Encode ampersands in keys passed to delete_objects() #27
Conversation
SimpleXMLElement addChild($key, $val) doesn't encode ampersands in $val, so any keys with ampersands won't be deleted
|
I'm not sure I understand how this solves the problem. |
|
Looks like the relevant comment on the PHP site was deleted. addChild() escapes "<" and ">", but not "&". Using the assignment operator on an existing node triggers full escaping. The other option is to run the value passed to addChild() through htmlspecialchars(). Now that that comment is gone, this is helpfully not documented in the PHP docs, but it's explained in various places. |
|
Ah, I see. Well, that is good to know! Thanks for the submission. We'll try to get that in as soon as we can. I can't accept the pull request directly due to logistical reasons, but I will close the pull request when the work is done and add you to our manual list of contributors. |
|
I have incorporated this change into my development branch. I will close this pull request when we release a version that contains this change. |
|
Completed in 1.5.7. Thanks again for pointing this out. |
SimpleXMLElement addChild($key, $val) doesn't encode ampersands in $val, so any keys with ampersands won't be deleted. Using the assignment method from http://us.php.net/manual/en/simplexmlelement.addchild.php#107409 fixes this.