From:  ao2@ao2.it ("ao2")
Date:  23 Mar 2016 01:24:57 Hong Kong Time
Newsgroup:  news.php.net/php.pear.bugs
Subject:  

[PEAR-BUG] Bug #15602 [Com]: attributes don't get escaped sometimes

NNTP-Posting-Host:  null

Edit report at http://pear.php.net/bugs/bug.php?id=15602&edit=1

 ID:              15602
 Comment by:      ao2
 Reported By:     ao2 at ao2 dot it
 Summary:         attributes don't get escaped sometimes
 Status:          Closed
 Type:            Bug
 Package:         XML_Serializer
 Package Version: 0.19.1
 PHP Version:     5.2.8
 Assigned To:     ashnazg
 New Comment:

Hi, with XML_Serializer-0.20.2 I get double encoded entities in some
attributes when running: phpunit tests/bug-15602.phpt

The bug tracker mangles the output here, decoding the entities... but
the output
is somethat like this.

  $ phpunit tests/bug-15602.phpt
  PHPUnit 5.2.10 by Sebastian Bergmann and contributors.

  F                                                                   1
/ 1 (100%)

  Time: 118 ms, Memory: 2.00Mb

  There was 1 failure:

  1) tests/bug-15602.phpt
  Failed asserting that two strings are equal.
  --- Expected
  +++ Actual
  @@ @@
   '
  -
  -  
  +
  +  
       I say: "A", B & C, 'd'!
     
     I say: "A", B & C,
'd'!
   '

  FAILURES!
  Tests: 1, Assertions: 1, Failures: 1.


The issue goes away if I remove the code at line 1215 in
XML_Serializer.php, in function _createXMLTag(), but I ma not sure if
this is the correct fix.


  diff --git a/XML_Serializer-0.20.2/XML/Serializer.php
b/XML_Serializer-0.20.2/XML/Serializer.php
  index a757d4b..06eea51 100644
  --- a/XML_Serializer-0.20.2/XML/Serializer.php
  +++ b/XML_Serializer-0.20.2/XML/Serializer.php
  @@ -598,7 +598,7 @@ class XML_Serializer extends PEAR
        *
        * @access public
        */
  -    function XML_Serializer( $options = null )
  +    function __construct( $options = null )
       {
           $this->PEAR();
           if (is_array($options)) {
  @@ -1209,15 +1209,6 @@ $tag['content'] = '0';
               // this is a nested call, so value is already encoded
               // and must not be encoded again
               $replaceEntities = XML_SERIALIZER_ENTITIES_NONE;
  -            // but attributes need to be encoded anyways
  -            // (done here because the rest of the code assumes the
same encoding
  -            // can be used both for attributes and content)
  -            foreach ($tag['attributes'] as $k => $v) {
  -                $v = XML_Util::replaceEntities($v,
  -                    $this->options[XML_SERIALIZER_OPTION_ENTITIES]);
  -
  -                $tag['attributes'][$k] = $v;
  -            }
           }
           if (is_scalar($tag['content']) || is_null($tag['content']))
{
               if ($this->options[XML_SERIALIZER_OPTION_ENCODE_FUNC]) {


Can anyone confirm the issue and the fix?

Thanks,
   Antonio


Previous Comments:
------------------------------------------------------------------------

[2009-04-24 17:53:19] kovaltaras

This fix not working in PHP 4.x. Check errors

------------------------------------------------------------------------

[2009-01-24 23:09:02] ashnazg

The provided test case performs as described, with me testing
XML_Serializer-0.19.1 on PHP 5.2.6 on Ubuntu-8.10.  The attached patch
(with missing brackets added) makes the test work, without breaking any
existing tests.  Change committed to CVS, and test case added.

------------------------------------------------------------------------

[2009-01-15 09:35:52] doconnor

Copied test script
 '  ',

    XML_SERIALIZER_OPTION_LINEBREAKS       => "\n",

    XML_SERIALIZER_OPTION_ROOT_NAME        => 'FooTag',

    XML_SERIALIZER_OPTION_MODE             =>
XML_SERIALIZER_MODE_SIMPLEXML,

    XML_SERIALIZER_OPTION_ATTRIBUTES_KEY   => XML_ATTR,

    XML_SERIALIZER_OPTION_XML_ENCODING     => 'UTF-8',

    XML_SERIALIZER_OPTION_XML_DECL_ENABLED => true,

    XML_SERIALIZER_OPTION_ENTITIES         =>
XML_SERIALIZER_ENTITIES_XML,

);

 

$v = 'I say: "A", B & C, \'d\'!';

$a = array('attr1' => $v);

 

$xml = array(

    XML_ATTR => $a,

    'tag1' => array(XML_ATTR => $a, 'tag2' => $v),

    'tag3' => array(XML_ATTR => $a, $v),

);

 

$serializer = new XML_Serializer($options);

$serializer->serialize($xml);

echo $serializer->getSerializedData();

------------------------------------------------------------------------

[2009-01-13 17:39:36] jesse

I just ran across this today and patched the version we are using. All I
did was change line 832 in Serializer.php to:
                      
$atts[$this->options[XML_SERIALIZER_OPTION_ATTRIBUTE_KEY]] =
XML_Util::replaceEntities($origKey,
$this->options[XML_SERIALIZER_OPTION_ENTITIES]);

There's a chance that's not the complete, proper solution, but it does
the trick for me.

Probably needs to be done in the Unserializer.php, too, but I didn't
care about that.

------------------------------------------------------------------------

[2009-01-13 05:36:57] daniel226

confirmed, php version 4.4.9

------------------------------------------------------------------------

The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
    http://pear.php.net/bugs/bug.php?id=15602

-- 
Edit this bug report at http://pear.php.net/bugs/bug.php?id=15602&edit=1