nextcloud
vcf file import breaks addressbook
Describe the bug
Note: reproduce in test system to avoid data corruption.
- Create addressbook in Nextcloud/Contacts with 1-2 test contacts.
- Extract b.vcf file from b.zip and import this vcs file to created addressbook.
- Address book won't display entries any more and one cannot add new contacts to addressbook.
Some chars in b.vcf have broken encoding but nc should handle it and should not break access to whole addressbook. Thunderbird allows one to import such vcf file and displays both imported contacts without problems.
Tested in nc v24.0.2 and contacts v4.1.1. Similar problem was notices in earlier versions (v23) also.
Steps to reproduce
As above.
Expected behavior
Nc should display imported contacts (with broken chars probably similar to Thunderbid) and addressbook should be accessible.
Actual behavior
Addressbook is empty in UI (database contains imported contacts). Adding new contacts in UI does not work.
Contact version
v4.1.1
Operating system
Debian 11
PHP engine version
PHP 7.4
Web server
Apache (supported)
Database
MariaDB
Operating system
Debian 11
List of activated Apps
n/a
Nextcloud Signing status
n/a
Configuration report
n/a
Additional info
No response
After futher debugging: problem is caused by 0x19 (decimal 25) character present in contact data stored in VCS file. When importing such file to Nextcloud Contacts (directly using web UI or via Thunderbird with CardDAV), this char is stored in SQL DB without changes as 0x19. When such contact data is served using CardDAV, XML response with data contains pure 0x19 char without any encoding which breaks XML parsers (web browser, Thinderbird); see Firefox debug console (F12) for example when refreshing addressbook contact list after importing example file from this issue.
Seems...
https://stackoverflow.com/questions/20001448/handling-0x19-in-xslt-1-0
...that 0x19 char cannot be present in valid XML 1.0 file and may be present in XML 1.1 file if escaped correctly (i.e. ). Not sure if CardDAV spec allows XML 1.1.
Possible solutions:
- don't allow/skip creating contacts in Nextcloud Database with characters that cannot be handled with CardDAV (seems better - user must consciously correct data before importing); may be dangerous if user won't be noticed that some contacts where skipped during import (i.e. when importing to Nextcloud Contacts DB via Thunderbird using CardDAV not web UI),
- use XML 1.1 (not sure if there are other chars that will cause similar problems even in XML 1.1 and not sure if CardDAV can use XML 1.1 and even if so - some clients may be incompatible with it),
- replace invalid characters with U+FFFD before storing it in Nextcloud Database (probably dangerous - data on CardDAV client will be different than in Nextcloud Contacts DB).
Leaving this issue unresolved sounds bad also - importing corrupted VCS file with invalid XML chars like 0x19 will deny access to whole address book (web UI) and cause problems with syncing over CardDAV (such contact cannot be imported to Thunderbird for example).
Got the same bug after importing a vcf file on my phone synchronizing back to my Nextcloud instance.
Is there any solution to get the addressbook back? If not then this bug is quite malicious.
Nextcloud 25.0.3 Contacts 5.10 PHP 8.1.13 mysql 10.7.3
Same issue when creating a new contact in the Contacts app with an invalid character in the contact notes. The downloaded ics still contains that character and when syncing via CardDAV the nextcloud server will produce an invalid xml response which breaks any CardDAV client. Since the server sends XML 1.0 it needs to filter out all invalid characters not in the range
#x9 \| #xA \| #xD \| [#x20-#xD7FF] \| [#xE000-#xFFFD] \| [#x10000-#x10FFFF]
