Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.3.0

Bug #18343 Entities in file names decoded during packaging
Submitted: 2011-03-08 02:11 UTC
From: yunosh Assigned: ashnazg
Status: Closed Package: XML_Util
PHP Version: 5.3.1 OS:
Roadmaps: (Not assigned)    

 [2011-03-08 02:11 UTC] yunosh (Jan Schneider)
Description: ------------ If a filename contains a correctly encoded entity in one of the package.xml tags, PEAR is decoding it when doing the packaging. <install as="Horde/Feed/fixtures/lexicon/" name="test/Horde/Feed/fixtures/lexicon/" /> turns into <install as="Horde/Feed/fixtures/lexicon/" name="test/Horde/Feed/fixtures/lexicon/" /> is an example.


 [2011-03-08 02:12 UTC] yunosh (Jan Schneider)
Nice, the bug tracker does the same :-)
 [2011-03-08 22:37 UTC] dufuz (Helgi Þormar Þorbjörnsson)
-Assigned To: +Assigned To: dufuz
 [2014-05-29 20:28 UTC] cweiske (Christian Weiske)
-Roadmap Versions: +Roadmap Versions: 1.9.5
 [2014-06-02 22:07 UTC] cweiske (Christian Weiske)
-Package: PEAR +Package: XML_Util
This is a bug with XML_Util. XML_Util::createTagFromArray() takes a $replaceEntities parameter that defines if the content of the tag should be xml-escaped or not. This parameter is mistakenly passed up to attributesToString() for which it was not meant at all, leading to the attribute values (including "name") not being escaped.
 [2014-06-03 19:25 UTC] ashnazg (Chuck Burgess)
-Assigned To: dufuz +Assigned To: ashnazg -Roadmap Versions: 1.9.5 +Roadmap Versions:
cweiske: so, it is here ( that the $replaceEntities value should have not been given, thus relying on attributeToString()'s default argument value of XML_UTIL_ENTITIES_XML instead?
 [2014-06-03 19:36 UTC] cweiske (Christian Weiske)
 [2014-06-03 21:37 UTC] ashnazg (Chuck Burgess)
-Status: Assigned +Status: Feedback
Pull requests are opened for this fix in XML_Util and XML_Util2. cweiske, please have a look at my change to see if it solves the issue as you've isolated it in the PEAR installer use case.
 [2014-06-06 18:19 UTC] ashnazg (Chuck Burgess)
-Status: Feedback +Status: Closed
cweiske confirmed on github PR that this patch solves the issue symptom as seen in PEAR installer usage.
 [2014-06-07 12:51 UTC] cweiske (Christian Weiske)
PEAR 1.9.5 will depend on XML_Util 1.2.3, which fixes this issue.