Encode ampersands in keys passed to delete_objects() #27

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
2 participants

SimpleXMLElement addChild($key, $val) doesn't encode ampersands in $val, so any keys with ampersands won't be deleted. Using the assignment method from http://us.php.net/manual/en/simplexmlelement.addchild.php#107409 fixes this.

@dstillman dstillman Encode ampersands in keys passed to delete_objects()
SimpleXMLElement addChild($key, $val) doesn't encode ampersands in $val, so any keys with ampersands won't be deleted
75a0d2e
Contributor

jeremeamia commented May 18, 2012

I'm not sure I understand how this solves the problem.

Looks like the relevant comment on the PHP site was deleted. addChild() escapes "<" and ">", but not "&". Using the assignment operator on an existing node triggers full escaping. The other option is to run the value passed to addChild() through htmlspecialchars().

Now that that comment is gone, this is helpfully not documented in the PHP docs, but it's explained in various places.

Contributor

jeremeamia commented May 18, 2012

Ah, I see. Well, that is good to know! Thanks for the submission. We'll try to get that in as soon as we can. I can't accept the pull request directly due to logistical reasons, but I will close the pull request when the work is done and add you to our manual list of contributors.

Contributor

jeremeamia commented May 25, 2012

I have incorporated this change into my development branch. I will close this pull request when we release a version that contains this change.

Contributor

jeremeamia commented Jun 12, 2012

Completed in 1.5.7. Thanks again for pointing this out.

jeremeamia closed this Jun 12, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment