mirror of
https://github.com/nextcloud/server.git
synced 2026-02-03 20:41:22 -05:00
fix(dav): handle HTML in CalDAV invitations
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This commit is contained in:
Christoph Wurst
parent
496404de56
commit
dac8818102
2 changed files with 33 additions and 19 deletions
|
|
@ -144,19 +144,31 @@ class EmailProvider extends AbstractProvider {
|
|||
IL10N $l10n,
|
||||
string $calendarDisplayName,
|
||||
VEvent $vevent):void {
|
||||
$template->addBodyListItem($calendarDisplayName, $l10n->t('Calendar:'),
|
||||
$this->getAbsoluteImagePath('actions/info.png'));
|
||||
$template->addBodyListItem(
|
||||
htmlspecialchars($calendarDisplayName),
|
||||
$l10n->t('Calendar:'),
|
||||
$this->getAbsoluteImagePath('actions/info.png'),
|
||||
htmlspecialchars($calendarDisplayName),
|
||||
);
|
||||
|
||||
$template->addBodyListItem($this->generateDateString($l10n, $vevent), $l10n->t('Date:'),
|
||||
$this->getAbsoluteImagePath('places/calendar.png'));
|
||||
|
||||
if (isset($vevent->LOCATION)) {
|
||||
$template->addBodyListItem((string)$vevent->LOCATION, $l10n->t('Where:'),
|
||||
$this->getAbsoluteImagePath('actions/address.png'));
|
||||
$template->addBodyListItem(
|
||||
htmlspecialchars((string)$vevent->LOCATION),
|
||||
$l10n->t('Where:'),
|
||||
$this->getAbsoluteImagePath('actions/address.png'),
|
||||
htmlspecialchars((string)$vevent->LOCATION),
|
||||
);
|
||||
}
|
||||
if (isset($vevent->DESCRIPTION)) {
|
||||
$template->addBodyListItem((string)$vevent->DESCRIPTION, $l10n->t('Description:'),
|
||||
$this->getAbsoluteImagePath('actions/more.png'));
|
||||
$template->addBodyListItem(
|
||||
htmlspecialchars((string)$vevent->DESCRIPTION),
|
||||
$l10n->t('Description:'),
|
||||
$this->getAbsoluteImagePath('actions/more.png'),
|
||||
htmlspecialchars((string)$vevent->DESCRIPTION),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ use Sabre\VObject\ITip\Message;
|
|||
use Sabre\VObject\Parameter;
|
||||
use Sabre\VObject\Property;
|
||||
use Sabre\VObject\Recur\EventIterator;
|
||||
use function htmlspecialchars;
|
||||
|
||||
class IMipService {
|
||||
|
||||
|
|
@ -80,10 +81,11 @@ class IMipService {
|
|||
if (!isset($vevent->$property)) {
|
||||
return $default;
|
||||
}
|
||||
$newstring = $vevent->$property->getValue();
|
||||
$value = $vevent->$property->getValue();
|
||||
$newstring = $value === null ? null : htmlspecialchars($value);
|
||||
if (isset($oldVEvent->$property) && $oldVEvent->$property->getValue() !== $newstring) {
|
||||
$oldstring = $oldVEvent->$property->getValue();
|
||||
return sprintf($strikethrough, $oldstring, $newstring);
|
||||
return sprintf($strikethrough, htmlspecialchars($oldstring), $newstring);
|
||||
}
|
||||
return $newstring;
|
||||
}
|
||||
|
|
@ -96,8 +98,8 @@ class IMipService {
|
|||
return $default;
|
||||
}
|
||||
/** @var string|null $newString */
|
||||
$newString = $vevent->$property->getValue();
|
||||
$oldString = isset($oldVEvent->$property) ? $oldVEvent->$property->getValue() : null;
|
||||
$newString = htmlspecialchars($vevent->$property->getValue());
|
||||
$oldString = isset($oldVEvent->$property) ? htmlspecialchars($oldVEvent->$property->getValue()) : null;
|
||||
if ($oldString !== $newString) {
|
||||
return sprintf(
|
||||
"<span style='text-decoration: line-through'>%s</span><br />%s",
|
||||
|
|
@ -797,10 +799,10 @@ class IMipService {
|
|||
$strikethrough = "<span style='text-decoration: line-through'>%s</span>";
|
||||
|
||||
$newMeetingWhen = $this->generateWhenString($eventReaderCurrent);
|
||||
$newSummary = isset($vEvent->SUMMARY) && (string)$vEvent->SUMMARY !== '' ? (string)$vEvent->SUMMARY : $this->l10n->t('Untitled event');
|
||||
$newDescription = isset($vEvent->DESCRIPTION) && (string)$vEvent->DESCRIPTION !== '' ? (string)$vEvent->DESCRIPTION : $defaultVal;
|
||||
$newSummary = htmlspecialchars(isset($vEvent->SUMMARY) && (string)$vEvent->SUMMARY !== '' ? (string)$vEvent->SUMMARY : $this->l10n->t('Untitled event'));
|
||||
$newDescription = htmlspecialchars(isset($vEvent->DESCRIPTION) && (string)$vEvent->DESCRIPTION !== '' ? (string)$vEvent->DESCRIPTION : $defaultVal);
|
||||
$newUrl = isset($vEvent->URL) && (string)$vEvent->URL !== '' ? sprintf('<a href="%1$s">%1$s</a>', $vEvent->URL) : $defaultVal;
|
||||
$newLocation = isset($vEvent->LOCATION) && (string)$vEvent->LOCATION !== '' ? (string)$vEvent->LOCATION : $defaultVal;
|
||||
$newLocation = htmlspecialchars(isset($vEvent->LOCATION) && (string)$vEvent->LOCATION !== '' ? (string)$vEvent->LOCATION : $defaultVal);
|
||||
$newLocationHtml = $this->linkify($newLocation) ?? $newLocation;
|
||||
|
||||
$data = [];
|
||||
|
|
@ -1067,22 +1069,22 @@ class IMipService {
|
|||
*/
|
||||
public function addBulletList(IEMailTemplate $template, VEvent $vevent, $data) {
|
||||
$template->addBodyListItem(
|
||||
$data['meeting_title_html'] ?? $data['meeting_title'], $this->l10n->t('Title:'),
|
||||
$data['meeting_title_html'] ?? htmlspecialchars($data['meeting_title']), $this->l10n->t('Title:'),
|
||||
$this->getAbsoluteImagePath('caldav/title.png'), $data['meeting_title'], '', IMipPlugin::IMIP_INDENT);
|
||||
if ($data['meeting_when'] !== '') {
|
||||
$template->addBodyListItem($data['meeting_when_html'] ?? $data['meeting_when'], $this->l10n->t('When:'),
|
||||
$template->addBodyListItem($data['meeting_when_html'] ?? htmlspecialchars($data['meeting_when']), $this->l10n->t('When:'),
|
||||
$this->getAbsoluteImagePath('caldav/time.png'), $data['meeting_when'], '', IMipPlugin::IMIP_INDENT);
|
||||
}
|
||||
if ($data['meeting_location'] !== '') {
|
||||
$template->addBodyListItem($data['meeting_location_html'] ?? $data['meeting_location'], $this->l10n->t('Location:'),
|
||||
$template->addBodyListItem($data['meeting_location_html'] ?? htmlspecialchars($data['meeting_location']), $this->l10n->t('Location:'),
|
||||
$this->getAbsoluteImagePath('caldav/location.png'), $data['meeting_location'], '', IMipPlugin::IMIP_INDENT);
|
||||
}
|
||||
if ($data['meeting_url'] !== '') {
|
||||
$template->addBodyListItem($data['meeting_url_html'] ?? $data['meeting_url'], $this->l10n->t('Link:'),
|
||||
$template->addBodyListItem($data['meeting_url_html'] ?? htmlspecialchars($data['meeting_url']), $this->l10n->t('Link:'),
|
||||
$this->getAbsoluteImagePath('caldav/link.png'), $data['meeting_url'], '', IMipPlugin::IMIP_INDENT);
|
||||
}
|
||||
if (isset($data['meeting_occurring'])) {
|
||||
$template->addBodyListItem($data['meeting_occurring_html'] ?? $data['meeting_occurring'], $this->l10n->t('Occurring:'),
|
||||
$template->addBodyListItem($data['meeting_occurring_html'] ?? htmlspecialchars($data['meeting_occurring']), $this->l10n->t('Occurring:'),
|
||||
$this->getAbsoluteImagePath('caldav/time.png'), $data['meeting_occurring'], '', IMipPlugin::IMIP_INDENT);
|
||||
}
|
||||
|
||||
|
|
@ -1090,7 +1092,7 @@ class IMipService {
|
|||
|
||||
/* Put description last, like an email body, since it can be arbitrarily long */
|
||||
if ($data['meeting_description']) {
|
||||
$template->addBodyListItem($data['meeting_description_html'] ?? $data['meeting_description'], $this->l10n->t('Description:'),
|
||||
$template->addBodyListItem($data['meeting_description_html'] ?? htmlspecialchars($data['meeting_description']), $this->l10n->t('Description:'),
|
||||
$this->getAbsoluteImagePath('caldav/description.png'), $data['meeting_description'], '', IMipPlugin::IMIP_INDENT);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue