = $this->_getUit()->parseMultiStatus($brokenBody);
+        $this->assertTrue(is_array($result));
+    }
 }
diff --git a/tests/tine20/Calendar/Import/files/broken_ics.xml b/tests/tine20/Calendar/Import/files/broken_ics.xml
new file mode 100644
index 0000000..48b38f2
--- /dev/null
+++ b/tests/tine20/Calendar/Import/files/broken_ics.xml
@@ -0,0 +1,44 @@
+<?xml version='1.0' encoding='UTF-8'?><multistatus xmlns='DAV:'>
+  <response>
+    <href>/calendars/__uids__/2A2E8D16-F63C-4271-82BC-7833B8696FF4/calendar/C93A3096-0A56-40FC-8350-3A0F592D4915.ics</href>
+    <propstat>
+      <prop>
+        <calendar-data xmlns='urn:ietf:params:xml:ns:caldav'><![CDATA[BEGIN:VCALENDAR
+VERSION:2.0
+PRODID:-//Apple Inc.//iCal 3.0//EN
+CALSCALE:GREGORIAN
+BEGIN:VTIMEZONE
+TZID:Europe/Madrid
+BEGIN:DAYLIGHT
+TZOFFSETFROM:+0100
+TZOFFSETTO:+0200
+DTSTART:19810329T020000
+RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU
+TZNAME:CEST
+END:DAYLIGHT
+BEGIN:STANDARD
+TZOFFSETFROM:+0200
+TZOFFSETTO:+0100
+DTSTART:19961027T030000
+RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU
+TZNAME:CET
+END:STANDARD
+END:VTIMEZONE
+BEGIN:VEVENT
+SEQUENCE:2
+TRANSP:OPAQUE
+UID:C93A3096-0A56-40FC-8350-3A0F592D4915
+DTSTART;TZID=Europe/Madrid:20120505T170000
+DTSTAMP:20120320T153424Z
+SUMMARY:Woman & Work 
+CREATED:20120320T153341Z
+DTEND;TZID=Europe/Madrid:20120505T180000
+END:VEVENT
+END:VCALENDAR
+]]></calendar-data>
+        <getetag>"9cacd5312f90d4f5c3353bfa0ad0d3ff"</getetag>
+      </prop>
+      <status>HTTP/1.1 200 OK</status>
+    </propstat>
+  </response>
+</multistatus>
\ No newline at end of file
diff --git a/tine20/Tinebase/Helper.php b/tine20/Tinebase/Helper.php
index 1d35a86..4522bed 100644
--- a/tine20/Tinebase/Helper.php
+++ b/tine20/Tinebase/Helper.php
@@ -4,7 +4,7 @@
  * 
  * @package     Tinebase
  * @license     http://www.gnu.org/licenses/agpl.html AGPL Version 3
- * @copyright   Copyright (c) 2007-2014 Metaways Infosystems GmbH (http://www.metaways.de)
+ * @copyright   Copyright (c) 2007-2016 Metaways Infosystems GmbH (http://www.metaways.de)
  * @author      Cornelius Weiss <c.weiss@metaways.de>
  */
 
@@ -305,4 +305,15 @@ class Tinebase_Helper
         
         return $exists;
     }
+
+    /**
+     * removes characters that are illegal in XML (those characters are not even in CDATA allowed)
+     *
+     * @param string $string
+     * @return string
+     */
+    public static function removeIllegalXMLChars($string)
+    {
+        return preg_replace('/[^\x09\x0A\x0D\x20-\x{D7FF}\x{E000}-\x{FFFD}\x{10000}-\x{10FFFF}]/u', '', $string);
+    }
 }
diff --git a/tine20/Tinebase/Import/CalDav/Client.php b/tine20/Tinebase/Import/CalDav/Client.php
index 6f0f462..a56de2f 100644
--- a/tine20/Tinebase/Import/CalDav/Client.php
+++ b/tine20/Tinebase/Import/CalDav/Client.php
@@ -288,4 +288,16 @@ class Tinebase_Import_CalDav_Client extends \Sabre\DAV\Client
         
         return $newResult;
     }
+
+    /**
+     * Parses a WebDAV multistatus response body
+     *
+     * @param string $body xml body
+     * @return array
+     */
+    public function parseMultiStatus($body)
+    {
+        // remove possible broken chars here to avoid simplexml_load_string errors
+        return parent::parseMultiStatus(Tinebase_Helper::removeIllegalXMLChars($body));
+    }
 }