Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit fa811c1

Browse files
rombertrombert
committedNov 1, 2012
Fixes #11230: High-ascii characters in fields will cause invalidity in
XML. Code from commit 2b5d662 is used to clean invalid characters.
·
release-1.2.20release-1.2.12
1 parent 0a4fbbe commit fa811c1

File tree

2 files changed

+15
-4
lines changed

2 files changed

+15
-4
lines changed
 

‎api/soap/mc_api.php

+11
Original file line numberDiff line numberDiff line change
@@ -192,6 +192,17 @@ function mci_null_if_empty( $p_value ) {
192192
return null;
193193
}
194194

195+
/**
196+
* Removes any invalid character from the string per XML 1.0 specification
197+
*
198+
* @param string $p_input
199+
* @return string the sanitized XML
200+
*/
201+
function mci_sanitize_xml_string ( $p_input ) {
202+
203+
return preg_replace( '/[^\x9\xA\xD\x20-\xD7FF\xE000-\xFFFD\x{10000}-\x{10FFFF}]/u', '', $p_input);
204+
}
205+
195206
/**
196207
* Gets the url for MantisBT.
197208
*

‎api/soap/mc_issue_api.php

+4-4
Original file line numberDiff line numberDiff line change
@@ -104,9 +104,9 @@ function mc_issue_get( $p_username, $p_password, $p_issue_id ) {
104104
$t_issue_data['target_version'] = mci_null_if_empty( $t_bug->target_version );
105105
$t_issue_data['due_date'] = mci_issue_get_due_date( $t_bug );
106106

107-
$t_issue_data['description'] = $t_bug->description;
108-
$t_issue_data['steps_to_reproduce'] = mci_null_if_empty( $t_bug->steps_to_reproduce );
109-
$t_issue_data['additional_information'] = mci_null_if_empty( $t_bug->additional_information );
107+
$t_issue_data['description'] = mci_sanitize_xml_string($t_bug->description);
108+
$t_issue_data['steps_to_reproduce'] = mci_null_if_empty( mci_sanitize_xml_string($t_bug->steps_to_reproduce) );
109+
$t_issue_data['additional_information'] = mci_null_if_empty( mci_sanitize_xml_string($t_bug->additional_information) );
110110

111111
$t_issue_data['attachments'] = mci_issue_get_attachments( $p_issue_id );
112112
$t_issue_data['relationships'] = mci_issue_get_relationships( $p_issue_id, $t_user_id );
@@ -318,7 +318,7 @@ function mci_issue_get_notes( $p_issue_id ) {
318318
$t_bugnote['reporter'] = mci_account_get_array_by_id( $t_value->reporter_id );
319319
$t_bugnote['date_submitted'] = timestamp_to_iso8601( $t_value->date_submitted, false );
320320
$t_bugnote['last_modified'] = timestamp_to_iso8601( $t_value->last_modified, false );
321-
$t_bugnote['text'] = $t_value->note;
321+
$t_bugnote['text'] = mci_sanitize_xml_string( $t_value->note );
322322
$t_bugnote['view_state'] = mci_enum_get_array_by_id( $t_value->view_state, 'view_state', $t_lang );
323323
$t_bugnote['time_tracking'] = $t_has_time_tracking_access ? $t_value->time_tracking : 0;
324324
$t_bugnote['note_type'] = $t_value->note_type;

0 commit comments

Comments
 (0)
Please sign in to comment.