php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54214 DOMDocument::createTextNode allows low ascii without exception
Submitted: 2011-03-10 17:59 UTC Modified: 2011-03-11 04:47 UTC
From: trenjeska+php at gmail dot com Assigned:
Status: Not a bug Package: DOM XML related
PHP Version: 5.2.17 OS: windows server
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: trenjeska+php at gmail dot com
New email:
PHP Version: OS:

 

 [2011-03-10 17:59 UTC] trenjeska+php at gmail dot com
Description:
------------
---
From manual page: http://nl3.php.net/manual/en/domdocument.createtextnode.php
---
createtextnode still returns the DOMText if there is low-ascii in the string.
It should return false. DOMDocument is there to be used to make sure you output well-formed xml. Now it silently creates invalid xml, even though the proper functions have been used.
MSXML _does_ except at this point.

Test script:
---------------
.createTextNode("Mensje Francina")

There is a low ascii (0x06) in front of the "F" in there for copy-paste pleasures

Expected result:
----------------
FALSE

Actual result:
--------------
DOMText node

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-03-11 04:47 UTC] aharvey@php.net
-Status: Open +Status: Bogus
 [2011-03-11 04:47 UTC] aharvey@php.net
The XML specification defines the list of valid characters thusly:

Char ::= [#x1-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]

In theory, therefore, 0x06 actually falls into that range.

In practice, what happens is that restricted characters can't be serialised by libxml, so while you can create the DOMText object (correctly), you'll get a warning on output:

Warning: DOMDocument::saveXML(): xmlEscapeEntities : char out of range in /tmp/test.php on line 9

This seems reasonable to me -- you still get a warning, just at a different point.

Closing.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Nov 22 00:01:30 2024 UTC