Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

wddx_serialize_value() does not escape "&"s #4283

Closed
scfc opened this issue Nov 19, 2014 · 2 comments
Closed

wddx_serialize_value() does not escape "&"s #4283

scfc opened this issue Nov 19, 2014 · 2 comments
Assignees

Comments

@scfc
Copy link

scfc commented Nov 19, 2014

With PHP 5.5.18, the test script:

<?php
$s = wddx_serialize_value("Test for &");
var_dump($s);
$d = wddx_deserialize($s);
var_dump($d);

gives:

string(92) "<wddxPacket version='1.0'><header/><data><string>Test for &amp;</string></data></wddxPacket>"
string(10) "Test for &"

HipHop VM 3.3.1 fails with:

string(88) "<wddxPacket version='1.0'><header/><data><string>Test for &</string></data></wddxPacket>"
Entity: line 1: parser error : xmlParseEntityRef: no name
<wddxPacket version='1.0'><header/><data><string>Test for &</string></data></wdd
                                                           ^
NULL

The "&" needs to be escaped for the resulting WDDX to be valid XML.

@scfc
Copy link
Author

scfc commented Nov 19, 2014

(Downstream WMF bug: https://bugzilla.wikimedia.org/73531.)

@paulbiss
Copy link
Contributor

Fix is up internally D1691695

bd808 pushed a commit to wikimedia/mediawiki that referenced this issue Dec 18, 2014
wddx_serialize_value() fails to escape the ampersand under HHVM. It has
been fixed upstream facebook/hhvm#4283 but
has not been released yet.

When running under HHVM and detecting the ampersand is not escaped, skip
the test..

Bug: T75531
Change-Id: Ia58ec20b4daf78cd90da1bdf8af6cac86015c5d7
bd808 pushed a commit to wikimedia/mediawiki that referenced this issue Dec 18, 2014
wddx_serialize_value() fails to escape the ampersand under HHVM. It has
been fixed upstream facebook/hhvm#4283 but
has not been released yet.

When running under HHVM and detecting the ampersand is not escaped, skip
the test..

Bug: T75531
Change-Id: Ia58ec20b4daf78cd90da1bdf8af6cac86015c5d7
bd808 pushed a commit to wikimedia/mediawiki that referenced this issue Dec 18, 2014
wddx_serialize_value() fails to escape the ampersand under HHVM. It has
been fixed upstream facebook/hhvm#4283 but
has not been released yet.

When running under HHVM and detecting the ampersand is not escaped, skip
the test..

Bug: T75531
Change-Id: Ia58ec20b4daf78cd90da1bdf8af6cac86015c5d7
(cherry picked from commit 82fb734)
paulbiss added a commit that referenced this issue Aug 11, 2015
Summary: Strings returned through wddx_serialize_value should be HTMLEncode()'d during
serialization.

Fixes #4283

{sync, type="child", parent="internal", parentrevid="1691695", parentrevfbid="1537976659780590", parentdiffid="5726084"}

Reviewed By: @JoelMarcey

Differential Revision: D1691695

Signature: t1:1691695:1416530595:722bfcdaf7c0dbee379bea886cd4c43d997ca7dd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants