Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improper handling of escaped separator characters in VCards #4064

Closed
rcubetrac opened this issue Jan 4, 2013 · 5 comments
Closed

Improper handling of escaped separator characters in VCards #4064

rcubetrac opened this issue Jan 4, 2013 · 5 comments
Labels
bug C: Contacts
Milestone
0.9-beta

Comments

@rcubetrac
Copy link

Reported by mgrum on 4 Jan 2013 14:41 UTC as Trac ticket #1488896

When importing VCards into Roundcube, the function vcard_unquote in the file program/lib/Roundcube/rcube_vcard.php splits the VCard entries (especially the N entry) into parts that are separated by ";" or any other separation character. This function however doesn't handle escaped separator characters correctly.

What the function does is replace every occurrence of ";" by the bell character "\007" using strtr, then split the string into parts and then replace the bell characters by ";" inside these parts, again using strtr. This works in most cases, but it will fail when the "" before the ";" is escaped itself.

So for example if I enter "test" as the surname for a contact, then export it into a VCard (using any mail client that properly escapes the "" as "") and then try to import it in Roundcube, the ";" after the "" will be seen as escaped, although it is not.

The only solution to this is IMO to throw out strtr and instead loop through the string while storing the escape state in a separate variable. I wrote a function that does exactly this. It can be copied directly into the Roundcube source and used instead of strtr:

function vcard_replace_escaped_separators($s, $sep = ';') {
$out = "";
$escaped = false;

foreach(str_split($s) as $cur_char) {
if(!$escaped && $cur_char == "") {
$escaped = true;
} elseif (!$escaped) {
$out .= $cur_char;
} elseif ($escaped && $cur_char == $sep) {
$out .= "\007";
$escaped = false;
} else {
$out .= "" . $cur_char;
$escaped = false;
}
}

return $out;
}

Keywords: VCard
Migrated-From: http://trac.roundcube.net/ticket/1488896
@rcubetrac
Copy link
Author

Comment by mgrum on 4 Jan 2013 14:47 UTC

Whoops, seems like Trac doesn't display my code correcty because it contains double backslashes (as well as part of my text). Anyway, I have added the function as an attachment now.

@rcubetrac
Copy link
Author

Comment by @alecpl on 5 Jan 2013 17:20 UTC

Test added in 2c777be.

@rcubetrac
Copy link
Author

Milestone changed by @alecpl on 5 Jan 2013 17:20 UTC

later => 0.9-beta

@rcubetrac
Copy link
Author

Comment by @alecpl on 5 Jan 2013 19:18 UTC

Fixed in 21106b3.

@rcubetrac
Copy link
Author

Status changed by @alecpl on 5 Jan 2013 19:18 UTC

new => closed

@rcubetrac rcubetrac added this to the 0.9-beta milestone Mar 20, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug C: Contacts
Projects
None yet
Milestone
0.9-beta
Development

No branches or pull requests
1 participant
@rcubetrac