Closed Bug 349892 Opened 17 years ago Closed 15 years ago

no validation what (kind of data) is pasted [clipboard]

Categories

(Calendar :: General, defect)

Product:
Calendar
Component:
General
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: damian.publicemail, Assigned: mschroeder)

Details

Attachments

(1 file, 1 obsolete file)

Patch v1
5.11 KB, patch
dbo
: review+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060823 Calendar/0.3a2+

you can copy and paste events but there is no validation if you really paste event or some binary file...

Reproducible: Always

Steps to Reproduce:
1. copy plain text to clipboard, eg "sunbird"
2. select one day in week view mode
3. from menu "edit" select "paste"

Actual Results:  
error console:

Error: uncaught exception: [Exception... "Component returned failure code: 0x804a0107 [calIICSService.parseICS]"  nsresult: "0x804a0107 (<unknown>)"  location: "JS frame :: chrome://calendar/content/clipboard.js :: pasteFromClipboard :: line 218"  data: no]

Expected Results:  
before you try to paste you should test if data is valid

if you try to copy very long text you will get another error:

Error: Severe error in internal transaction code!
ID already exists for addItem
Please report this to the developers.

Source File: chrome://calendar/content/calendar-item-editing.js
Line: 297


yesterday i paste some crazy kind of data and Sunbird didn't response for 10-15 seconds
this scenario and second error might be related to bug 349688
Version: unspecified → Trunk
I can confirm the bug with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20061027 Calendar/0.4a1

Error is almost the same:
Error: uncaught exception: [Exception... "Component returned failure code: 0x804a0107 [calIICSService.parseICS]"  nsresult: "0x804a0107 (<unknown>)"  location: "JS frame :: chrome://calendar/content/clipboard.js :: pasteFromClipboard :: line 215"  data: no]
Confirmed. In http://lxr.mozilla.org/seamonkey/source/calendar/resources/content/clipboard.js#215 we call parseICS (http://lxr.mozilla.org/seamonkey/source/calendar/base/src/calICSService.cpp#1190) and because it is no ICS data there is an error returned. Some error handling to improve user experience is definitely needed.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Still occurs with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13pre) Gecko/20080222 Calendar/0.8pre

Error console:

Error: [Exception... "Component returned failure code: 0x804a0107 [calIICSService.parseICS]"  nsresult: "0x804a0107 (<unknown>)"  location: "JS frame :: chrome://calendar/content/clipboard.js :: pasteFromClipboard :: line 220"  data: no]
Source File: chrome://calendar/content/clipboard.js
Line: 220

Error: uncaught exception: [Exception... "Component returned failure code: 0x804a0107 [calIICSService.parseICS]"  nsresult: "0x804a0107 (<unknown>)"  location: "JS frame :: chrome://calendar/content/clipboard.js :: pasteFromClipboard :: line 220"  data: no]
Assignee: nobody → mschroeder
Status: NEW → ASSIGNED
Component: Calendar Views → General
OS: Windows XP → All
QA Contact: views → general
Hardware: PC → All
Summary: no validation what (kind of data) is pasted → no validation what (kind of data) is pasted [clipboard]
Maybe it's easier to use Components.classes["@mozilla.org/calendar/ics-parser;1"].createInstance(Components.interfaces.calIIcsParser).parseString(...) for better error handling in calendar-clipboard.js. Daniel, do you think this is the right way to go?
Yes, the whole code could use the ics-parser. This should fix passing overridden items with a master, too (mind to call calIRecurrenceInfo::onStartDateChange in case it's a recurring item). I'd just catch away parsing errors.
BTW, separate bug: copy to clipboard should use the ics serializer.
(In reply to comment #6)
> Yes, the whole code could use the ics-parser. This should fix passing
> overridden items with a master, too (mind to call
> calIRecurrenceInfo::onStartDateChange in case it's a recurring item). I'd just
> catch away parsing errors.

Daniel, can you elaborate on the issues with overridden items with a master? And what about the items I get from |icsParser.getParentlessItems({})|?

> BTW, separate bug: copy to clipboard should use the ics serializer.

I'll also fix this here.
Attached patch WIP patch (obsolete) — Splinter Review 

    
    

    
  
(In reply to comment #7)
> Daniel, can you elaborate on the issues with overridden items with a master?
> And what about the items I get from |icsParser.getParentlessItems({})|?
The current code doesn't relate overridden instances (i.e. items with a RECURRENCE-ID) of a recurring series correctly with the passed master item's calIRecurrenceInfo, which results in dataloss. The ics parser does.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Patch v1Splinter Review
      

    


  
The handling of parentless items (icsParser.getParentlessItems({})) should be solved in bug 345607. This patch causes a 'regression', ie. no occurrences of recurring events can be copied, but I think it will be solved soon. ;)

        Attachment #348380 -
        Attachment is obsolete: true

        Attachment #348660 -
        Flags: review?(daniel.boelzle)

    
    

    
  
Comment on attachment 348660 [details] [diff] [review]
Patch v1

>+            let icsParser = Components.classes["@mozilla.org/calendar/ics-parser;1"]
>+                                      .createInstance(Components.interfaces.calIIcsParser);
>+            try {
>+                icsParser.parseString(data, null);
>+            } catch(e) {
>+                return;
I'd prefer you remove this return statement and run into the existing check below.
>+            }
>+            
>+            let items = icsParser.getItems({});
>+            if (!items || items.length == 0) {
parser.getItems always returns an array, even if empty. No need to check for !items.

>+                return;
>             }

The patch looks good, although I haven't tested it; r=dbo

        Attachment #348660 -
        Flags: review?(daniel.boelzle) → review+

    
    

    
  
Pushed to comm-central <http://hg.mozilla.org/comm-central/rev/1bd290819112>

-> FIXED
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Target Milestone: --- → 1.0

    
    

    
  
Checked in sunbird and lightning build 20081130 -> VERIFIED
Status: RESOLVED → VERIFIED

    
    

    
  
These bugs are likely targeted at Lightning 1.0b1, not Lightning 1.0. If this change was done in error, please adjust the target milestone to its correct value. To filter on this bugspam, you can use "lightning-10-target-move".
Target Milestone: 1.0 → 1.0b1

          You need to log in
          before you can comment on or make changes to this bug.