From 6a3fe3e9b6f22e72b0d3c9841675e013a0509986 Mon Sep 17 00:00:00 2001
From: Rene Krenn <rkrenn@sipwise.com>
Date: Tue, 14 Apr 2026 11:04:45 +0200
Subject: [PATCH] MT#62342 encode XMLRPC request body, decode XMLRPC response
 body (12.5)

prevent api 500 errors ie. from LibXML parsing because of
invalid chars.

Change-Id: I55ca6bb8931dab1fc1f611dd57a91978cb23b032
(cherry picked from commit 14caac386c236c2981e746b161f5fdd126a8cc77)
---
 lib/NGCP/Panel/Utils/Security.pm      |  4 +++-
 lib/NGCP/Panel/Utils/XMLDispatcher.pm | 11 ++++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/lib/NGCP/Panel/Utils/Security.pm b/lib/NGCP/Panel/Utils/Security.pm
index 35da809ad1..b403e3e513 100644
--- a/lib/NGCP/Panel/Utils/Security.pm
+++ b/lib/NGCP/Panel/Utils/Security.pm
@@ -60,7 +60,9 @@ EOF
     my @users = ();
     my $usr = {};
     for my $host (grep {$$_[1]} @$user_res) {
-        my $xmlDoc = $xml_parser->parse_string($host->[2]);
+        my $xml = $host->[2];
+        $xml =~ s/[\x00-\x08\x0b\x0c\x0e-\x1f]//g;
+        my $xmlDoc = $xml_parser->parse_string($xml);
         my $username = '';
         my $key = '';
         foreach my $node ($xmlDoc->findnodes('//member')) {
diff --git a/lib/NGCP/Panel/Utils/XMLDispatcher.pm b/lib/NGCP/Panel/Utils/XMLDispatcher.pm
index c947424c28..32439fb0bb 100644
--- a/lib/NGCP/Panel/Utils/XMLDispatcher.pm
+++ b/lib/NGCP/Panel/Utils/XMLDispatcher.pm
@@ -3,6 +3,7 @@ package NGCP::Panel::Utils::XMLDispatcher;
 use Sipwise::Base;
 use Net::HTTP;
 use Errno;
+use Encode qw/encode_utf8 decode_utf8/;
 
 sub dispatch {
     my ($c, $target, $all, $sync, $body, $schema) = @_;
@@ -38,7 +39,7 @@ sub dispatch {
                 return [$hostid, -1, '']; # skip the host as it is not active
             };
 
-            my $res = $s->write_request("POST", $path || "/", "User-Agent" => "Sipwise XML Dispatcher", "Content-Type" => "text/xml", $body);
+            my $res = $s->write_request($method, $path || "/", "User-Agent" => "Sipwise HTTP Dispatcher", "Content-Type" => $content_type, encode_utf8($body));
             $res or die "did not get result";
 
             my ($code, $mess, @headers) = $s->read_response_headers();
@@ -59,6 +60,14 @@ sub dispatch {
 
             # successful request
 
+            eval {
+                $body = decode_utf8($body, Encode::FB_CROAK);
+            };
+            if ($@) {
+                # If strict UTF-8 decoding fails, use lenient decoding
+                $body = decode_utf8($body, Encode::FB_QUIET);
+            }
+
             return [$hostid, 1, $body]; # return from eval only
         };