1
0
Fork 0
mirror of https://github.com/vanitasvitae/Smack.git synced 2024-11-26 22:12:05 +01:00

VCards data was not being escaped and unescaped properly. SMACK-130

git-svn-id: http://svn.igniterealtime.org/svn/repos/smack/trunk@3691 b35dd754-fafc-0310-a699-88a17e54d16e
This commit is contained in:
Alex Wenckus 2006-04-04 01:15:02 +00:00 committed by alex
parent aa4b965001
commit b88871c409
2 changed files with 67 additions and 39 deletions

View file

@ -118,6 +118,9 @@ public class VCard extends IQ {
*/ */
private Map otherSimpleFields = new HashMap(); private Map otherSimpleFields = new HashMap();
// fields that, as they are should not be escaped before forwarding to the server
private Map otherUnescapableFields = new HashMap();
public VCard() { public VCard() {
} }
@ -139,8 +142,25 @@ public class VCard extends IQ {
* @see #getField(String) * @see #getField(String)
*/ */
public void setField(String field, String value) { public void setField(String field, String value) {
setField(field, value, false);
}
/**
* Set generic, unescapable VCard field. If unescabale is set to true, XML maybe a part of the
* value.
*
* @param value value of field
* @param field field to set. See {@link #getField(String)}
* @param isUnescapable True if the value should not be escaped, and false if it should.
*/
public void setField(String field, String value, boolean isUnescapable) {
if(!isUnescapable) {
otherSimpleFields.put(field, value); otherSimpleFields.put(field, value);
} }
else {
otherUnescapableFields.put(field, value);
}
}
public String getFirstName() { public String getFirstName() {
return firstName; return firstName;
@ -310,7 +330,7 @@ public class VCard extends IQ {
String encodedImage = StringUtils.encodeBase64(bytes); String encodedImage = StringUtils.encodeBase64(bytes);
avatar = encodedImage; avatar = encodedImage;
setField("PHOTO", "<TYPE>image/jpeg</TYPE><BINVAL>" + encodedImage + "</BINVAL>"); setField("PHOTO", "<TYPE>image/jpeg</TYPE><BINVAL>" + encodedImage + "</BINVAL>", true);
} }
/** /**
@ -322,7 +342,7 @@ public class VCard extends IQ {
String encodedImage = StringUtils.encodeBase64(bytes); String encodedImage = StringUtils.encodeBase64(bytes);
avatar = encodedImage; avatar = encodedImage;
setField("PHOTO", "<TYPE>image/jpeg</TYPE><BINVAL>" + encodedImage + "</BINVAL>"); setField("PHOTO", "<TYPE>image/jpeg</TYPE><BINVAL>" + encodedImage + "</BINVAL>", true);
} }
/** /**
@ -362,11 +382,8 @@ public class VCard extends IQ {
if (avatar == null) { if (avatar == null) {
return null; return null;
} }
if (avatar != null) {
return StringUtils.decodeBase64(avatar); return StringUtils.decodeBase64(avatar);
} }
return null;
}
/** /**
* Common code for getting the bytes of a url. * Common code for getting the bytes of a url.
@ -384,12 +401,21 @@ public class VCard extends IQ {
} }
private static byte[] getFileBytes(File file) throws IOException { private static byte[] getFileBytes(File file) throws IOException {
BufferedInputStream bis = new BufferedInputStream(new FileInputStream(file)); BufferedInputStream bis = null;
try {
bis = new BufferedInputStream(new FileInputStream(file));
int bytes = (int) file.length(); int bytes = (int) file.length();
byte[] buffer = new byte[bytes]; byte[] buffer = new byte[bytes];
int readBytes = bis.read(buffer); int readBytes = bis.read(buffer);
bis.close(); if(readBytes != buffer.length) {
throw new IOException("Entire file not read");
}
return buffer; return buffer;
} finally {
if(bis != null) {
bis.close();
}
}
} }
/** /**
@ -403,12 +429,13 @@ public class VCard extends IQ {
return null; return null;
} }
MessageDigest digest = null; MessageDigest digest;
try { try {
digest = MessageDigest.getInstance("SHA-1"); digest = MessageDigest.getInstance("SHA-1");
} }
catch (NoSuchAlgorithmException e) { catch (NoSuchAlgorithmException e) {
e.printStackTrace(); e.printStackTrace();
return null;
} }
digest.update(bytes); digest.update(bytes);
@ -515,13 +542,13 @@ public class VCard extends IQ {
private void checkAuthenticated(XMPPConnection connection) { private void checkAuthenticated(XMPPConnection connection) {
if (connection == null) { if (connection == null) {
new IllegalArgumentException("No connection was provided"); throw new IllegalArgumentException("No connection was provided");
} }
if (!connection.isAuthenticated()) { if (!connection.isAuthenticated()) {
new IllegalArgumentException("Connection is not authenticated"); throw new IllegalArgumentException("Connection is not authenticated");
} }
if (connection.isAnonymous()) { if (connection.isAnonymous()) {
new IllegalArgumentException("Connection cannot be anonymous"); throw new IllegalArgumentException("Connection cannot be anonymous");
} }
} }
@ -590,11 +617,8 @@ public class VCard extends IQ {
if (!workAddr.equals(vCard.workAddr)) { if (!workAddr.equals(vCard.workAddr)) {
return false; return false;
} }
if (!workPhones.equals(vCard.workPhones)) { return workPhones.equals(vCard.workPhones);
return false;
}
return true;
} }
public int hashCode() { public int hashCode() {
@ -662,7 +686,7 @@ public class VCard extends IQ {
appendEmptyTag(type); appendEmptyTag(type);
appendEmptyTag("INTERNET"); appendEmptyTag("INTERNET");
appendEmptyTag("PREF"); appendEmptyTag("PREF");
appendTag("USERID", email); appendTag("USERID", StringUtils.escapeForXML(email));
} }
}); });
} }
@ -676,7 +700,7 @@ public class VCard extends IQ {
public void addTagContent() { public void addTagContent() {
appendEmptyTag(entry.getKey()); appendEmptyTag(entry.getKey());
appendEmptyTag(code); appendEmptyTag(code);
appendTag("NUMBER", (String) entry.getValue()); appendTag("NUMBER", StringUtils.escapeForXML((String) entry.getValue()));
} }
}); });
} }
@ -691,7 +715,7 @@ public class VCard extends IQ {
Iterator it = addr.entrySet().iterator(); Iterator it = addr.entrySet().iterator();
while (it.hasNext()) { while (it.hasNext()) {
final Map.Entry entry = (Map.Entry) it.next(); final Map.Entry entry = (Map.Entry) it.next();
appendTag((String) entry.getKey(), (String) entry.getValue()); appendTag((String) entry.getKey(), StringUtils.escapeForXML((String) entry.getValue()));
} }
} }
}); });
@ -704,6 +728,13 @@ public class VCard extends IQ {
private void appendGenericFields() { private void appendGenericFields() {
Iterator it = otherSimpleFields.entrySet().iterator(); Iterator it = otherSimpleFields.entrySet().iterator();
while (it.hasNext()) {
Map.Entry entry = (Map.Entry) it.next();
appendTag(entry.getKey().toString(),
StringUtils.escapeForXML((String) entry.getValue()));
}
it = otherUnescapableFields.entrySet().iterator();
while (it.hasNext()) { while (it.hasNext()) {
Map.Entry entry = (Map.Entry) it.next(); Map.Entry entry = (Map.Entry) it.next();
appendTag(entry.getKey().toString(), (String) entry.getValue()); appendTag(entry.getKey().toString(), (String) entry.getValue());
@ -714,29 +745,24 @@ public class VCard extends IQ {
if (hasOrganizationFields()) { if (hasOrganizationFields()) {
appendTag("ORG", true, new ContentBuilder() { appendTag("ORG", true, new ContentBuilder() {
public void addTagContent() { public void addTagContent() {
appendTag("ORGNAME", organization); appendTag("ORGNAME", StringUtils.escapeForXML(organization));
appendTag("ORGUNIT", organizationUnit); appendTag("ORGUNIT", StringUtils.escapeForXML(organizationUnit));
} }
}); });
} }
} }
private void appendField(String tag) {
String value = (String) otherSimpleFields.get(tag);
appendTag(tag, value);
}
private void appendFN() { private void appendFN() {
final ContentBuilder contentBuilder = new ContentBuilder() { final ContentBuilder contentBuilder = new ContentBuilder() {
public void addTagContent() { public void addTagContent() {
if (firstName != null) { if (firstName != null) {
sb.append(firstName + ' '); sb.append(StringUtils.escapeForXML(firstName)).append(' ');
} }
if (middleName != null) { if (middleName != null) {
sb.append(middleName + ' '); sb.append(StringUtils.escapeForXML(middleName)).append(' ');
} }
if (lastName != null) { if (lastName != null) {
sb.append(lastName); sb.append(StringUtils.escapeForXML(lastName));
} }
} }
}; };
@ -746,9 +772,9 @@ public class VCard extends IQ {
private void appendN() { private void appendN() {
appendTag("N", true, new ContentBuilder() { appendTag("N", true, new ContentBuilder() {
public void addTagContent() { public void addTagContent() {
appendTag("FAMILY", lastName); appendTag("FAMILY", StringUtils.escapeForXML(lastName));
appendTag("GIVEN", firstName); appendTag("GIVEN", StringUtils.escapeForXML(firstName));
appendTag("MIDDLE", middleName); appendTag("MIDDLE", StringUtils.escapeForXML(middleName));
} }
}); });
} }

View file

@ -22,6 +22,7 @@ package org.jivesoftware.smackx.provider;
import org.jivesoftware.smack.packet.IQ; import org.jivesoftware.smack.packet.IQ;
import org.jivesoftware.smack.provider.IQProvider; import org.jivesoftware.smack.provider.IQProvider;
import org.jivesoftware.smack.util.StringUtils;
import org.jivesoftware.smackx.packet.VCard; import org.jivesoftware.smackx.packet.VCard;
import org.w3c.dom.*; import org.w3c.dom.*;
import org.xmlpull.v1.XmlPullParser; import org.xmlpull.v1.XmlPullParser;
@ -49,7 +50,8 @@ public class VCardProvider implements IQProvider {
while (true) { while (true) {
switch (event) { switch (event) {
case XmlPullParser.TEXT: case XmlPullParser.TEXT:
sb.append(parser.getText()); // We must re-escape the xml so that the DOM won't throw an exception
sb.append(StringUtils.escapeForXML(parser.getText()));
break; break;
case XmlPullParser.START_TAG: case XmlPullParser.START_TAG:
sb.append('<').append(parser.getName()).append('>'); sb.append('<').append(parser.getName()).append('>');