From d572f2af0238304b11bbac54b0aa4636f49c30d5 Mon Sep 17 00:00:00 2001
From: Ludovic Marcotte <lmarcotte@inverse.ca>
Date: Fri, 19 Sep 2014 14:34:20 -0400
Subject: [PATCH] get rid of control chars before returning the response

---
 NEWS                           | 1 +
 SoObjects/SOGo/SOGoGCSFolder.m | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index c40f8a13c..bac58c589 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,7 @@ Enchancements
 Bug fixes
  - fixed sending mails to multiple recipients over AS 
  - fixed freebusy support in iCal 7 and free/busy state changes (#2878, #2879)
+ - we now get rid of all potential control characters before sending the DAV response
 
 2.2.8 (2014-09-10)
 ------------------
diff --git a/SoObjects/SOGo/SOGoGCSFolder.m b/SoObjects/SOGo/SOGoGCSFolder.m
index e128f7424..3e0ef6e7e 100644
--- a/SoObjects/SOGo/SOGoGCSFolder.m
+++ b/SoObjects/SOGo/SOGoGCSFolder.m
@@ -2078,8 +2078,13 @@ static NSArray *childRecordFields = nil;
       nodeTag = [self _nodeTag: *property];
       if (*currentValue)
 	{
+          // Make sure the sent value is sanitized.
+          NSString *sanitizedValue;
+          
+          sanitizedValue = [[*currentValue componentsSeparatedByCharactersInSet: [*currentValue safeCharacterSet]]
+                             componentsJoinedByString: @""];
 	  propertyValue = [NSString stringWithFormat: @"<%@>%@</%@>",
-				    nodeTag, *currentValue, nodeTag];
+				    nodeTag, sanitizedValue, nodeTag];
 	  propDict = properties200;
 	}
       else