php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #24953 Image_GraphViz nonstandard label chars
Submitted: 2003-08-05 12:04 UTC Modified: 2003-08-06 11:39 UTC
From: php-bug-NOSPAM-2003-aug-05 at ryandesign dot de Assigned:
Status: Not a bug Package: PEAR related
PHP Version: Irrelevant OS: Irrevelant
Private report: No CVE-ID: None
 [2003-08-05 12:04 UTC] php-bug-NOSPAM-2003-aug-05 at ryandesign dot de
Description:
------------
If I use the chars quote, backslash, or newline in labels passed to Image_GraphViz's functions addNode et al, the resulting GraphViz markup is syntactically invalid and the graph it produces does not look visually like what I intended it to look like.

Reproduce code:
---------------
<?php
require "Image/GraphViz.php";
$g = new Image_GraphViz();
$g->addNode(1, array('label' => 'Node "One"
2nd line'));
$g->image('png');
?>


Expected result:
----------------
Expected: graph with one node whose label spans 2 lines and looks like this:

Node "One"
2nd line

Actual result:
--------------
Actual: graph with one node whose label spans only one line and looks like this:

Node

I can get the desired result by instead writing...

$g->addNode(1, array('label' => 'Node \"One\"\n2nd line'));

...but as the user of the Image_GraphViz class I shouldn't have to know GraphViz's escaping rules. The class should handle this for me -- probably in its parse() function.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-08-06 11:26 UTC] nicos@php.net
It looks bogus to me.

The class can't know you want to escape. Use \n.

and yes you *should* know.
 [2003-08-06 11:39 UTC] php-bug-NOSPAM-2003-aug-05 at ryandesign dot de
Ok, perhaps I, the programmer, know about the escaping 
rules, but my users entering data into MySQL tables 
don't know them. I don't plan to store the node and 
edge labels in my database in escaped form; this means 
I'd have to call some escaping function on the data 
before passing it to addNode et al. Perhaps the 
Image_GraphViz class could provide a function to 
properly escape the string?

But I really do disagree with your decision. Consider 
the case that I pass a label with a quote to addNode. I 
pass the quote so that it is not escaped. 
Image_GraphViz blindly adds it to the graph without 
escaping it, which causes that quote to end the label 
right there and proceed with the rest of the label as 
if it were commands. This is a Bad Thing. And since 
there is never a time when you will want to do it, why 
make the programmer jump through additional hoops to do 
the Right Thing when it could be done automatically by 
the class?
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC