|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #57927 Be careful with special chars when generating xml
Submitted: 2007-11-23 12:27 UTC Modified: 2017-01-10 08:10 UTC
From: Assigned:
Status: Suspended Package: SCA_SDO (PECL)
PHP Version: 5.2.1 OS:
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2007-11-23 12:27 UTC]
We had a conversation on the google group as follows, relating to the possibility of generating xml without the necessary escaping:

Hi Caroline,
well spotted. There are places in both the wsdl generation and in the xmlrpc binding that we generate xml by simply sticking strings together ( I searched for "</" ).

We should probably edit the variables that we are using to make sure they don't contain dodgy characters. I think they are only ever values that we pull out of the annotations e.g. from @param and so forth, but we should be careful. I will raise a pecl bug to track it. 


On Nov 23, 4:33 pm, Caroline Maynard <> wrote:
> Caroline Maynard wrote:
> > Caroline Maynard wrote:
> > Matthew, I see you've found a Tuscany problem
> > ( already open for
> > this. Even if that gets fixed though, I don't think we can always depend
> > on Tuscany - the SCA code generates some xml itself in places, does it
> > not? - so we have to be prepared with the htmlentities($in, ENT_QUOTES)
> > or its internal equivalent, I think.
> ... but not substituting within CDATA sections, of course ...


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-10 08:10 UTC]
-Status: Open +Status: Suspended
 [2017-01-10 08:10 UTC]
Suspending this report as the extension have not had a release for almost 9 years.  Please revive this if the extension once again shows life
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Jul 25 06:01:30 2024 UTC