php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57845 saveString doesn't encode entities
Submitted: 2007-09-24 15:59 UTC Modified: 2007-12-04 09:50 UTC
From: mattsch at gmail dot com Assigned: TUSCANY-1553 (profile)
Status: Closed Package: SCA_SDO (PECL)
PHP Version: 5.2.4 OS: Gentoo Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem:
50 - 49 = ?
Subscribe to this entry?

 
 [2007-09-24 15:59 UTC] mattsch at gmail dot com
Description:
------------
I don't know if this is a bug or a "feature" but I noticed that if I set a property with an ampersand or left/right arrow, it creates bad xml when executing saveString.  If this is a "feature", then I suggest that it should be documented in SDO DAS XML with a link to htmlspecialchars.

Reproduce code:
---------------
<?xml version="1.0" encoding="UTF-8"?>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<xsd:element name="request" type="requestType"/>

<xsd:complexType name="requestType" abstract="true"/>

<xsd:complexType name="collectionInfo">
  <xsd:complexContent>
    <xsd:extension base="requestType">
      <xsd:sequence minOccurs="0" maxOccurs="unbounded">
        <xsd:element name="collection">
          <xsd:simpleType>
            <xsd:restriction base="xsd:token">
              <xsd:minLength value="2"/>
              <xsd:maxLength value="2"/>
            </xsd:restriction>
          </xsd:simpleType>
        </xsd:element>
      </xsd:sequence>
      <xsd:attribute name="kind" type="xsd:string"
fixed="collectionInfo"/>
    </xsd:extension>
  </xsd:complexContent>
</xsd:complexType>

<xsd:element name="request-list">
  <xsd:complexType>
     <xsd:sequence>
        <xsd:element ref="request" minOccurs="0"
maxOccurs="unbounded"/>
     </xsd:sequence>
  </xsd:complexType>
</xsd:element>

</xsd:schema>


<?php
header('Content-type: application/xml');
try {
        $xmldas = SDO_DAS_XML::create("request.xsd");
        try {
                $doc = $xmldas->createDocument('', 'request-list');
                $rdo = $doc->getRootDataObject();
                $request = $xmldas->createDataObject('', 'collectionInfo');
                $request->collection->insert('foo < & > bar');
                $request->kind = 'collectionInfo';
                $rdo->request->insert($request);
                print($xmldas->saveString($doc));
        } catch (SDO_Exception $e) {
                print($e);
        }
} catch (SDO_Exception $e) {
        print("Problem creating an XML document: " . $e->getMessage());
}

?>

Expected result:
----------------
<?xml version="1.0" encoding="UTF-8"?>
<request-list xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><request xsi:type="collectionInfo" kind="collectionInfo"><collection>foo &lt; &amp; &gt; bar</collection></request></request-list>

Actual result:
--------------
<?xml version="1.0" encoding="UTF-8"?>
<request-list xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><request xsi:type="collectionInfo" kind="collectionInfo"><collection>foo < & > bar</collection></request></request-list>

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-09-24 16:00 UTC] mattsch at gmail dot com
Changed php version.
 [2007-11-22 13:43 UTC] mfp@php.net
Thanks for spotting this. I think it is definitely a big. I think it is already open as a defect on Tuscany https://issues.apache.org/jira/browse/TUSCANY-1553
 [2007-12-04 09:50 UTC] cem@php.net
This bug has been fixed in CVS.

In case this was a documentation problem, the fix will show up at the
end of next Sunday (CET) on pecl.php.net.

In case this was a pecl.php.net website problem, the change will show
up on the website in short time.
 
Thank you for the report, and for helping us make PECL better.

Fixed checked in to FULMAR branch, and will be in next release.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Thu May 26 22:05:46 2022 UTC