FAQ
Edit report at https://pear.php.net/bugs/bug.php?id=18343&edit=1

  ID: 18343
  Updated by: demon.gene@gmail.com
  Reported By: jan@horde.org
  Summary: Entities in file names decoded during packaging
  Status: Assigned
  Type: Bug
  Package: XML_Util
  PHP Version: 5.3.1
-Assigned To: dufuz
+Assigned To: ashnazg
-Roadmap Versions: 1.9.5
+Roadmap Versions:
  New Comment:

-Assigned To: dufuz
+Assigned To: ashnazg
-Roadmap Versions: 1.9.5
+Roadmap Versions:
cweiske: so, it is here
(https://github.com/pear/XML_Util/blob/trunk/XML/Util.php#L653) that the
$replaceEntities value should have not been given, thus relying on
attributeToString()'s default argument value of XML_UTIL_ENTITIES_XML
instead?


Previous Comments:
------------------------------------------------------------------------

[2014-06-02 23:07:32] cweiske

-Package: PEAR
+Package: XML_Util
This is a bug with XML_Util.

XML_Util::createTagFromArray() takes a $replaceEntities parameter that
defines if the content of the tag should be xml-escaped or not. This
parameter is mistakenly passed up to attributesToString() for which it
was not meant at all, leading to the attribute values (including "name")
not being escaped.

------------------------------------------------------------------------

[2014-05-29 21:28:02] cweiske

-Roadmap Versions:
+Roadmap Versions: 1.9.5


------------------------------------------------------------------------

[2011-03-08 22:37:22] dufuz

-Assigned To:
+Assigned To: dufuz


------------------------------------------------------------------------

[2011-03-08 02:12:18] yunosh

Nice, the bug tracker does the same :-)

------------------------------------------------------------------------

[2011-03-08 02:11:40] yunosh

Description:
------------
If a filename contains a correctly encoded entity in one of the
package.xml tags, PEAR is decoding it when doing the packaging.

<install
as="Horde/Feed/fixtures/lexicon/http-p.moreover.com-cgi-local-page%2Fo=rss&s=Newsweek"
name="test/Horde/Feed/fixtures/lexicon/http-p.moreover.com-cgi-local-page%2Fo=rss&s=Newsweek"
/>

turns into

<install
as="Horde/Feed/fixtures/lexicon/http-p.moreover.com-cgi-local-page%2Fo=rss&s=Newsweek"
name="test/Horde/Feed/fixtures/lexicon/http-p.moreover.com-cgi-local-page%2Fo=rss&s=Newsweek"
/>

https://github.com/horde/horde/blob/24747aa1ad7c1e37fe15cc36e6dec3a911eeb824/framework/Feed/package.xml
is an example.

------------------------------------------------------------------------

Search Discussions

  • Cweiske at Jun 3, 2014 at 6:22 pm
    Edit report at https://pear.php.net/bugs/bug.php?id=18343&edit=1

      ID: 18343
      Updated by: cweiske@php.net
      Reported By: jan@horde.org
      Summary: Entities in file names decoded during packaging
      Status: Assigned
      Type: Bug
      Package: XML_Util
      PHP Version: 5.3.1
      Assigned To: ashnazg
      Roadmap Versions:
      New Comment:

    Exactly.


    Previous Comments:
    ------------------------------------------------------------------------

    [2014-06-03 20:25:05] ashnazg

    -Assigned To: dufuz
    +Assigned To: ashnazg
    -Roadmap Versions: 1.9.5
    +Roadmap Versions:
    cweiske: so, it is here
    (https://github.com/pear/XML_Util/blob/trunk/XML/Util.php#L653) that the
    $replaceEntities value should have not been given, thus relying on
    attributeToString()'s default argument value of XML_UTIL_ENTITIES_XML
    instead?

    ------------------------------------------------------------------------

    [2014-06-02 23:07:32] cweiske

    -Package: PEAR
    +Package: XML_Util
    This is a bug with XML_Util.

    XML_Util::createTagFromArray() takes a $replaceEntities parameter that
    defines if the content of the tag should be xml-escaped or not. This
    parameter is mistakenly passed up to attributesToString() for which it
    was not meant at all, leading to the attribute values (including "name")
    not being escaped.

    ------------------------------------------------------------------------

    [2014-05-29 21:28:02] cweiske

    -Roadmap Versions:
    +Roadmap Versions: 1.9.5


    ------------------------------------------------------------------------

    [2011-03-08 22:37:22] dufuz

    -Assigned To:
    +Assigned To: dufuz


    ------------------------------------------------------------------------

    [2011-03-08 02:12:18] yunosh

    Nice, the bug tracker does the same :-)

    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
         http://pear.php.net/bugs/bug.php?id=18343
  • Demon Gene at Jun 3, 2014 at 8:23 pm
    Edit report at https://pear.php.net/bugs/bug.php?id=18343&edit=1

      ID: 18343
      Updated by: demon.gene@gmail.com
      Reported By: jan@horde.org
      Summary: Entities in file names decoded during packaging
    -Status: Assigned
    +Status: Feedback
      Type: Bug
      Package: XML_Util
      PHP Version: 5.3.1
      Assigned To: ashnazg
      Roadmap Versions:
      New Comment:

    -Status: Assigned
    +Status: Feedback
    Pull requests are opened for this fix in XML_Util and XML_Util2.
    cweiske, please have a look at my change to see if it solves the issue
    as you've isolated it in the PEAR installer use case.


    Previous Comments:
    ------------------------------------------------------------------------

    [2014-06-03 20:36:28] cweiske

    Exactly.

    ------------------------------------------------------------------------

    [2014-06-03 20:25:05] ashnazg

    -Assigned To: dufuz
    +Assigned To: ashnazg
    -Roadmap Versions: 1.9.5
    +Roadmap Versions:
    cweiske: so, it is here
    (https://github.com/pear/XML_Util/blob/trunk/XML/Util.php#L653) that the
    $replaceEntities value should have not been given, thus relying on
    attributeToString()'s default argument value of XML_UTIL_ENTITIES_XML
    instead?

    ------------------------------------------------------------------------

    [2014-06-02 23:07:32] cweiske

    -Package: PEAR
    +Package: XML_Util
    This is a bug with XML_Util.

    XML_Util::createTagFromArray() takes a $replaceEntities parameter that
    defines if the content of the tag should be xml-escaped or not. This
    parameter is mistakenly passed up to attributesToString() for which it
    was not meant at all, leading to the attribute values (including "name")
    not being escaped.

    ------------------------------------------------------------------------

    [2014-05-29 21:28:02] cweiske

    -Roadmap Versions:
    +Roadmap Versions: 1.9.5


    ------------------------------------------------------------------------

    [2011-03-08 22:37:22] dufuz

    -Assigned To:
    +Assigned To: dufuz


    ------------------------------------------------------------------------

    The remainder of the comments for this report are too long. To view
    the rest of the comments, please view the bug report online at
         http://pear.php.net/bugs/bug.php?id=18343

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppear-bugs @
categoriesphp
postedJun 3, '14 at 6:10p
activeJun 3, '14 at 8:23p
posts3
users2
websitepear.php.net

2 users in discussion

Demon Gene: 2 posts Cweiske: 1 post

People

Translate

site design / logo © 2022 Grokbase