Properly validate hex colors

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-09-01 14:10:42 +02:00
parent 341a9628e9
commit c2a4f946b4
1 changed files with 6 additions and 1 deletions
--- a/lib/DAV/Calendar.php
+++ b/lib/DAV/Calendar.php
@@ -30,6 +30,7 @@ use Sabre\CalDAV\Xml\Property\SupportedCalendarComponentSet;
 use Sabre\DAV\Exception\Forbidden;
 use Sabre\DAV\Exception\NotFound;
 use Sabre\DAV\PropPatch;
 use Sabre\VObject\InvalidDataException;
 class Calendar extends ExternalCalendar {
@@ -164,7 +165,11 @@ class Calendar extends ExternalCalendar {
 						$this->board->setTitle($value);
 						break;
 					case '{http://apple.com/ns/ical/}calendar-color':
-						$this->board->setColor(substr($value, 1));
+						$color = substr($value, 1, 6);
 						if (!preg_match('/[a-f0-9]{6}/i', $color)) {
 							throw new InvalidDataException('No valid color provided');
 						}
 						$this->board->setColor($color);
 						break;
 				}
 			}