Throwing exception when an invalid XML character is being saved into Infoset (#8219) (Lombiq Technologies: ORCH-208), fixes #7560

2025-10-26 20:16:15 +08:00 · 2019-06-05 13:36:04 +02:00
parent 744f8880ff
commit bf1945d3a9
5 changed files with 36 additions and 3 deletions
--- a/src/Orchard.Tests/ContentManagement/Drivers/FieldStorage/InfosetFieldStorageProviderTests.cs
+++ b/src/Orchard.Tests/ContentManagement/Drivers/FieldStorage/InfosetFieldStorageProviderTests.cs
@@ -1,4 +1,5 @@
-using System.Linq;
+using System;
+using System.Linq;
 using Autofac;
 using NUnit.Framework;
 using Orchard.ContentManagement;
@@ -122,5 +123,15 @@ namespace Orchard.Tests.ContentManagement.Drivers.FieldStorage {
        public void VersionedSettingOnInfosetField() {
            Assert.Fail("todo");
        }
+
+        [Test]
+        public void ForbiddenXmlCharactersCauseException() {
+            var part = CreateContentItemPart();
+            var storage = _provider.BindStorage(part, part.PartDefinition.Fields.Single());
+
+            foreach (var character in InfosetHelper.InvalidXmlCharacters) {
+                Assert.Throws<ArgumentException>(() => storage.Set("alpha", character));
+            }
+        }
    }
 }
--- a/src/Orchard/ContentManagement/FieldStorage/InfosetStorage/InfosetPart.cs
+++ b/src/Orchard/ContentManagement/FieldStorage/InfosetStorage/InfosetPart.cs
@@ -69,6 +69,7 @@ namespace Orchard.ContentManagement.FieldStorage.InfosetStorage {
        }

        public void Set(string partName, string fieldName, string valueName, string value, bool versionable = false) {
+            InfosetHelper.ThrowIfContainsInvalidXmlCharacter(value);

            var element = versionable ? VersionInfoset.Element : Infoset.Element;

--- a/src/Orchard/ContentManagement/FieldStorage/InfosetStorage/InfosetStorageProvider.cs
+++ b/src/Orchard/ContentManagement/FieldStorage/InfosetStorage/InfosetStorageProvider.cs
@@ -38,6 +38,8 @@ namespace Orchard.ContentManagement.FieldStorage.InfosetStorage {
        }

        private void Set(XElement element, string partName, string fieldName, string valueName, string value) {
+            InfosetHelper.ThrowIfContainsInvalidXmlCharacter(value);
+
            var partElement = element.Element(partName);
            if (partElement == null) {
                partElement = new XElement(partName);
--- a/src/Orchard/ContentManagement/InfosetHelper.cs
+++ b/src/Orchard/ContentManagement/InfosetHelper.cs
@@ -1,4 +1,5 @@
 using System;
+using System.Linq;
 using System.Linq.Expressions;
 using System.Xml.Linq;
 using Orchard.ContentManagement.FieldStorage.InfosetStorage;
@@ -7,6 +8,8 @@ using Orchard.Utility;

 namespace Orchard.ContentManagement {
    public static class InfosetHelper {
+        public static readonly char[] InvalidXmlCharacters =
+            Enumerable.Range(0, 32).Except(new[] { 9, 10, 13 }).Select(codePoint => Char.ConvertFromUtf32(codePoint)[0]).ToArray();

        public static TProperty Retrieve<TPart, TProperty>(this TPart contentPart,
            Expression<Func<TPart, TProperty>> targetExpression,
@@ -129,5 +132,21 @@ namespace Orchard.ContentManagement {
            propertyInfo.SetValue(contentPart.Record, value, null);
            contentPart.Store(name, value, versioned);
        }
+
+        /// <summary>
+        /// Checks the given string and throws an <see cref="ArgumentException"/> if it contains characters that are
+        /// invalid in XML. Otherwise just returns the original string.
+        /// </summary>
+        /// <param name="value">The string to check for invalid XML characters.</param>
+        /// <exception cref="ArgumentException">Thrown if the string contains invalid characters.</exception>
+        /// <returns>The original string if no invalid characters were found.</returns>
+        public static string ThrowIfContainsInvalidXmlCharacter(string value) {
+            if (!value.Any(character => InvalidXmlCharacters.Contains(character))) {
+                return value;
+            }
+
+            throw new ArgumentException(
+                $"The string contains character(s) that are invalid in XML and which should be removed.");
+        }
    }
 }
--- a/src/Orchard/ContentManagement/XmlHelper.cs
+++ b/src/Orchard/ContentManagement/XmlHelper.cs
@@ -52,7 +52,7 @@ namespace Orchard.ContentManagement {
        /// <param name="value">The value to set.</param>
        /// <returns>Itself</returns>
        public static XElement Attr<T>(this XElement el, string name, T value) {
-            el.SetAttributeValue(name, ToString(value));
+            el.SetAttributeValue(name, InfosetHelper.ThrowIfContainsInvalidXmlCharacter(ToString(value)));
            return el;
        }

@@ -141,7 +141,7 @@ namespace Orchard.ContentManagement {
        /// <param name="value">The value.</param>
        /// <returns>The element.</returns>
        public static XElement Val<TValue>(this XElement el, TValue value) {
-            el.SetValue(ToString(value));
+            el.SetValue(InfosetHelper.ThrowIfContainsInvalidXmlCharacter(ToString(value)));
            return el;
        }