Edit report at https://pear.php.net/bugs/bug.php?id=18343&edit=1
ID: 18343
Updated by: [email protected]
Reported By: [email protected]
Summary: Entities in file names decoded during packaging
Status: Assigned
Type: Bug
-Package: PEAR
+Package: XML_Util
Package Version: 1.9.2
PHP Version: 5.3.1
Assigned To: dufuz
Roadmap Versions:
New Comment:
-Package: PEAR
+Package: XML_Util
This is a bug with XML_Util.
XML_Util::createTagFromArray() takes a $replaceEntities parameter that
defines if the content of the tag should be xml-escaped or not. This
parameter is mistakenly passed up to attributesToString() for which it
was not meant at all, leading to the attribute values (including "name")
not being escaped.
Previous Comments:
------------------------------------------------------------------------
[2014-05-29 21:28:02] cweiske
-Roadmap Versions:
+Roadmap Versions: 1.9.5
------------------------------------------------------------------------
[2011-03-08 22:37:22] dufuz
-Assigned To:
+Assigned To: dufuz
------------------------------------------------------------------------
[2011-03-08 02:12:18] yunosh
Nice, the bug tracker does the same :-)
------------------------------------------------------------------------
[2011-03-08 02:11:40] yunosh
Description:
------------
If a filename contains a correctly encoded entity in one of the
package.xml tags, PEAR is decoding it when doing the packaging.
<install
as="Horde/Feed/fixtures/lexicon/http-p.moreover.com-cgi-local-page%2Fo=rss&s=Newsweek"
name="test/Horde/Feed/fixtures/lexicon/http-p.moreover.com-cgi-local-page%2Fo=rss&s=Newsweek"
/>
turns into
<install
as="Horde/Feed/fixtures/lexicon/http-p.moreover.com-cgi-local-page%2Fo=rss&s=Newsweek"
name="test/Horde/Feed/fixtures/lexicon/http-p.moreover.com-cgi-local-page%2Fo=rss&s=Newsweek"
/>
https://github.com/horde/horde/blob/24747aa1ad7c1e37fe15cc36e6dec3a911eeb824/framework/Feed/package.xml
is an example.
------------------------------------------------------------------------
