php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #44458 Ampersand sign in SimpleXMLElement->addChild() causes incomplete XML
Submitted: 2008-03-17 19:29 UTC Modified: 2008-03-18 12:13 UTC
Votes:1
Avg. Score:3.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: sergej at halogen-dg dot com Assigned:
Status: Not a bug Package: SimpleXML related
PHP Version: 5.2.5 OS: FreeBSD, Linux
Private report: No CVE-ID: None
 [2008-03-17 19:29 UTC] sergej at halogen-dg dot com
Description:
------------
SimpleXMLElement->addChild() causes warning message and produces 
incomplete XML in case when the second argument contains ampersand  
sign '&'. Text after ampersand is absent in output XML.

In the same time escaping of other XML special symbols in tag body 
works OK. Also all XML special symbols in tag attributes are escaped 
OK.


Reproduce code:
---------------
<?
$sxml=new SimpleXMLElement('<?xml version="1.0" encoding="utf-8"?><test></test>');
// Quotes
$sitem=$sxml->addChild('tag',"'");
$sitem->addAttribute('attr',"'");
$sitem=$sxml->addChild('tag','"');
$sitem->addAttribute('attr','"');
// Brackets
$sitem=$sxml->addChild('tag','<');
$sitem->addAttribute('attr','<');
$sitem=$sxml->addChild('tag','>');
$sitem->addAttribute('attr','>');
// Ampersand
$sitem=$sxml->addChild('tag','Smith & Wesson');
$sitem->addAttribute('attr','Smith & Wesson');
// Result XML
print($sxml->asXML());
?>


Expected result:
----------------
<?xml version="1.0" encoding="utf-8"?>
<test><tag attr="'">'</tag><tag attr="&quot;">"</tag><tag 
attr="&lt;">&lt;</tag><tag attr="&gt;">&gt;</tag><tag attr="Smith 
&amp; Wesson">Smith &amp; Wesson</tag></test>


Actual result:
--------------
PHP Warning:  SimpleXMLElement::addChild(): unterminated entity 
reference          Wesson in xml.php on line 14

Warning: SimpleXMLElement::addChild(): unterminated entity reference          
Wesson in xml.php on line 14
<?xml version="1.0" encoding="utf-8"?>
<test><tag attr="'">'</tag><tag attr="&quot;">"</tag><tag 
attr="&lt;">&lt;</tag><tag attr="&gt;">&gt;</tag><tag attr="Smith 
&amp; Wesson">Smith </tag></test>


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-03-18 12:13 UTC] rrichards@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

& must be escaped
 [2012-08-23 20:15 UTC] phpbug at mailinator dot com
That's reply not user friendly :) Absolutely.
It's weired to give link to PHP manual. Why don't you give link to the page with description of this "feature"?
http://www.php.net/manual/en/simplexmlelement.addchild.php - this page doesn't have any info about ampersand (not counting user comments).
So, till addChild escapes angle brackets, quotes, but doesn't escape ampersand - I think every man of good sense will consider this as bug. (SimpleXML is Simple? ORLY?)
 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Sun Nov 29 08:01:23 2020 UTC