php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57927 Be careful with special chars when generating xml
Submitted: 2007-11-23 12:27 UTC Modified: 2017-01-10 08:10 UTC
From: mfp@php.net Assigned:
Status: Suspended Package: SCA_SDO (PECL)
PHP Version: 5.2.1 OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mfp@php.net
New email:
PHP Version: OS:

 

 [2007-11-23 12:27 UTC] mfp@php.net
Description:
------------
We had a conversation on the google group as follows, relating to the possibility of generating xml without the necessary escaping:


Hi Caroline,
well spotted. There are places in both the wsdl generation and in the xmlrpc binding that we generate xml by simply sticking strings together ( I searched for "</" ).

We should probably edit the variables that we are using to make sure they don't contain dodgy characters. I think they are only ever values that we pull out of the annotations e.g. from @param and so forth, but we should be careful. I will raise a pecl bug to track it. 

Matthew

On Nov 23, 4:33 pm, Caroline Maynard <c...@php.net> wrote:
> Caroline Maynard wrote:
> > Caroline Maynard wrote:
> > Matthew, I see you've found a Tuscany problem
> > (http://issues.apache.org/jira/browse/TUSCANY-1553) already open for
> > this. Even if that gets fixed though, I don't think we can always depend
> > on Tuscany - the SCA code generates some xml itself in places, does it
> > not? - so we have to be prepared with the htmlentities($in, ENT_QUOTES)
> > or its internal equivalent, I think.
> 
> ... but not substituting within CDATA sections, of course ...


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-10 08:10 UTC] kalle@php.net
-Status: Open +Status: Suspended
 [2017-01-10 08:10 UTC] kalle@php.net
Suspending this report as the extension have not had a release for almost 9 years.  Please revive this if the extension once again shows life
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 15:01:29 2024 UTC