From 1f156573a6157fa2cc19d554485e3c5322a1fc15 Mon Sep 17 00:00:00 2001 From: Paul 'flowerysong' Arthur Date: Wed, 30 Jun 2010 04:19:48 +0000 Subject: Try not to include invalid characters in our AJAX XML output. --- lib/ui.lib.php | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/lib/ui.lib.php b/lib/ui.lib.php index 4a5767a9..abc9840c 100644 --- a/lib/ui.lib.php +++ b/lib/ui.lib.php @@ -556,7 +556,7 @@ function get_user_icon($name,$title='',$id='') { * This takes a one dimensional array and creates a XML document from it. For * use primarily by the ajax mojo. */ -function xml_from_array($array,$callback=0,$type='') { +function xml_from_array($array, $callback = false, $type = '') { $string = ''; @@ -610,10 +610,15 @@ function xml_from_array($array,$callback=0,$type='') { return $string; break; default: - foreach ($array as $key=>$value) { - if (is_numeric($key)) { $key = 'item'; } + foreach ($array as $key => $value) { + // No numeric keys + if (is_numeric($key)) { + $key = 'item'; + } + if (is_array($value)) { - $value = xml_from_array($value,1); + // Call ourself + $value = xml_from_array($value, true); $string .= "\t$value\n"; } else { @@ -623,10 +628,21 @@ function xml_from_array($array,$callback=0,$type='') { // end foreach elements } if (!$callback) { - $string = "\n\n" . $string . "\n"; + $string = '' . + "\n\n" . $string . "\n"; } - return $string; + // Remove invalid XML characters. + // See http://www.w3.org/TR/2006/REC-xml-20060816/#charsets + $clean = preg_replace('/[\x{0}-\x{8}\x{b}\x{c}\x{e}-\x{1f}\x{d800}-\x{dfff}\x{fffe}-\x{ffff}]/u', '', $string); + + if ($clean) { + return $clean; + } + else { + debug_event('xml_from_array', 'Charset cleanup failed, generated XML may be invalid', 1); + return $string; + } break; } } // xml_from_array -- cgit