diff --git a/lib/private/app/infoparser.php b/lib/private/app/infoparser.php
index f7c3f8213a7b84cc021a6929d9303f0ac39fedc2..b4bdbea5c04312fe358af607d0c39f14de9a728c 100644
--- a/lib/private/app/infoparser.php
+++ b/lib/private/app/infoparser.php
@@ -11,9 +11,17 @@
namespace OC\App;
use OCP\IURLGenerator;
-use SimpleXMLElement;
class InfoParser {
+ /**
+ * @var \OC\HTTPHelper
+ */
+ private $httpHelper;
+
+ /**
+ * @var IURLGenerator
+ */
+ private $urlGenerator;
/**
* @param \OC\HTTPHelper $httpHelper
@@ -25,15 +33,20 @@ class InfoParser {
}
/**
- * @param string $file
- * @return null|string
+ * @param string $file the xml file to be loaded
+ * @return null|array where null is an indicator for an error
*/
public function parse($file) {
if (!file_exists($file)) {
return null;
}
- $xml = simplexml_load_file($file);
+ $loadEntities = libxml_disable_entity_loader(false);
+ $xml = @simplexml_load_file($file);
+ libxml_disable_entity_loader($loadEntities);
+ if ($xml == false) {
+ return null;
+ }
$array = json_decode(json_encode((array)$xml), TRUE);
if (is_null($array)) {
return null;
@@ -56,15 +69,13 @@ class InfoParser {
$url = $this->urlGenerator->linkToDocs($url);
}
- $array["documentation"][$key] = $url;
-
+ $array['documentation'][$key] = $url;
}
}
if (array_key_exists('types', $array)) {
foreach ($array['types'] as $type => $v) {
unset($array['types'][$type]);
$array['types'][] = $type;
-
}
}
diff --git a/tests/data/app/invalid-info.xml b/tests/data/app/invalid-info.xml
new file mode 100644
index 0000000000000000000000000000000000000000..3947f5420c2fffa811a1da160c96ebee9a41be10
--- /dev/null
+++ b/tests/data/app/invalid-info.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0"?>
+<info
+ <id>files_encryption</id>
+ <name>Server-side Encryption</name>
+ <description>
+ This application encrypts all files accessed by ownCloud at rest, wherever they are stored. As an example, with this application enabled, external cloud based Amazon S3 storage will be encrypted, protecting this data on storage outside of the control of the Admin. When this application is enabled for the first time, all files are encrypted as users log in and are prompted for their password. The recommended recovery key option enables recovery of files in case the key is lost.
+ Note that this app encrypts all files that are touched by ownCloud, so external storage providers and applications such as SharePoint will see new files encrypted when they are accessed. Encryption is based on AES 128 or 256 bit keys. More information is available in the Encryption documentation
+ </description>
+ <licence>AGPL</licence>
+ <author>Sam Tuke, Bjoern Schiessle, Florin Peter</author>
+ <requiremin>4</requiremin>
+ <shipped>true</shipped>
+ <documentation>
+ <user>user-encryption</user>
+ <admin>admin-encryption</admin>
+ </documentation>
+ <rememberlogin>false</rememberlogin>
+ <types>
+ <filesystem/>
+ </types>
+ <ocsid>166047</ocsid>
+</info>
diff --git a/tests/lib/app/infoparser.php b/tests/lib/app/infoparser.php
index e416202a308998f15b37b6043137d0a8d0d15e1f..277e1582e45c19f93ba717c8840ce71db82a7ffb 100644
--- a/tests/lib/app/infoparser.php
+++ b/tests/lib/app/infoparser.php
@@ -45,4 +45,9 @@ class InfoParser extends \PHPUnit_Framework_TestCase {
$this->assertEquals($expectedData, $data);
}
+
+ public function testParsingInvalidXml() {
+ $data = $this->parser->parse(OC::$SERVERROOT.'/tests/data/app/invalid-info.xml');
+ $this->assertNull($data);
+ }
}