Bug #52856 [Opn]: XSLTProcessor mishandles XML entities

Wed, 15 Sep 2010 16:12:32 -0700 

Edit report at http://bugs.php.net/bug.php?id=52856&edit=1

 ID:                 52856
 User updated by:    zweibieren at yahoo dot com
 Reported by:        zweibieren at yahoo dot com
 Summary:            XSLTProcessor mishandles XML entities
 Status:             Open
 Type:               Bug
 Package:            XSLT related
-Operating System:   Linux palikir 2.6.32.8-grsec-2.1
+Operating System:   Linux 2.6.32.8-grsec-2.1
 PHP Version:        5.2.14
 Block user comment: N

 New Comment:

"palikir" was the host at Dreamhost.com


Previous Comments:
------------------------------------------------------------------------
[2010-09-15 22:44:12] zweibieren at yahoo dot com

Description:
------------
XSLTProcessor does not handle DOMEntity nodes properly. It substitutes
nothing instead of the entity value. 



In the sample script the bad behavior is demonstrated by switching
values of 

substituteEntities in the DOMDocument instance used to read the $xml
file.

The test data has entity references within parentheses:  (&test;) and
( ).



The output of the sample program is 

    with sustituteEntities=false: &test;=>()  =>()

    with sustituteEntities=true: &test;=>(OK)  =>( ) 

For the first line, entity references are passed unmodified to
XSLTProcessor and they are then omitted from the output.

For the second line, DOMDocument::load has replaced the entity
references in the tree that is passed to XSLTProcessor. So the entity
values show up properly in the output.

Test script:
---------------
<?php

function runtest($xml, $se) {

        $xmlDoc = new DOMDocument(); $xmlDoc->substituteEntities = $se; 
$xmlDoc->loadXML($xml); 

        $proc = new XSLTProcessor();  $proc->importStylesheet($xmlDoc);

        $html = $proc->transformToXML(new DOMDocument());

        echo "with sustituteEntities=" . ($se?"true":"false") . ":
$html<br/>\n";

}

$xml = <<<EOF

<?xml version="1.0" encoding="utf-8"?><!DOCTYPE testdoc [<!ENTITY test
"OK"> <!ENTITY nbsp "&#160;"> ]>

<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>

<xsl:template match="/">

&amp;test;=>(&test;)    &amp;nbsp;=>(&nbsp;)

</xsl:template></xsl:stylesheet>

EOF;

echo "<html><body>";

runtest($xml, false);

runtest($xml, true);

echo "</body></html>";

?>

Expected result:
----------------
    with sustituteEntities=false: &test;=>() &nbsp;=>()

    with sustituteEntities=true: &test;=>(OK) &nbsp;=>( ) 



The first line is wrong. The second is correct.

Actual result:
--------------
see expected results (the test produces both the correct and incorrect
behavior)


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=52856&edit=1

Reply via email to