From:
Operating system: WinXP
PHP version: 5.3.2
Package: *XML functions
Bug Type: Bug
Bug description:No way to escape quotes for XPath
Description:
------------
There seems to be no way to escape single or double quotes for
XPath-Queries.
given: <test>"</test>
/test[text()="\""] produces an error message
/test[text()="\\""] dito
/test[text()="""] finds no match
This is not a PHP-Bug, I suppose. It may be a bug in the libxml2. It might
even be a bug in the XPath Spec itself. But regardless of where the blame
lies: This is serious! How is one supposed to use user-input in an XPath,
if it cannot be escaped?
I found a work-around, but it's fugly:
$dom = new DOMDocument;
$dom->loadXML('<test>"</test>');
$xpath = new DOMXPath($dom);
function xquote ($str)
{
if (strpos($str, '"') === FALSE) {
return '"'.$str.'"';
}
if (strpos($str, "'") === FALSE) {
return "'".$str."'";
}
$parts = preg_split('/(")/', $str, 0,
PREG_SPLIT_DELIM_CAPTURE|PREG_SPLIT_NO_EMPTY);
array_walk($parts,
function (&$val) {
if ($val == '"') $val = "'\"'";
else $val = '"'.$val.'"';
}
);
return 'concat('.implode(',', $parts).')';
}
$q = sprintf('/test[text()=%s]', xquote('"'));
if ($xpath->evaluate($q)->item(0)) {
echo 'found'; // works!
} else {
echo 'not found';
}
Test script:
---------------
$dom = new DOMDocument;
$dom->loadXML('<test>"</test>');
$xpath = new DOMXPath($dom);
$q = '/test[text()="""]';
if ($xpath->evaluate($q)->item(0)) {
echo "found\r\n";
} else {
echo "not found\r\n";
}
$q = '/test[text()="\\""]';
if ($xpath->evaluate($q)->item(0)) {
echo "found\r\n";
} else {
echo "not found\r\n";
}
Expected result:
----------------
found
found
Actual result:
--------------
not found
Warning: DOMXPath::evaluate(): Invalid predicate...
Warning: DOMXPath::evaluate(): Invalid expression...
Fatal error: Call to a member function item() on non-object...
--
Edit bug report at http://bugs.php.net/bug.php?id=51785&edit=1
--
Try a snapshot (PHP 5.2):
http://bugs.php.net/fix.php?id=51785&r=trysnapshot52
Try a snapshot (PHP 5.3):
http://bugs.php.net/fix.php?id=51785&r=trysnapshot53
Try a snapshot (PHP 6.0):
http://bugs.php.net/fix.php?id=51785&r=trysnapshot60
Fixed in SVN:
http://bugs.php.net/fix.php?id=51785&r=fixed
Fixed in SVN and need be documented:
http://bugs.php.net/fix.php?id=51785&r=needdocs
Fixed in release:
http://bugs.php.net/fix.php?id=51785&r=alreadyfixed
Need backtrace:
http://bugs.php.net/fix.php?id=51785&r=needtrace
Need Reproduce Script:
http://bugs.php.net/fix.php?id=51785&r=needscript
Try newer version:
http://bugs.php.net/fix.php?id=51785&r=oldversion
Not developer issue:
http://bugs.php.net/fix.php?id=51785&r=support
Expected behavior:
http://bugs.php.net/fix.php?id=51785&r=notwrong
Not enough info:
http://bugs.php.net/fix.php?id=51785&r=notenoughinfo
Submitted twice:
http://bugs.php.net/fix.php?id=51785&r=submittedtwice
register_globals:
http://bugs.php.net/fix.php?id=51785&r=globals
PHP 4 support discontinued: http://bugs.php.net/fix.php?id=51785&r=php4
Daylight Savings: http://bugs.php.net/fix.php?id=51785&r=dst
IIS Stability:
http://bugs.php.net/fix.php?id=51785&r=isapi
Install GNU Sed:
http://bugs.php.net/fix.php?id=51785&r=gnused
Floating point limitations:
http://bugs.php.net/fix.php?id=51785&r=float
No Zend Extensions:
http://bugs.php.net/fix.php?id=51785&r=nozend
MySQL Configuration Error:
http://bugs.php.net/fix.php?id=51785&r=mysqlcfg
