Edit report at http://bugs.php.net/bug.php?id=36795&edit=1
ID: 36795
Comment by: steven at navolutions dot com
Reported by: john at carney dot id dot au
Summary: Inappropriate "unterminated entity reference" in
DOMElement->setAttribute
Status: Bogus
Type: Bug
Package: DOM XML related
Operating System: *
PHP Version: 5.*, 6
Block user comment: N
New Comment:
I also had this issue, one thing that might not have been included in
the original reproducing of the code is that the DOMElement may have
been extended. I know mine is extended so Reproduce the code by
extending the DOMElement class. I also extended the DOMDocuement class
so try that too. So no the status is not Bogus, just to tested
thoroughly.
Previous Comments:
------------------------------------------------------------------------
[2010-04-09 14:01:23] [email protected]
Behavior as defined by DOM specs. No warnings are issued are from either
of the 2
examples in the reproduced code.
addChild() method described in later reports works are defined by specs.
Use the
simplexml property accessors for auto escaping.
------------------------------------------------------------------------
[2010-02-04 18:23:10] jalday at delivery dot com
Still seeing this issue...
$order_x->addChild('location', '1st & 52nd');
gives "Warning: SimpleXMLElement::addChild(): unterminated entity
reference"
If I run it as
$order_x->addChild('location', htmlspecialchars('1st & 52nd'));
I have no problems.
------------------------------------------------------------------------
[2009-10-22 16:28:09] gary dot malcolm at gmail dot com
I'm running PHP 5.2.9 on Linux and this bug is still alive and well
making SimpleXml absolutely inappropriate for XML communications between
systems.
<code>
$safe_value = preg_replace('/&(?!\w+;)/', '&', $value);
return $sxml->addChild($name, $safe_value);
</code>
Is just plain wrong. I'm communicating user input directly to a bank as
I can't know how the third party will parse their xml.
------------------------------------------------------------------------
[2008-04-03 23:15:04] rob at electronicinsight dot com
A little hack to get around this bug:
function &safe_add_child(&$sxml, $name, $value) {
$safe_value = preg_replace('/&(?!\w+;)/', '&', $value);
return $sxml->addChild($name, $safe_value);
}
------------------------------------------------------------------------
[2008-02-08 20:09:37] moshe at varien dot com
PHP 5.2.4
Looks like the problem appears when there's node already exists being
overwritten
// works ok, doesn't require encoding:
$a = simplexml_load_string('<a/>');
$a->b = "& < ' ";
// doesn't work, requires encoding:
$a = simplexml_load_string('<a><b>test</b></a>');
$a->b = "& < ' ";
// doesn't work, always requires encoding
$a->addChild('b', "& < '");
$a->addAttribute('b', "& < '");
// works ok, never requires encoding
$a['b'] = "& < '";
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/bug.php?id=36795
--
Edit this bug report at http://bugs.php.net/bug.php?id=36795&edit=1
