lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-10-27 04:19:04 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Throwing exception when an invalid XML character is being saved into Infoset (#8219) (Lombiq Technologies: ORCH-208), fixes #7560

Browse Source
This commit is contained in:
Zoltán Lehóczky
2019-06-05 13:36:04 +02:00
committed by Benedek Farkas
parent 744f8880ff
commit bf1945d3a9
5 changed files with 36 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/Orchard.Tests/ContentManagement/Drivers/FieldStorage/InfosetFieldStorageProviderTests.cs
View File

@@ -1,4 +1,5 @@
using System.Linq; using System;
using System.Linq;
using Autofac; using Autofac;
using NUnit.Framework; using NUnit.Framework;
using Orchard.ContentManagement; using Orchard.ContentManagement;
@@ -122,5 +123,15 @@ namespace Orchard.Tests.ContentManagement.Drivers.FieldStorage {
public void VersionedSettingOnInfosetField() { public void VersionedSettingOnInfosetField() {
Assert.Fail("todo"); Assert.Fail("todo");
} }
[Test]
public void ForbiddenXmlCharactersCauseException() {
var part = CreateContentItemPart();
var storage = _provider.BindStorage(part, part.PartDefinition.Fields.Single());
foreach (var character in InfosetHelper.InvalidXmlCharacters) {
Assert.Throws<ArgumentException>(() => storage.Set("alpha", character));
}
}
} }
} }

1
src/Orchard/ContentManagement/FieldStorage/InfosetStorage/InfosetPart.cs
View File

@@ -69,6 +69,7 @@ namespace Orchard.ContentManagement.FieldStorage.InfosetStorage {
} }
public void Set(string partName, string fieldName, string valueName, string value, bool versionable = false) { public void Set(string partName, string fieldName, string valueName, string value, bool versionable = false) {
InfosetHelper.ThrowIfContainsInvalidXmlCharacter(value);
var element = versionable ? VersionInfoset.Element : Infoset.Element; var element = versionable ? VersionInfoset.Element : Infoset.Element;

2
src/Orchard/ContentManagement/FieldStorage/InfosetStorage/InfosetStorageProvider.cs
View File

@@ -38,6 +38,8 @@ namespace Orchard.ContentManagement.FieldStorage.InfosetStorage {
} }
private void Set(XElement element, string partName, string fieldName, string valueName, string value) { private void Set(XElement element, string partName, string fieldName, string valueName, string value) {
InfosetHelper.ThrowIfContainsInvalidXmlCharacter(value);
var partElement = element.Element(partName); var partElement = element.Element(partName);
if (partElement == null) { if (partElement == null) {
partElement = new XElement(partName); partElement = new XElement(partName);

19
src/Orchard/ContentManagement/InfosetHelper.cs
View File

@@ -1,4 +1,5 @@
using System; using System;
using System.Linq;
using System.Linq.Expressions; using System.Linq.Expressions;
using System.Xml.Linq; using System.Xml.Linq;
using Orchard.ContentManagement.FieldStorage.InfosetStorage; using Orchard.ContentManagement.FieldStorage.InfosetStorage;
@@ -7,6 +8,8 @@ using Orchard.Utility;
namespace Orchard.ContentManagement { namespace Orchard.ContentManagement {
public static class InfosetHelper { public static class InfosetHelper {
public static readonly char[] InvalidXmlCharacters =
Enumerable.Range(0, 32).Except(new[] { 9, 10, 13 }).Select(codePoint => Char.ConvertFromUtf32(codePoint)[0]).ToArray();
public static TProperty Retrieve<TPart, TProperty>(this TPart contentPart, public static TProperty Retrieve<TPart, TProperty>(this TPart contentPart,
Expression<Func<TPart, TProperty>> targetExpression, Expression<Func<TPart, TProperty>> targetExpression,
@@ -129,5 +132,21 @@ namespace Orchard.ContentManagement {
propertyInfo.SetValue(contentPart.Record, value, null); propertyInfo.SetValue(contentPart.Record, value, null);
contentPart.Store(name, value, versioned); contentPart.Store(name, value, versioned);
} }
/// <summary>
/// Checks the given string and throws an <see cref="ArgumentException"/> if it contains characters that are
/// invalid in XML. Otherwise just returns the original string.
/// </summary>
/// <param name="value">The string to check for invalid XML characters.</param>
/// <exception cref="ArgumentException">Thrown if the string contains invalid characters.</exception>
/// <returns>The original string if no invalid characters were found.</returns>
public static string ThrowIfContainsInvalidXmlCharacter(string value) {
if (!value.Any(character => InvalidXmlCharacters.Contains(character))) {
return value;
}
throw new ArgumentException(
$"The string contains character(s) that are invalid in XML and which should be removed.");
}
} }
} }

4
src/Orchard/ContentManagement/XmlHelper.cs
View File

@@ -52,7 +52,7 @@ namespace Orchard.ContentManagement {
/// <param name="value">The value to set.</param> /// <param name="value">The value to set.</param>
/// <returns>Itself</returns> /// <returns>Itself</returns>
public static XElement Attr<T>(this XElement el, string name, T value) { public static XElement Attr<T>(this XElement el, string name, T value) {
el.SetAttributeValue(name, ToString(value)); el.SetAttributeValue(name, InfosetHelper.ThrowIfContainsInvalidXmlCharacter(ToString(value)));
return el; return el;
} }
@@ -141,7 +141,7 @@ namespace Orchard.ContentManagement {
/// <param name="value">The value.</param> /// <param name="value">The value.</param>
/// <returns>The element.</returns> /// <returns>The element.</returns>
public static XElement Val<TValue>(this XElement el, TValue value) { public static XElement Val<TValue>(this XElement el, TValue value) {
el.SetValue(ToString(value)); el.SetValue(InfosetHelper.ThrowIfContainsInvalidXmlCharacter(ToString(value)));
return el; return el;
} }