Add safeguard for an invalid `package.xml`

diff --git a/wcfsetup/install/files/lib/system/package/PackageArchive.class.php b/wcfsetup/install/files/lib/system/package/PackageArchive.class.php
index 54efdc64b802617a639f68ef7ac58715dc165af0..90af896072b44198c713919051f89d19a7251adb 100644 (file)
--- a/wcfsetup/install/files/lib/system/package/PackageArchive.class.php
+++ b/wcfsetup/install/files/lib/system/package/PackageArchive.class.php
@@ -4,6 +4,7 @@ namespace wcf\system\package;
 
 use wcf\data\package\Package;
 use wcf\system\database\util\PreparedStatementConditionBuilder;
+use wcf\system\exception\SystemException;
 use wcf\system\io\File;
 use wcf\system\io\Tar;
 use wcf\system\package\validation\PackageValidationException;
@@ -154,7 +155,14 @@ class PackageArchive
         try {
             $xml->loadXML(self::INFO_FILE, $this->tar->extractToString(self::INFO_FILE));
         } catch (\Exception $e) { // bugfix to avoid file caching problems
-            $xml->loadXML(self::INFO_FILE, $this->tar->extractToString(self::INFO_FILE));
+            try {
+                $xml->loadXML(self::INFO_FILE, $this->tar->extractToString(self::INFO_FILE));
+            } catch (SystemException $e) {
+                throw new PackageValidationException(
+                    PackageValidationException::INVALID_PACKAGE_XML,
+                    ['libxmlOutput' => $e->getDescription()],
+                );
+            }
         }
 
         // parse xml

diff --git a/wcfsetup/install/files/lib/system/package/validation/PackageValidationException.class.php b/wcfsetup/install/files/lib/system/package/validation/PackageValidationException.class.php
index c5677a3de31f5b1a845c57c01edc67e4ca8d4c07..60413be52a36e1605251f80eb53d753f828d4b02 100644 (file)
--- a/wcfsetup/install/files/lib/system/package/validation/PackageValidationException.class.php
+++ b/wcfsetup/install/files/lib/system/package/validation/PackageValidationException.class.php
@@ -222,6 +222,13 @@ class PackageValidationException extends SystemException
      */
     const MISSING_PACKAGE_DATE = 30;
 
+    /**
+     * the `package.xml` has syntax errors
+     * @var int
+     * @since 6.0
+     */
+    const INVALID_PACKAGE_XML = 31;
+
     /**
      * Creates a new PackageArchiveValidationException.
      *

diff --git a/wcfsetup/install/lang/de.xml b/wcfsetup/install/lang/de.xml
index 205c3426e568be902e2d6f3ea08fb56937f02c9b..6d72f8e890286c69af37945c87a3d37fe65b5347 100644 (file)
--- a/wcfsetup/install/lang/de.xml
+++ b/wcfsetup/install/lang/de.xml
@@ -1953,6 +1953,7 @@ Die Datenbestände werden sorgfältig gepflegt, aber es ist nicht ausgeschlossen
                <item name="wcf.acp.package.validation.errorCode.28"><![CDATA[Die &lt;packageinformation&gt; enthalten das doppelte Element „{$tag}“.]]></item>
                <item name="wcf.acp.package.validation.errorCode.29"><![CDATA[Es wurde keine Paketversion angegeben.]]></item>
                <item name="wcf.acp.package.validation.errorCode.30"><![CDATA[Es wurde keine Paketdatum angegeben.]]></item>
+               <item name="wcf.acp.package.validation.errorCode.30"><![CDATA[Die Datei „package.xml“ ist ungültig{if $libxmlOutput}: {$libxmlOutput}{/if}.]]></item>
                <item name="wcf.acp.package.validation.failed"><![CDATA[Das hochgeladene Paket kann nicht installiert werden, bitte {if LANGUAGE_USE_INFORMAL_VARIANT}beachte{else}beachten Sie{/if} das unten stehende Prüfungsergebnis.]]></item>
                <item name="wcf.acp.package.evaluation.expired"><![CDATA[Die Testphase von <strong>{$packageName}</strong> ist abgelaufen. {if $pluginStoreFileID || $isWoltLab}<br>{if LANGUAGE_USE_INFORMAL_VARIANT}Du kannst{else}Sie können{/if} die aktuelle Version sicher und bequem <strong>{if $pluginStoreFileID}<a href="https://pluginstore.woltlab.com/file/{$pluginStoreFileID}/">im WoltLab Plugin-Store</a>{else}<a href="https://www.woltlab.com/de/kaufen/">auf WoltLab.com</a>{/if}</strong> erwerben.{/if}]]></item>
                <item name="wcf.acp.package.evaluation.pending"><![CDATA[Bei den folgenden installierten Apps handelt es sich um Testversionen, die am <strong>{$evaluationEndDate|plainTime}</strong> ({@$evaluationEndDate|dateDiff:TIME_NOW:true}) ablaufen. Mit Ablauf der Frist deaktiviert sich die App automatisch, es ist dann notwendig diese auf die endgültige Version zu aktualisieren, um den legalen Betrieb fortzusetzen.

diff --git a/wcfsetup/install/lang/en.xml b/wcfsetup/install/lang/en.xml
index 0a63506079d227bb2ce355043da8d0233fdfeeab..6e64e46f7304cb51271ddff7619a3fc7b1ce1183 100644 (file)
--- a/wcfsetup/install/lang/en.xml
+++ b/wcfsetup/install/lang/en.xml
@@ -1936,6 +1936,7 @@ The database is carefully maintained, but there will be always be a margin of er
                <item name="wcf.acp.package.validation.errorCode.28"><![CDATA[The &lt;packageinformation&gt; contain the duplicate child element “{$tag}”.]]></item>
                <item name="wcf.acp.package.validation.errorCode.29"><![CDATA[No package version was given.]]></item>
                <item name="wcf.acp.package.validation.errorCode.30"><![CDATA[No package date was given.]]></item>
+               <item name="wcf.acp.package.validation.errorCode.30"><![CDATA[The file “package.xml” is invalid{if $libxmlOutput}: {$libxmlOutput}{/if}.]]></item>
                <item name="wcf.acp.package.validation.failed"><![CDATA[The package cannot be installed, please review the validation results below.]]></item>
                <item name="wcf.acp.package.evaluation.expired"><![CDATA[The evaluation period of <strong>{$packageName}</strong> has expired. {if $pluginStoreFileID || $isWoltLab}<br>The latest version can be purchased quickly and securely <strong>{if $pluginStoreFileID}<a href="https://pluginstore.woltlab.com/file/{$pluginStoreFileID}/">in the WoltLab Plugin-Store</a>{else}<a href="https://www.woltlab.com/en/purchase/">on WoltLab.com</a>{/if}</strong>.{/if}]]></item>
                <item name="wcf.acp.package.evaluation.pending"><![CDATA[The evaluation period of the apps listed below will expire on <strong>{$evaluationEndDate|plainTime}</strong> ({@$evaluationEndDate|dateDiff:TIME_NOW:true}). The apps will automatically disable themselves after this date and become unusable, you'll need to install the latest versions of the apps to active them again.