Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 0.20.2

Bug #15602 attributes don't get escaped sometimes
Submitted: 2009-01-10 13:01 UTC Modified: 2009-01-24 23:09 UTC
From: lapo Assigned: ashnazg
Status: Closed Package: XML_Serializer (version 0.19.1)
PHP Version: 5.2.8 OS:
Roadmaps: 0.19.2    
Subscription  


 [2009-01-10 13:01 UTC] lapo (Lapo Luchini)
Description: ------------ I found a case in which XML produced by XML_Serializer seems to be invalid, as per: http://www.w3.org/TR/2006/REC-xml-20060816/#syntax The ampersand character (&) and the left angle bracket (<) must not appear in their literal form Test script: --------------- http://pastebin.ca/1305247 Expected result: ---------------- <?xml version="1.0" encoding="UTF-8"?> <FooTag attr1="I say: "A", B & C, 'd'!"> <tag1 attr1="I say: "A", B & C, 'd'!"> <tag2>I say: "A", B & C, 'd'!</tag2> </tag1> <tag3 attr1="I say: "A", B & C, 'd'!">I say: "A", B & C, 'd'!</tag3> </FooTag> Actual result: -------------- <?xml version="1.0" encoding="UTF-8"?> <FooTag attr1="I say: "A", B & C, 'd'!"> <tag1 attr1="I say: "A", B & C, 'd'!"> <tag2>I say: "A", B & C, 'd'!</tag2> </tag1> <tag3 attr1="I say: "A", B & C, 'd'!">I say: "A", B & C, 'd'!</tag3> </FooTag>

Comments

 [2009-01-13 05:36 UTC] daniel226 (Daniel Jost)
confirmed, php version 4.4.9
 [2009-01-13 17:39 UTC] jesse (Jesse Dp)
I just ran across this today and patched the version we are using. All I did was change line 832 in Serializer.php to: $atts[$this->options[XML_SERIALIZER_OPTION_ATTRIBUTE_KEY]] = XML_Util::replaceEntities($origKey, $this->options[XML_SERIALIZER_OPTION_ENTITIES]); There's a chance that's not the complete, proper solution, but it does the trick for me. Probably needs to be done in the Unserializer.php, too, but I didn't care about that.
 [2009-01-15 09:35 UTC] doconnor (Daniel O'Connor)
Copied test script <?php require_once('XML/Serializer.php'); define('XML_ATTR', 'XML_Attributes_Array'); $options = array( XML_SERIALIZER_OPTION_INDENT => ' ', XML_SERIALIZER_OPTION_LINEBREAKS => "\n", XML_SERIALIZER_OPTION_ROOT_NAME => 'FooTag', XML_SERIALIZER_OPTION_MODE => XML_SERIALIZER_MODE_SIMPLEXML, XML_SERIALIZER_OPTION_ATTRIBUTES_KEY => XML_ATTR, XML_SERIALIZER_OPTION_XML_ENCODING => 'UTF-8', XML_SERIALIZER_OPTION_XML_DECL_ENABLED => true, XML_SERIALIZER_OPTION_ENTITIES => XML_SERIALIZER_ENTITIES_XML, ); $v = 'I say: "A", B & C, \'d\'!'; $a = array('attr1' => $v); $xml = array( XML_ATTR => $a, 'tag1' => array(XML_ATTR => $a, 'tag2' => $v), 'tag3' => array(XML_ATTR => $a, $v), ); $serializer = new XML_Serializer($options); $serializer->serialize($xml); echo $serializer->getSerializedData();
 [2009-01-24 23:09 UTC] ashnazg (Chuck Burgess)
The provided test case performs as described, with me testing XML_Serializer-0.19.1 on PHP 5.2.6 on Ubuntu-8.10. The attached patch (with missing brackets added) makes the test work, without breaking any existing tests. Change committed to CVS, and test case added.
 [2009-04-24 16:53 UTC] kovaltaras (Taras Koval)
This fix not working in PHP 4.x. Check errors