php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57927 Be careful with special chars when generating xml
Submitted: 2007-11-23 12:27 UTC Modified: 2017-01-10 08:10 UTC
From: mfp@php.net Assigned:
Status: Suspended Package: SCA_SDO (PECL)
PHP Version: 5.2.1 OS:
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: mfp@php.net
New email:
PHP Version: OS:

 

 [2007-11-23 12:27 UTC] mfp@php.net
Description:
------------
We had a conversation on the google group as follows, relating to the possibility of generating xml without the necessary escaping:


Hi Caroline,
well spotted. There are places in both the wsdl generation and in the xmlrpc binding that we generate xml by simply sticking strings together ( I searched for "</" ).

We should probably edit the variables that we are using to make sure they don't contain dodgy characters. I think they are only ever values that we pull out of the annotations e.g. from @param and so forth, but we should be careful. I will raise a pecl bug to track it. 

Matthew

On Nov 23, 4:33 pm, Caroline Maynard <c...@php.net> wrote:
> Caroline Maynard wrote:
> > Caroline Maynard wrote:
> > Matthew, I see you've found a Tuscany problem
> > (http://issues.apache.org/jira/browse/TUSCANY-1553) already open for
> > this. Even if that gets fixed though, I don't think we can always depend
> > on Tuscany - the SCA code generates some xml itself in places, does it
> > not? - so we have to be prepared with the htmlentities($in, ENT_QUOTES)
> > or its internal equivalent, I think.
> 
> ... but not substituting within CDATA sections, of course ...


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-10 08:10 UTC] kalle@php.net
-Status: Open +Status: Suspended
 [2017-01-10 08:10 UTC] kalle@php.net
Suspending this report as the extension have not had a release for almost 9 years.  Please revive this if the extension once again shows life
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 22:01:27 2024 UTC