X-Attributes in Apple Addressbook photos

[mheidt]

When you crop the photo of an entry in the Apple Addressbook,
it looks like
PHOTO;X-ABCROP-RECTANGLE=ABClipRect_1&-9&20&283&283&WGHe9zKmBvRvhyIyYvN/1g=
=;ENCODING=b;TYPE=JPEG:/9j/4AAQSkZJRgABAQAAAQABAAD/4gQUSUNDX1BST0ZJTEUAAQE
AAAQEYXBwbAIAAABtbnRyUkdCIFhZWiAH2QADAA0AFQAWACNhY3NwQVBQTAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAA9tYAAQAAAADTLWFwcGzV7zp1myHv5rYyPVUXGqoJAAAAAAAAAAAAAAA

which becomes:
array(4) {
[0]=>
string(5) "photo"
[1]=>
string(70) "x-abcrop-rectangle=abcliprect_1&-9&20&283&283&wghe9zkmbvrvhyiyyvn/1g ="
[2]=>
string(10) "encoding=b"
[3]=>
string(9) "type=jpeg"
}

This yields to an endless recursion of self::ParseParameters

Therefore I added this lines:
if ($Key=='photo'){
if ($RawParams!=null){
$RawParams = array_filter($RawParams,create_function('$k','return (substr(trim($k),0,3)=="enc" || substr(trim($k),0,4)=="type");'));
}
}

Now only encoding and type are permitted for photos.

[evought]

The error occurs because there is an equals-sign in the parameter value. The '==' in the value is the tail of a base64 sequence. According to VCard 4.0 Sec 3.3, '=' is a SAFE-CHAR in values and does not need to be quoted or escaped, so the value is legal input.

The better solution would be to limit the number of terms returned by \explode(..):

$param = \explode('=', $paramStr, 2);

We are only interested in the first equals in the parameter.
The parameter name is only permitted alpha, digits, and '-', so we don't have to worry about any
quoted or escaped equals-signs waiting to ambush us. If there are quoted or unquoted equals-signs in the value, we should not care. We then only have to deal with the possibility
that 2.1 VCards may have bare type parameters (no '=').

This does lead to the issue, however that the spec allows quoted or escaped semi-colons and colons, so we need to take care with that when splitting the parameter strings initially. I am taking care of that in my implementation by using preg_split(..) to filter out valid escape sequences.