greco: escape XML illegal characters (#32681)

2019-04-29 17:09:26 +02:00 · 2019-04-29 17:09:26 +02:00 · b312381a75
parent 7fcf7d082e
commit b312381a75
1 changed files with 13 additions and 0 deletions
--- a/passerelle/contrib/greco/models.py
+++ b/passerelle/contrib/greco/models.py
@ -15,6 +15,7 @@

 import base64
 import json
+import re

 from email import encoders
 from email.mime.audio import MIMEAudio
@ -39,6 +40,14 @@ from passerelle.soap import sudsobject_to_dict
 from .formdata import FormData, CREATION_SCHEMA, list_schema_fields


+# taken from https://lsimons.wordpress.com/2011/03/17/stripping-illegal-characters-out-of-xml-in-python/
+_illegal_xml_chars_RE = re.compile(u'[\x00-\x08\x0b\x0c\x0e-\x1F\uD800-\uDFFF\uFFFE\uFFFF]')
+
+
+def escape_xml_illegal_chars(val, replacement='?'):
+    return _illegal_xml_chars_RE.sub(replacement, val)
+
+
 class ParameterTypeError(Exception):
    http_status = 400
    log_error = False
@ -55,6 +64,10 @@ def fill_sudsobject_with_dict(sudsobject, fields, prefix=None):
        else:
            if attr in fields:
                # sudsobject.foo.bar <- fields['foo_bar']
+                field_value = fields[attr]
+                # duck-type unicode/str
+                if hasattr(field_value, 'isnumeric'):
+                    field_value = escape_xml_illegal_chars(field_value)
                setattr(sudsobject, key, fields[attr])