Merge pull request #259 from Art4/233-patch-xml-element-error

Handle xml entities in projects, wiki and issue api

Author: kbsali

src/Redmine/Api/Project.php

@@ -171,7 +171,7 @@ protected function prepareParamsXml($params)
                     $array->addChild($_params[$k], $id);
                 }
             } else {
-                $xml->addChild($k, $v);
+                $xml->addChild($k, htmlspecialchars($v));
             }
         }
 

src/Redmine/Api/Wiki.php

@@ -81,7 +81,7 @@ public function create($project, $page, array $params = [])
                     }
                 }
             } else {
-                $xml->addChild($k, $v);
+                $xml->addChild($k, htmlspecialchars($v));
             }
         }
 

tests/Unit/Api/IssueTest.php

@@ -842,7 +842,8 @@ public function testBuildXmlWithWatcherAndUploadAndCustomFieldAndStandard()
         // Test values
         $parameters = [
             'watcher_user_ids' => [5],
-            'subject' => 'Issue subject',
+            'subject' => 'Issue subject with some xml entities: & < > " \' ',
+            'description' => 'Description with some xml entities: & < > " \' ',
             'uploads' => [
                 [
                     'token' => 'first-token',
@@ -883,7 +884,8 @@ public function testBuildXmlWithWatcherAndUploadAndCustomFieldAndStandard()
                         .'<value>Second Custom Field</value>'
                         .'</custom_field>'
                     ),
-                    $this->stringContains('<subject>Issue subject</subject>')
+                    $this->stringContains('<subject>Issue subject with some xml entities: &amp; &lt; &gt; " \' </subject>'),
+                    $this->stringContains('<description>Description with some xml entities: &amp; &lt; &gt; " \' </description>')
                 )
             );
 

tests/Unit/Api/ProjectTest.php

@@ -410,7 +410,8 @@ public function testCreateCallsPost()
         $getResponse = 'API Response';
         $parameters = [
             'identifier' => 'test-project',
-            'name' => 'Test Project',
+            'name' => 'Test Project with some xml entities: & < > " \' ',
+            'description' => 'Description with some xml entities: & < > " \' ',
         ];
 
         // Create the used mock objects
@@ -425,7 +426,8 @@ public function testCreateCallsPost()
                     $this->stringStartsWith('<?xml version="1.0"?>'."\n".'<project>'),
                     $this->stringEndsWith('</project>'."\n"),
                     $this->stringContains('<identifier>test-project</identifier>'),
-                    $this->stringContains('<name>Test Project</name>')
+                    $this->stringContains('<name>Test Project with some xml entities: &amp; &lt; &gt; " \' </name>'),
+                    $this->stringContains('<description>Description with some xml entities: &amp; &lt; &gt; " \' </description>')
                 )
             )
             ->willReturn($getResponse);

tests/Unit/Api/TimeEntryTest.php

@@ -261,6 +261,7 @@ public function testCreateCallsPost()
                     $this->stringContains('<issue_id>15</issue_id>'),
                     $this->stringContains('<project_id>25</project_id>'),
                     $this->stringContains('<hours>5.25</hours>'),
+                    $this->stringContains('<comments>some text with xml entities: &amp; &lt; &gt; " \' </comments>'),
                     $this->stringContains('<custom_fields type="array"><custom_field name="Affected version" id="1"><value>1.0.1</value></custom_field><custom_field name="Resolution" id="2"><value>Fixed</value></custom_field></custom_fields>')
                 )
             )

tests/Unit/Api/WikiTest.php

@@ -259,9 +259,9 @@ public function testCreateWithParametersCallsPost()
         // Test values
         $getResponse = 'API Response';
         $parameters = [
-            'title' => 'Test Wikipage',
-            'comments' => 'Initial Edit',
-            'text' => 'Some page text',
+            'title' => 'Test Wikipage with xml entities: & < > " \' ',
+            'comments' => 'Initial Edit with xml entities: & < > " \' ',
+            'text' => 'Some page text with xml entities: & < > " \' ',
         ];
 
         // Create the used mock objects
@@ -275,9 +275,9 @@ public function testCreateWithParametersCallsPost()
                 $this->logicalAnd(
                     $this->stringStartsWith('<?xml version="1.0"?>'."\n".'<wiki_page>'),
                     $this->stringEndsWith('</wiki_page>'."\n"),
-                    $this->stringContains('<title>Test Wikipage</title>'),
-                    $this->stringContains('<comments>Initial Edit</comments>'),
-                    $this->stringContains('<text>Some page text</text>')
+                    $this->stringContains('<title>Test Wikipage with xml entities: &amp; &lt; &gt; " \' </title>'),
+                    $this->stringContains('<comments>Initial Edit with xml entities: &amp; &lt; &gt; " \' </comments>'),
+                    $this->stringContains('<text>Some page text with xml entities: &amp; &lt; &gt; " \' </text>')
                 )
             )
             ->willReturn($getResponse);