PHP :: Bug #54214 :: DOMDocument::createTextNode allows low ascii without exception

Bug #54214	DOMDocument::createTextNode allows low ascii without exception
Submitted:	2011-03-10 17:59 UTC	Modified:	2011-03-11 04:47 UTC
From:	trenjeska+php at gmail dot com	Assigned:
Status:	Not a bug	Package:	DOM XML related
PHP Version:	5.2.17	OS:	windows server
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	trenjeska+php at gmail dot com
New email:
PHP Version:		OS:

New Comment:

[2011-03-10 17:59 UTC] trenjeska+php at gmail dot com

Description:
------------
---
From manual page: http://nl3.php.net/manual/en/domdocument.createtextnode.php
---
createtextnode still returns the DOMText if there is low-ascii in the string.
It should return false. DOMDocument is there to be used to make sure you output well-formed xml. Now it silently creates invalid xml, even though the proper functions have been used.
MSXML _does_ except at this point.

Test script:
---------------
.createTextNode("Mensje Francina")

There is a low ascii (0x06) in front of the "F" in there for copy-paste pleasures

Expected result:
----------------
FALSE

Actual result:
--------------
DOMText node

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-03-11 04:47 UTC] aharvey@php.net

-Status: Open +Status: Bogus

[2011-03-11 04:47 UTC] aharvey@php.net

The XML specification defines the list of valid characters thusly:

Char ::= [#x1-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]

In theory, therefore, 0x06 actually falls into that range.

In practice, what happens is that restricted characters can't be serialised by libxml, so while you can create the DOMText object (correctly), you'll get a warning on output:

Warning: DOMDocument::saveXML(): xmlEscapeEntities : char out of range in /tmp/test.php on line 9

This seems reasonable to me -- you still get a warning, just at a different point.

Closing.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Nov 22 00:01:30 2024 UTC