Browse files

Fix substitution of XML entities in config files

  • Loading branch information...
thomasbachem committed Jan 5, 2016
1 parent f0bc101 commit f35b9b829c9fa58bb993d5df9aaef6a75d307f41
@@ -84,3 +84,4 @@ FIX: fix AgaviViewTestCase::assertViewSetsCookie throwing a notice (#1521) (Domi
FIX: Fix "session_id" parameter of AgaviSessionStorage (#1479) (Thomas Bachem)
FIX: Routing default values can now be zero or an empty string (#1545) (Thomas Bachem)
FIX: BREAKING CHANGE: <filters> element in translation.xml doesn't allow multiple <filter> child elements (#1475) (Dominik, Armin Rezayati)
FIX: BREAKING CHANGE: XML entities in configuration files are now properly substituted everywhere (#1571) (Thomas Bachem)
@@ -14,6 +14,8 @@ All configuration namespaces have been bumped to version 1.1 as a consequence of
We fixed the encoding of the file in x:include statements, so you can include files containing spaces and funny characters now.
The substitution of XML entities in configuration files was fixed as well, so you can now use custom XML entities everywhere.
Response classes now extend from AgaviAttributeHolder instead of AgaviParameterHolder. Attributes from each namespace are merged over individually, in the same way as HTTP headers, cookies and other metadata - info from the "child" response does not overwrite info on the response the data is merged to ("parent"). If however the attribute already exists in the parent, and both parent and child value are an array, then those values are merged. In this case, for identical keys, the value from the child array does not overwrite the value from the parent array. Numeric keys, however get appended. You can use this functionality to, for instance, implement caching of metadata such as CSS and JavaScript files to be loaded in the Master template - something that is not possible with global response attribute once you start using such functionality in slots - caching the response attributes would mean corrupt data with slots re-used on different pages.
@@ -8,6 +8,8 @@ Configuration
All configuration namespaces got bumped to version 1.1. For example, the envelope namespace is now "", and the factories.xml namespace is "". XSL transformations will automatically port your existing configuration files to new versions and apply backwards compatibility modifications where necessary. If you do not have the XSL extension installed or if you would like to port the configuration files to the new namespace, adjust the namespace declarations accordingly. Occasionally, you will have to add, change or remove elements; new namespace versions may also affect system behavior. All changes that might affect your application are outlined in this file.
The substitution of XML entities in configuration files was fixed. This may break your code in very rare cases, as entities were stripped previously.
AgaviIFilter::executeOnce() has been deprecated. The method was a leftover from an early development version of Agavi 0.11 that did not distinguish between global and action filters yet. In almost all cases, if your filter is using this method, you can simply rename it to execute(). If your filter is supposed to be usable both as a global and as an action filter (i.e. by implementing both AgaviIGlobalFilter and AgaviIActionFilter), you can now detect the type of the filter chain the filter is running in by calling AgaviFilterChain::getType().
@@ -387,6 +387,7 @@ public function __construct($path, $environment = null, $context = null)
// AgaviXmlConfigDomDocument has convenience methods!
try {
$this->doc = new AgaviXmlConfigDomDocument();
$this->doc->substituteEntities = true;
} catch(DOMException $dome) {
throw new AgaviParseException(sprintf('Configuration file "%s" could not be parsed: %s', $path, $dome->getMessage()), 0, $dome);
@@ -271,6 +271,7 @@ private static function expandConfiguration($file) {
$doc = new DOMDocument();
$doc->substituteEntities = true;
$xpath = new DOMXPath($doc);
$attributeNodes = $xpath->query('//@*');
@@ -0,0 +1,9 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ae:configurations [
<!ENTITY foo "bar">
<ae:configurations xmlns:ae="">
@@ -55,5 +55,16 @@ public function testParseXincludeEncoding()
$this->assertSame($expected, $actual);
public function testParseEntities()
$RACH = new AgaviReturnArrayConfigHandler();
$document = $this->parseConfiguration(AgaviConfig::get('core.config_dir') . '/tests/entities.xml');
$actual = $this->includeCode($RACH->execute($document));
$expected = array(
'Name' => 'bar',
$this->assertSame($expected, $actual);

0 comments on commit f35b9b8

Please sign in to comment.