Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.4.5

Bug #18343 Entities in file names decoded during packaging
Submitted: 2011-03-08 07:11 UTC
From: yunosh Assigned: ashnazg
Status: Closed Package: XML_Util
PHP Version: 5.3.1 OS:
Roadmaps: (Not assigned)    
Subscription  


 [2011-03-08 07:11 UTC] yunosh (Jan Schneider)
Description: ------------ If a filename contains a correctly encoded entity in one of the package.xml tags, PEAR is decoding it when doing the packaging. <install as="Horde/Feed/fixtures/lexicon/http-p.moreover.com-cgi-local-page%2Fo=rss&s=Newsweek" name="test/Horde/Feed/fixtures/lexicon/http-p.moreover.com-cgi-local-page%2Fo=rss&s=Newsweek" /> turns into <install as="Horde/Feed/fixtures/lexicon/http-p.moreover.com-cgi-local-page%2Fo=rss&s=Newsweek" name="test/Horde/Feed/fixtures/lexicon/http-p.moreover.com-cgi-local-page%2Fo=rss&s=Newsweek" /> https://github.com/horde/horde/blob/24747aa1ad7c1e37fe15cc36e6dec3a911eeb824/framework/Feed/package.xml is an example.

Comments

 [2011-03-08 07:12 UTC] yunosh (Jan Schneider)
Nice, the bug tracker does the same :-)
 [2011-03-09 03:37 UTC] dufuz (Helgi Þormar Þorbjörnsson)
-Assigned To: +Assigned To: dufuz
 [2014-05-30 01:28 UTC] cweiske (Christian Weiske)
-Roadmap Versions: +Roadmap Versions: 1.9.5
 [2014-06-03 03:07 UTC] cweiske (Christian Weiske)
-Package: PEAR +Package: XML_Util
This is a bug with XML_Util. XML_Util::createTagFromArray() takes a $replaceEntities parameter that defines if the content of the tag should be xml-escaped or not. This parameter is mistakenly passed up to attributesToString() for which it was not meant at all, leading to the attribute values (including "name") not being escaped.
 [2014-06-04 00:25 UTC] ashnazg (Chuck Burgess)
-Assigned To: dufuz +Assigned To: ashnazg -Roadmap Versions: 1.9.5 +Roadmap Versions:
cweiske: so, it is here (https://github.com/pear/XML_Util/blob/trunk/XML/Util.php#L653) that the $replaceEntities value should have not been given, thus relying on attributeToString()'s default argument value of XML_UTIL_ENTITIES_XML instead?
 [2014-06-04 00:36 UTC] cweiske (Christian Weiske)
Exactly.
 [2014-06-04 02:37 UTC] ashnazg (Chuck Burgess)
-Status: Assigned +Status: Feedback
Pull requests are opened for this fix in XML_Util and XML_Util2. cweiske, please have a look at my change to see if it solves the issue as you've isolated it in the PEAR installer use case.
 [2014-06-06 23:19 UTC] ashnazg (Chuck Burgess)
-Status: Feedback +Status: Closed
cweiske confirmed on github PR that this patch solves the issue symptom as seen in PEAR installer usage.
 [2014-06-07 17:51 UTC] cweiske (Christian Weiske)
PEAR 1.9.5 will depend on XML_Util 1.2.3, which fixes this issue.