From e013cfdba74a6ca2fced78fcdce9bd407b334284 Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Thu, 22 Feb 2024 12:04:52 +0100 Subject: [PATCH] Add safeguard for an invalid `package.xml` --- .../files/lib/system/package/PackageArchive.class.php | 10 +++++++++- .../validation/PackageValidationException.class.php | 7 +++++++ wcfsetup/install/lang/de.xml | 1 + wcfsetup/install/lang/en.xml | 1 + 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/wcfsetup/install/files/lib/system/package/PackageArchive.class.php b/wcfsetup/install/files/lib/system/package/PackageArchive.class.php index 54efdc64b8..90af896072 100644 --- a/wcfsetup/install/files/lib/system/package/PackageArchive.class.php +++ b/wcfsetup/install/files/lib/system/package/PackageArchive.class.php @@ -4,6 +4,7 @@ namespace wcf\system\package; use wcf\data\package\Package; use wcf\system\database\util\PreparedStatementConditionBuilder; +use wcf\system\exception\SystemException; use wcf\system\io\File; use wcf\system\io\Tar; use wcf\system\package\validation\PackageValidationException; @@ -154,7 +155,14 @@ class PackageArchive try { $xml->loadXML(self::INFO_FILE, $this->tar->extractToString(self::INFO_FILE)); } catch (\Exception $e) { // bugfix to avoid file caching problems - $xml->loadXML(self::INFO_FILE, $this->tar->extractToString(self::INFO_FILE)); + try { + $xml->loadXML(self::INFO_FILE, $this->tar->extractToString(self::INFO_FILE)); + } catch (SystemException $e) { + throw new PackageValidationException( + PackageValidationException::INVALID_PACKAGE_XML, + ['libxmlOutput' => $e->getDescription()], + ); + } } // parse xml diff --git a/wcfsetup/install/files/lib/system/package/validation/PackageValidationException.class.php b/wcfsetup/install/files/lib/system/package/validation/PackageValidationException.class.php index c5677a3de3..60413be52a 100644 --- a/wcfsetup/install/files/lib/system/package/validation/PackageValidationException.class.php +++ b/wcfsetup/install/files/lib/system/package/validation/PackageValidationException.class.php @@ -222,6 +222,13 @@ class PackageValidationException extends SystemException */ const MISSING_PACKAGE_DATE = 30; + /** + * the `package.xml` has syntax errors + * @var int + * @since 6.0 + */ + const INVALID_PACKAGE_XML = 31; + /** * Creates a new PackageArchiveValidationException. * diff --git a/wcfsetup/install/lang/de.xml b/wcfsetup/install/lang/de.xml index 59c4b34863..a3fd11f5c0 100644 --- a/wcfsetup/install/lang/de.xml +++ b/wcfsetup/install/lang/de.xml @@ -1953,6 +1953,7 @@ Die Datenbestände werden sorgfältig gepflegt, aber es ist nicht ausgeschlossen + {$packageName} ist abgelaufen. Bitte aktualisiere{if !LANGUAGE_USE_INFORMAL_VARIANT}n Sie{/if} auf die aktuelle Version, um diese Software weiterhin legal betreiben zu können.{if $pluginStoreFileID || $isWoltLab}
{if LANGUAGE_USE_INFORMAL_VARIANT}Du kannst{else}Sie können{/if} die aktuelle Version sicher und bequem {if $pluginStoreFileID}im WoltLab Plugin-Store{else}auf WoltLab.com{/if} erwerben.{/if}]]> {$evaluationEndDate|plainTime} ({@$evaluationEndDate|dateDiff:TIME_NOW:true}) ablaufen. Mit Ablauf der Frist deaktiviert sich die App automatisch, es ist dann notwendig diese auf die endgültige Version zu aktualisieren, um den legalen Betrieb fortzusetzen. diff --git a/wcfsetup/install/lang/en.xml b/wcfsetup/install/lang/en.xml index b8615481ad..21fe420f9d 100644 --- a/wcfsetup/install/lang/en.xml +++ b/wcfsetup/install/lang/en.xml @@ -1936,6 +1936,7 @@ The database is carefully maintained, but there will be always be a margin of er + {$packageName} has expired. For a legal use of this software, please update to the latest available version.{if $pluginStoreFileID || $isWoltLab}
The latest version can be purchased quickly and securely {if $pluginStoreFileID}in the WoltLab Plugin-Store{else}on WoltLab.com{/if}.{/if}]]> {$evaluationEndDate|plainTime} ({@$evaluationEndDate|dateDiff:TIME_NOW:true}). The apps will automatically disable themselves after this date and become unusable, you'll need to install the latest versions of the apps to active them again. -- 2.20.1