Tickets :: [#7031] Colons within quoted parameter values are not handled correctly

6.0.0-beta1

7/21/25

Summary	Colons within quoted parameter values are not handled correctly
Queue	Horde Framework Packages
Queue Version	FRAMEWORK_3
Type	Bug
State	Resolved
Priority	2. Medium
Owners	jan (at) horde (dot) org
Requester	develop (at) kristov (dot) de
Created	07/06/2008 (6224 days ago)
Due
Updated	08/29/2008 (6170 days ago)
Assigned	07/06/2008 (6224 days ago)
Resolved	08/29/2008 (6170 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

08/29/2008 01:37:13 PM	Jan Schneider	Comment #7 Assigned to Jan Schneider State ⇒ Resolved	Reply to this comment
Fixed in CVS.

08/29/2008 01:34:42 PM	CVS Commit	Comment #6	Reply to this comment
Changes have been made in CVS for this ticket: http://cvs.horde.org/diff.php/framework/iCalendar/iCalendar.php?r1=1.150&r2=1.151&ty=u

08/18/2008 10:25:49 PM	CVS Commit	Comment #5	Reply to this comment
Changes have been made in CVS for this ticket: http://cvs.horde.org/diff.php/framework/iCalendar/tests/read-escapes.phpt?r1=1.4&r2=1.5&ty=u

07/06/2008 10:07:01 PM	Jan Schneider	Comment #4 New Attachment: iCalendar.diff	Reply to this comment
This is the full (not working) patch.

07/06/2008 10:05:48 PM	Jan Schneider	Comment #3 Patch ⇒ No State ⇒ Feedback	Reply to this comment
It's far more complicated than that unfortunately, because the same regex must also parse vCalendar 1.0 properties which are escaped differently. Those only require semicolons in parameter values to be escaped by a preceding backslash. I came up with the following so far: $name_re = '[-a-zA-Z0-9]+'; $param_text_re = '[^";:,]'; $quoted_string_re = '"[^"]"'; $param_value_re = $param_text_re . '\|' . $quoted_string_re; $param_re = $name_re . '=' . $param_value_re; $old_param_re = '(?:' . $name_re . '=)?(?:[^;]\|(?<=\\\\);)'; And then run the preg_match like so: preg_match('/(' . $name_re . ')(;(?:' . $param_re . '\|' . $old_param_re . ')):([^\r\n])[\r\n]/', $attribute, $parts); This doesn't work unfortunately either, because the regex for the old format is too greedy. If using an ungreedy modifier, it becomes too ungreedy.

07/06/2008 09:08:57 PM	CVS Commit	Comment #2	Reply to this comment
Changes have been made in CVS for this ticket: http://cvs.horde.org/diff.php/framework/iCalendar/tests/read-escapes.phpt?r1=1.3&r2=1.4&ty=u

07/06/2008 07:19:53 PM	develop (at) kristov (dot) de	Comment #1 Priority ⇒ 2. Medium State ⇒ Unconfirmed New Attachment: horde-3.2.1-icalendar.patch Patch ⇒ Yes Milestone ⇒ Queue ⇒ Horde Framework Packages Summary ⇒ Colons within quoted parameter values are not handled correctly Type ⇒ Bug	Reply to this comment
Suppose an iCalendar file has the entry ORGANIZER;SENT-BY="mailto :a@b.c":mailto:a@b.c The ':' within the value of the parameter "SENT-BY" is taken as a separator between the parameters and the value of the ORGANIZER tag which is not correct. As per RFC 2445, we have in 4.1: param-value = paramtext / quoted-string quoted-string = DQUOTE QSAFE-CHAR DQUOTE QSAFE-CHAR = WSP / %x21 / %x23-7E / NON-US-ASCII ; Any character except CTLs and DQUOTE so quoted parameter values can contain colons. A patch is attached. It changes the regular expression for breaking down the line into tag, parameters, and values from /([^;^:])((;[^:])?):([^\r\n])[\r\n]/ to /([^;^:])((;[^;^:]=(([^"^:^;][^:^;^"])\|("[^"]")))):([^\r\n])[\r\n]/