#37601 [NEW]: SimpleXML and loss of entities

php at nineberry dot de Fri, 26 May 2006 05:12:37 -0700

From:             php at nineberry dot de
Operating system: probably irrelevant
PHP version:      5.1.4
PHP Bug Type:     SimpleXML related
Bug description:  SimpleXML and loss of entities


Description:
------------
When assigning values to node parameters, entities are not escaped,
however when reading values, the entities are replaced by their meaning.

i.e. assigning and reading behave assymetric.

Suggestion: Add escaping of values that are assigned.

Kind of workaround: Use htmlspecialchars() manually on values before
assigning. (This workaround will not work for &apos;)

Reproduce code:
---------------
<?php
$rawxml = '<root par="F" />';
$test = 'A &quot; B';

$rr = simplexml_load_string($rawxml);

header("Content-Type: text/plain");

echo($rr["par"]);
echo("\n");
echo("\n");

$rr["par"] = $test;

echo($rr->asXML());
echo("\n");

echo($rr["par"]);
echo("\n");
?>

Expected result:
----------------
F

<?xml version="1.0"?>
<root par="A &quot;quot; B"/>

A &quot; B

Actual result:
--------------
F

<?xml version="1.0"?>
<root par="A &quot; B"/>

A " B

-- 
Edit bug report at http://bugs.php.net/?id=37601&edit=1
-- 
Try a CVS snapshot (PHP 4.4): 
http://bugs.php.net/fix.php?id=37601&r=trysnapshot44
Try a CVS snapshot (PHP 5.2): 
http://bugs.php.net/fix.php?id=37601&r=trysnapshot52
Try a CVS snapshot (PHP 6.0): 
http://bugs.php.net/fix.php?id=37601&r=trysnapshot60
Fixed in CVS:                 http://bugs.php.net/fix.php?id=37601&r=fixedcvs
Fixed in release:             
http://bugs.php.net/fix.php?id=37601&r=alreadyfixed
Need backtrace:               http://bugs.php.net/fix.php?id=37601&r=needtrace
Need Reproduce Script:        http://bugs.php.net/fix.php?id=37601&r=needscript
Try newer version:            http://bugs.php.net/fix.php?id=37601&r=oldversion
Not developer issue:          http://bugs.php.net/fix.php?id=37601&r=support
Expected behavior:            http://bugs.php.net/fix.php?id=37601&r=notwrong
Not enough info:              
http://bugs.php.net/fix.php?id=37601&r=notenoughinfo
Submitted twice:              
http://bugs.php.net/fix.php?id=37601&r=submittedtwice
register_globals:             http://bugs.php.net/fix.php?id=37601&r=globals
PHP 3 support discontinued:   http://bugs.php.net/fix.php?id=37601&r=php3
Daylight Savings:             http://bugs.php.net/fix.php?id=37601&r=dst
IIS Stability:                http://bugs.php.net/fix.php?id=37601&r=isapi
Install GNU Sed:              http://bugs.php.net/fix.php?id=37601&r=gnused
Floating point limitations:   http://bugs.php.net/fix.php?id=37601&r=float
No Zend Extensions:           http://bugs.php.net/fix.php?id=37601&r=nozend
MySQL Configuration Error:    http://bugs.php.net/fix.php?id=37601&r=mysqlcfg

#37601 [NEW]: SimpleXML and loss of entities

Reply via email to